Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-20 11:10:13 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-20 11:10:13 +0000
commit: 0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch)
tree: 7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /app/models/members
parent: 72123183a20411a36d607d70b12d57c484394c8e (diff)
download: gitlab-ce-0ea3fcec397b69815975647f5e2aa5fe944a8486.tar.gz
3 files changed, 48 insertions, 5 deletions
diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb
index a8a4fbedc41..87af6a9a7f7 100644
--- a/app/models/members/group_member.rb
+++ b/app/models/members/group_member.rb
@@ -7,6 +7,7 @@ class GroupMember < Member
 
   SOURCE_TYPE = 'Namespace'
   SOURCE_TYPE_FORMAT = /\ANamespace\z/.freeze
+  THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS = 1000
 
   belongs_to :group, foreign_key: 'source_id'
   alias_attribute :namespace_id, :source_id
@@ -28,6 +29,12 @@ class GroupMember < Member
 
   attr_accessor :last_owner, :last_blocked_owner
 
+  # For those who get to see a modal with a role dropdown, here are the options presented
+  def self.permissible_access_level_roles(_, _)
+    # This method is a stopgap in preparation for https://gitlab.com/gitlab-org/gitlab/-/issues/364087
+    access_level_roles
+  end
+
   def self.access_level_roles
     Gitlab::Access.options_with_owner
   end
@@ -60,8 +67,28 @@ class GroupMember < Member
     # its projects are also destroyed, so the removal of project_authorizations
     # will happen behind the scenes via DB foreign keys anyway.
     return if destroyed_by_association.present?
+    return unless user_id
+    return super if Feature.disabled?(:refresh_authorizations_via_affected_projects_on_group_membership, group)
 
-    super
+    # rubocop:disable CodeReuse/ServiceClass
+    projects_to_refresh = Groups::ProjectsRequiringAuthorizationsRefresh::OnDirectMembershipFinder.new(group).execute
+    threshold_exceeded = (projects_to_refresh.size > THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS)
+
+    # We want to try the new approach only if the number of affected projects are greater than the set threshold.
+    return super unless threshold_exceeded
+
+    AuthorizedProjectUpdate::ProjectAccessChangedService
+      .new(projects_to_refresh)
+      .execute(blocking: false)
+
+    # Until we compare the inconsistency rates of the new approach
+    # the old approach, we still run AuthorizedProjectsWorker
+    # but with some delay and lower urgency as a safety net.
+    UserProjectAccessChangedService
+      .new(user_id)
+      .execute(blocking: false, priority: UserProjectAccessChangedService::LOW_PRIORITY)
+
+    # rubocop:enable CodeReuse/ServiceClass
   end
 
   def send_invite
@@ -91,7 +118,10 @@ class GroupMember < Member
   end
 
   def after_accept_invite
-    notification_service.accept_group_invite(self)
+    run_after_commit_or_now do
+      notification_service.accept_group_invite(self)
+    end
+
     update_two_factor_requirement
 
     super
diff --git a/app/models/members/last_group_owner_assigner.rb b/app/models/members/last_group_owner_assigner.rb
index dcf0a2d0ad3..c85116858c7 100644
--- a/app/models/members/last_group_owner_assigner.rb
+++ b/app/models/members/last_group_owner_assigner.rb
@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+# Optimization class to fix group member n+1 queries
 class LastGroupOwnerAssigner
   def initialize(group, members)
     @group = group
@@ -39,6 +40,6 @@ class LastGroupOwnerAssigner
   end
 
   def owners
-    @owners ||= group.members_with_parents.owners.load
+    @owners ||= group.all_owners_excluding_project_bots.load
   end
 end
diff --git a/app/models/members/project_member.rb b/app/models/members/project_member.rb
index 995c26d7221..791cb6f0dff 100644
--- a/app/models/members/project_member.rb
+++ b/app/models/members/project_member.rb
@@ -44,7 +44,7 @@ class ProjectMember < Member
         project_ids.each do |project_id|
           project = Project.find(project_id)
 
-          Members::Projects::BulkCreatorService.add_users( # rubocop:disable CodeReuse/ServiceClass
+          Members::Projects::CreatorService.add_users( # rubocop:disable CodeReuse/ServiceClass
             project,
             users,
             access_level,
@@ -73,6 +73,16 @@ class ProjectMember < Member
       truncate_teams [project.id]
     end
 
+    # For those who get to see a modal with a role dropdown, here are the options presented
+    def permissible_access_level_roles(current_user, project)
+      # This method is a stopgap in preparation for https://gitlab.com/gitlab-org/gitlab/-/issues/364087
+      if Ability.allowed?(current_user, :manage_owners, project)
+        Gitlab::Access.options_with_owner
+      else
+        ProjectMember.access_level_roles
+      end
+    end
+
     def access_level_roles
       Gitlab::Access.options
     end
@@ -158,7 +168,9 @@ class ProjectMember < Member
   end
 
   def after_accept_invite
-    notification_service.accept_project_invite(self)
+    run_after_commit_or_now do
+      notification_service.accept_project_invite(self)
+    end
 
     super
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-20 11:10:13 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-20 11:10:13 +0000
commit	0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch)
tree	7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /app/models/members
parent	72123183a20411a36d607d70b12d57c484394c8e (diff)
download	gitlab-ce-0ea3fcec397b69815975647f5e2aa5fe944a8486.tar.gz