diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-18 10:34:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-18 10:34:06 +0000 |
commit | 859a6fb938bb9ee2a317c46dfa4fcc1af49608f0 (patch) | |
tree | d7f2700abe6b4ffcb2dcfc80631b2d87d0609239 /app/services/users | |
parent | 446d496a6d000c73a304be52587cd9bbc7493136 (diff) | |
download | gitlab-ce-859a6fb938bb9ee2a317c46dfa4fcc1af49608f0.tar.gz |
Add latest changes from gitlab-org/gitlab@13-9-stable-eev13.9.0-rc42
Diffstat (limited to 'app/services/users')
-rw-r--r-- | app/services/users/approve_service.rb | 8 | ||||
-rw-r--r-- | app/services/users/batch_status_cleaner_service.rb | 22 | ||||
-rw-r--r-- | app/services/users/refresh_authorized_projects_service.rb | 14 | ||||
-rw-r--r-- | app/services/users/reject_service.rb | 14 |
4 files changed, 54 insertions, 4 deletions
diff --git a/app/services/users/approve_service.rb b/app/services/users/approve_service.rb index debd1e8cd17..fea7fc55d90 100644 --- a/app/services/users/approve_service.rb +++ b/app/services/users/approve_service.rb @@ -8,8 +8,7 @@ module Users def execute(user) return error(_('You are not allowed to approve a user'), :forbidden) unless allowed? - return error(_('The user you are trying to approve is not pending an approval'), :conflict) if user.active? - return error(_('The user you are trying to approve is not pending an approval'), :conflict) unless approval_required?(user) + return error(_('The user you are trying to approve is not pending approval'), :conflict) if user.active? || !approval_required?(user) if user.activate # Resends confirmation email if the user isn't confirmed yet. @@ -18,6 +17,7 @@ module Users user.accept_pending_invitations! if user.active_for_authentication? DeviseMailer.user_admin_approval(user).deliver_later + log_event(user) after_approve_hook(user) success(message: 'Success', http_status: :created) else @@ -40,6 +40,10 @@ module Users def approval_required?(user) user.blocked_pending_approval? end + + def log_event(user) + Gitlab::AppLogger.info(message: "User instance access request approved", user: "#{user.username}", email: "#{user.email}", approved_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}") + end end end diff --git a/app/services/users/batch_status_cleaner_service.rb b/app/services/users/batch_status_cleaner_service.rb new file mode 100644 index 00000000000..ea6142f13cc --- /dev/null +++ b/app/services/users/batch_status_cleaner_service.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +module Users + class BatchStatusCleanerService + BATCH_SIZE = 100.freeze + + # Cleanup BATCH_SIZE user_statuses records + # rubocop: disable CodeReuse/ActiveRecord + def self.execute(batch_size: BATCH_SIZE) + scope = UserStatus + .select(:user_id) + .scheduled_for_cleanup + .lock('FOR UPDATE SKIP LOCKED') + .limit(batch_size) + + deleted_rows = UserStatus.where(user_id: scope).delete_all + + { deleted_rows: deleted_rows } + end + # rubocop: enable CodeReuse/ActiveRecord + end +end diff --git a/app/services/users/refresh_authorized_projects_service.rb b/app/services/users/refresh_authorized_projects_service.rb index d0939d5a542..24e3fb73370 100644 --- a/app/services/users/refresh_authorized_projects_service.rb +++ b/app/services/users/refresh_authorized_projects_service.rb @@ -14,13 +14,14 @@ module Users # service = Users::RefreshAuthorizedProjectsService.new(some_user) # service.execute class RefreshAuthorizedProjectsService - attr_reader :user + attr_reader :user, :source LEASE_TIMEOUT = 1.minute.to_i # user - The User for which to refresh the authorized projects. - def initialize(user, incorrect_auth_found_callback: nil, missing_auth_found_callback: nil) + def initialize(user, source: nil, incorrect_auth_found_callback: nil, missing_auth_found_callback: nil) @user = user + @source = source @incorrect_auth_found_callback = incorrect_auth_found_callback @missing_auth_found_callback = missing_auth_found_callback @@ -91,6 +92,8 @@ module Users # remove - The IDs of the authorization rows to remove. # add - Rows to insert in the form `[user id, project id, access level]` def update_authorizations(remove = [], add = []) + log_refresh_details(remove.length, add.length) + User.transaction do user.remove_project_authorizations(remove) unless remove.empty? ProjectAuthorization.insert_authorizations(add) unless add.empty? @@ -101,6 +104,13 @@ module Users user.reset end + def log_refresh_details(rows_deleted, rows_added) + Gitlab::AppJsonLogger.info(event: 'authorized_projects_refresh', + 'authorized_projects_refresh.source': source, + 'authorized_projects_refresh.rows_deleted': rows_deleted, + 'authorized_projects_refresh.rows_added': rows_added) + end + def fresh_access_levels_per_project fresh_authorizations.each_with_object({}) do |row, hash| hash[row.project_id] = row.access_level diff --git a/app/services/users/reject_service.rb b/app/services/users/reject_service.rb index dd72547c688..0e3eb3e5dde 100644 --- a/app/services/users/reject_service.rb +++ b/app/services/users/reject_service.rb @@ -12,8 +12,12 @@ module Users user.delete_async(deleted_by: current_user, params: { hard_delete: true }) + after_reject_hook(user) + NotificationService.new.user_admin_rejection(user.name, user.email) + log_event(user) + success end @@ -24,5 +28,15 @@ module Users def allowed? can?(current_user, :reject_user) end + + def after_reject_hook(user) + # overridden by EE module + end + + def log_event(user) + Gitlab::AppLogger.info(message: "User instance access request rejected", user: "#{user.username}", email: "#{user.email}", rejected_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}") + end end end + +Users::RejectService.prepend_if_ee('EE::Users::RejectService') |