Merge branch 'worker-for-user-deletion' into 'master'

A worker deletes a user, so the request doesn't time out

Fixes #13261


See merge request !2855

10 files changed, 117 insertions, 26 deletions

diff --git a/CHANGELOG b/CHANGELOG
index b83940d2f16..dc8c7040386 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -39,6 +39,7 @@ v 8.6.0 (unreleased)
   - Add ability to show archived projects on dashboard, explore and group pages
   - Move group activity to separate page
   - Continue parameters are checked to ensure redirection goes to the same instance
+  - User deletion is now done in the background so the request can not time out
 
 v 8.5.7
   - Bump Git version requirement to 2.7.3
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb
index 2463cfa87be..e9b0972bdd8 100644
--- a/app/controllers/admin/abuse_reports_controller.rb
+++ b/app/controllers/admin/abuse_reports_controller.rb
@@ -6,7 +6,7 @@ class Admin::AbuseReportsController < Admin::ApplicationController
   def destroy
     abuse_report = AbuseReport.find(params[:id])
 
-    abuse_report.remove_user if params[:remove_user]
+    abuse_report.remove_user(deleted_by: current_user) if params[:remove_user]
     abuse_report.destroy
 
     render nothing: true
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 87f4fb455b8..3063d299b1a 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -119,10 +119,10 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def destroy
-    DeleteUserService.new(current_user).execute(user)
+    DeleteUserWorker.perform_async(current_user.id, user.id)
 
     respond_to do |format|
-      format.html { redirect_to admin_users_path }
+      format.html { redirect_to admin_users_path, notice: "The user is being deleted." }
       format.json { head :ok }
     end
   end
diff --git a/app/models/abuse_report.rb b/app/models/abuse_report.rb
index cc59aa4e911..b61f5123127 100644
--- a/app/models/abuse_report.rb
+++ b/app/models/abuse_report.rb
@@ -19,9 +19,9 @@ class AbuseReport < ActiveRecord::Base
   validates :message, presence: true
   validates :user_id, uniqueness: { message: 'has already been reported' }
 
-  def remove_user
+  def remove_user(deleted_by:)
     user.block
-    user.destroy
+    DeleteUserWorker.perform_async(deleted_by.id, user.id, delete_solo_owned_groups: true)
   end
 
   def notify
diff --git a/app/services/delete_user_service.rb b/app/services/delete_user_service.rb
index 173e50c9206..ce79287e35a 100644
--- a/app/services/delete_user_service.rb
+++ b/app/services/delete_user_service.rb
@@ -5,18 +5,22 @@ class DeleteUserService
     @current_user = current_user
   end
 
-  def execute(user)
-    if user.solo_owned_groups.present?
+  def execute(user, options = {})
+    if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?
       user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'
-      user
-    else
-      user.personal_projects.each do |project|
-        # Skip repository removal because we remove directory with namespace
-        # that contain all this repositories
-        ::Projects::DestroyService.new(project, current_user, skip_repo: true).pending_delete!
-      end
+      return user
+    end
+
+    user.solo_owned_groups.each do |group|
+      DestroyGroupService.new(group, current_user).execute
+    end
 
-      user.destroy
+    user.personal_projects.each do |project|
+      # Skip repository removal because we remove directory with namespace
+      # that contain all this repositories
+      ::Projects::DestroyService.new(project, current_user, skip_repo: true).pending_delete!
     end
+
+    user.destroy
   end
 end
diff --git a/app/services/destroy_group_service.rb b/app/services/destroy_group_service.rb
index 9189de390a2..3c42ac61be4 100644
--- a/app/services/destroy_group_service.rb
+++ b/app/services/destroy_group_service.rb
@@ -6,12 +6,12 @@ class DestroyGroupService
   end
 
   def execute
-    @group.projects.each do |project|
+    group.projects.each do |project|
       # Skip repository removal because we remove directory with namespace
       # that contain all this repositories
       ::Projects::DestroyService.new(project, current_user, skip_repo: true).pending_delete!
     end
 
-    @group.destroy
+    group.destroy
   end
 end
diff --git a/app/workers/delete_user_worker.rb b/app/workers/delete_user_worker.rb
new file mode 100644
index 00000000000..6ff361e4d80
--- /dev/null
+++ b/app/workers/delete_user_worker.rb
@@ -0,0 +1,10 @@
+class DeleteUserWorker
+  include Sidekiq::Worker
+
+  def perform(current_user_id, delete_user_id, options = {})
+    delete_user  = User.find(delete_user_id)
+    current_user = User.find(current_user_id)
+
+    DeleteUserService.new(current_user).execute(delete_user, options.symbolize_keys)
+  end
+end
diff --git a/spec/models/abuse_report_spec.rb b/spec/models/abuse_report_spec.rb
index 4799bbaa57c..ac12ab6c757 100644
--- a/spec/models/abuse_report_spec.rb
+++ b/spec/models/abuse_report_spec.rb
@@ -13,7 +13,8 @@
 require 'rails_helper'
 
 RSpec.describe AbuseReport, type: :model do
-  subject { create(:abuse_report) }
+  subject     { create(:abuse_report) }
+  let(:user)  { create(:user) }
 
   it { expect(subject).to be_valid }
 
@@ -31,17 +32,14 @@ RSpec.describe AbuseReport, type: :model do
 
   describe '#remove_user' do
     it 'blocks the user' do
-      report = build(:abuse_report)
-
-      allow(report.user).to receive(:destroy)
-
-      expect { report.remove_user }.to change { report.user.blocked? }.to(true)
+      expect { subject.remove_user(deleted_by: user) }.to change { subject.user.blocked? }.to(true)
     end
 
-    it 'removes the user' do
-      report = build(:abuse_report)
+    it 'lets a worker delete the user' do
+      expect(DeleteUserWorker).to receive(:perform_async).with(user.id, subject.user.id,
+                                                              delete_solo_owned_groups: true)
 
-      expect { report.remove_user }.to change { User.count }.by(-1)
+      subject.remove_user(deleted_by: user)
     end
   end
 
diff --git a/spec/services/delete_user_service_spec.rb b/spec/services/delete_user_service_spec.rb
new file mode 100644
index 00000000000..a65938fa03b
--- /dev/null
+++ b/spec/services/delete_user_service_spec.rb
@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe DeleteUserService, services: true do
+  describe "Deletes a user and all their personal projects" do
+    let!(:user)         { create(:user) }
+    let!(:current_user) { create(:user) }
+    let!(:namespace)    { create(:namespace, owner: user) }
+    let!(:project)      { create(:project, namespace: namespace) }
+
+    context 'no options are given' do
+      it 'deletes the user' do
+        DeleteUserService.new(current_user).execute(user)
+
+        expect { User.find(user.id)       }.to  raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it 'will delete the project in the near future' do
+        expect_any_instance_of(Projects::DestroyService).to receive(:pending_delete!).once
+
+        DeleteUserService.new(current_user).execute(user)
+      end
+    end
+
+    context "solo owned groups present" do
+      let(:solo_owned)  { create(:group) }
+      let(:member)      { create(:group_member) }
+      let(:user)        { member.user }
+
+      before do
+        solo_owned.group_members = [member]
+        DeleteUserService.new(current_user).execute(user)
+      end
+
+      it 'does not delete the user' do
+        expect(User.find(user.id)).to eq user
+      end
+    end
+
+    context "deletions with solo owned groups" do
+      let(:solo_owned)      { create(:group) }
+      let(:member)          { create(:group_member) }
+      let(:user)            { member.user }
+
+      before do
+        solo_owned.group_members = [member]
+        DeleteUserService.new(current_user).execute(user, delete_solo_owned_groups: true)
+      end
+
+      it 'deletes solo owned groups' do
+        expect { Project.find(solo_owned.id) }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it 'deletes the user' do
+        expect { User.find(user.id) }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end
diff --git a/spec/workers/delete_user_worker_spec.rb b/spec/workers/delete_user_worker_spec.rb
new file mode 100644
index 00000000000..14c56521280
--- /dev/null
+++ b/spec/workers/delete_user_worker_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe DeleteUserWorker do
+  let!(:user)         { create(:user) }
+  let!(:current_user) { create(:user) }
+
+  it "calls the DeleteUserWorker with the params it was given" do
+    expect_any_instance_of(DeleteUserService).to receive(:execute).
+                                                      with(user, {})
+
+    DeleteUserWorker.new.perform(current_user.id, user.id)
+  end
+
+  it "uses symbolized keys" do
+    expect_any_instance_of(DeleteUserService).to receive(:execute).
+                                                      with(user, test: "test")
+
+    DeleteUserWorker.new.perform(current_user.id, user.id, "test" => "test")
+  end
+end