summaryrefslogtreecommitdiff
path: root/app/models/user.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/user.rb')
-rw-r--r--app/models/user.rb49
1 files changed, 32 insertions, 17 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 6e66c587a1f..7935b89662b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -47,6 +47,11 @@ class User < ActiveRecord::Base
devise :lockable, :recoverable, :rememberable, :trackable,
:validatable, :omniauthable, :confirmable, :registerable
+ # devise overrides #inspect, so we manually use the Referable one
+ def inspect
+ referable_inspect
+ end
+
# Override Devise::Models::Trackable#update_tracked_fields!
# to limit database writes to at most once every hour
def update_tracked_fields!(request)
@@ -143,6 +148,8 @@ class User < ActiveRecord::Base
uniqueness: { case_sensitive: false }
validate :namespace_uniq, if: :username_changed?
+ validate :namespace_move_dir_allowed, if: :username_changed?
+
validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
validate :unique_email, if: :email_changed?
validate :owns_notification_email, if: :notification_email_changed?
@@ -482,6 +489,12 @@ class User < ActiveRecord::Base
end
end
+ def namespace_move_dir_allowed
+ if namespace&.any_project_has_container_registry_tags?
+ errors.add(:username, 'cannot be changed if a personal project has container registry tags.')
+ end
+ end
+
def avatar_type
unless avatar.image?
errors.add :avatar, "only images allowed"
@@ -523,7 +536,7 @@ class User < ActiveRecord::Base
union = Gitlab::SQL::Union
.new([groups.select(:id), authorized_projects.select(:namespace_id)])
- Group.where("namespaces.id IN (#{union.to_sql})")
+ Group.where("namespaces.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
end
# Returns a relation of groups the user has access to, including their parent
@@ -627,7 +640,11 @@ class User < ActiveRecord::Base
end
def projects_limit_left
- projects_limit - personal_projects.count
+ projects_limit - personal_projects_count
+ end
+
+ def personal_projects_count
+ @personal_projects_count ||= personal_projects.count
end
def projects_limit_percent
@@ -641,16 +658,14 @@ class User < ActiveRecord::Base
events = events.where(project_id: project_ids) if project_ids
# Use the latest event that has not been pushed or merged recently
- events.recent.find do |event|
- project = Project.find_by_id(event.project_id)
- next unless project
-
- if project.repository.branch_exists?(event.branch_name)
- merge_requests = MergeRequest.where("created_at >= ?", event.created_at)
- .where(source_project_id: project.id,
- source_branch: event.branch_name)
- merge_requests.empty?
- end
+ events.includes(:project).recent.find do |event|
+ next unless event.project.repository.branch_exists?(event.branch_name)
+
+ merge_requests = MergeRequest.where("created_at >= ?", event.created_at)
+ .where(source_project_id: event.project.id,
+ source_branch: event.branch_name)
+
+ merge_requests.empty?
end
end
@@ -712,8 +727,8 @@ class User < ActiveRecord::Base
def sanitize_attrs
%w[username skype linkedin twitter].each do |attr|
- value = public_send(attr)
- public_send("#{attr}=", Sanitize.clean(value)) if value.present?
+ value = public_send(attr) # rubocop:disable GitlabSecurity/PublicSend
+ public_send("#{attr}=", Sanitize.clean(value)) if value.present? # rubocop:disable GitlabSecurity/PublicSend
end
end
@@ -772,7 +787,7 @@ class User < ActiveRecord::Base
def with_defaults
User.defaults.each do |k, v|
- public_send("#{k}=", v)
+ public_send("#{k}=", v) # rubocop:disable GitlabSecurity/PublicSend
end
self
@@ -818,7 +833,7 @@ class User < ActiveRecord::Base
{
name: name,
username: username,
- avatar_url: avatar_url
+ avatar_url: avatar_url(only_path: false)
}
end
@@ -912,7 +927,7 @@ class User < ActiveRecord::Base
def ci_authorized_runners
@ci_authorized_runners ||= begin
runner_ids = Ci::RunnerProject
- .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})")
+ .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
.select(:runner_id)
Ci::Runner.specific.where(id: runner_ids)
end
View Lorry Controller Status