1 files changed, 22 insertions, 4 deletions

diff --git a/app/models/user.rb b/app/models/user.rb
index d0e758b0055..18bf5ceaa0e 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -110,6 +110,10 @@ class User < ApplicationRecord
            through: :group_members,
            source: :group
   alias_attribute :masters_groups, :maintainers_groups
+  has_many :reporter_developer_maintainer_owned_groups,
+           -> { where(members: { access_level: [Gitlab::Access::REPORTER, Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER, Gitlab::Access::OWNER] }) },
+           through: :group_members,
+           source: :group
 
   # Projects
   has_many :groups_projects,          through: :groups, source: :projects
@@ -310,6 +314,13 @@ class User < ApplicationRecord
   scope :with_dashboard, -> (dashboard) { where(dashboard: dashboard) }
   scope :with_public_profile, -> { where(private_profile: false) }
 
+  scope :with_expiring_and_not_notified_personal_access_tokens, ->(at) do
+    where('EXISTS (?)',
+          ::PersonalAccessToken
+            .where('personal_access_tokens.user_id = users.id')
+            .expiring_and_not_notified(at).select(1))
+  end
+
   def self.with_visible_profile(user)
     return with_public_profile if user.nil?
 
@@ -370,6 +381,11 @@ class User < ApplicationRecord
   # Class methods
   #
   class << self
+    # Devise method overridden to allow support for dynamic password lengths
+    def password_length
+      Gitlab::CurrentSettings.minimum_password_length..Devise.password_length.max
+    end
+
     # Devise method overridden to allow sign in with email or username
     def find_for_database_authentication(warden_conditions)
       conditions = warden_conditions.dup
@@ -989,8 +1005,12 @@ class User < ApplicationRecord
     @ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"])
   end
 
+  def matches_identity?(provider, extern_uid)
+    identities.where(provider: provider, extern_uid: extern_uid).exists?
+  end
+
   def project_deploy_keys
-    DeployKey.in_projects(authorized_projects.select(:id)).distinct(:id)
+    @project_deploy_keys ||= DeployKey.in_projects(authorized_projects.select(:id)).distinct(:id)
   end
 
   def highest_role
@@ -1453,9 +1473,7 @@ class User < ApplicationRecord
     self.admin = (new_level == 'admin')
   end
 
-  # Does the user have access to all private groups & projects?
-  # Overridden in EE to also check auditor?
-  def full_private_access?
+  def can_read_all_resources?
     can?(:read_all_resources)
   end