summaryrefslogtreecommitdiff
path: root/app/models/user.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/user.rb')
-rw-r--r--app/models/user.rb50
1 files changed, 36 insertions, 14 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 0a784b30d8f..ef77e207215 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -64,14 +64,7 @@ class User < ApplicationRecord
# and should be added after Devise modules are initialized.
include AsyncDeviseEmail
- BLOCKED_MESSAGE = "Your account has been blocked. Please contact your GitLab " \
- "administrator if you think this is an error."
- LOGIN_FORBIDDEN = "Your account does not have the required permission to login. Please contact your GitLab " \
- "administrator if you think this is an error."
-
- MINIMUM_INACTIVE_DAYS = 180
-
- ignore_column :bio, remove_with: '13.4', remove_after: '2020-09-22'
+ MINIMUM_INACTIVE_DAYS = 90
# Override Devise::Models::Trackable#update_tracked_fields!
# to limit database writes to at most once every hour
@@ -134,6 +127,8 @@ class User < ApplicationRecord
-> { where(members: { access_level: [Gitlab::Access::REPORTER, Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER, Gitlab::Access::OWNER] }) },
through: :group_members,
source: :group
+ has_many :minimal_access_group_members, -> { where(access_level: [Gitlab::Access::MINIMAL_ACCESS]) }, source: 'GroupMember', class_name: 'GroupMember'
+ has_many :minimal_access_groups, through: :minimal_access_group_members, source: :group
# Projects
has_many :groups_projects, through: :groups, source: :projects
@@ -172,6 +167,8 @@ class User < ApplicationRecord
has_many :assigned_issues, class_name: "Issue", through: :issue_assignees, source: :issue
has_many :assigned_merge_requests, class_name: "MergeRequest", through: :merge_request_assignees, source: :merge_request
+ has_many :bulk_imports
+
has_many :custom_attributes, class_name: 'UserCustomAttribute'
has_many :callouts, class_name: 'UserCallout'
has_many :term_agreements
@@ -298,6 +295,7 @@ class User < ApplicationRecord
transition active: :blocked
transition deactivated: :blocked
transition ldap_blocked: :blocked
+ transition blocked_pending_approval: :blocked
end
event :ldap_block do
@@ -309,13 +307,18 @@ class User < ApplicationRecord
transition deactivated: :active
transition blocked: :active
transition ldap_blocked: :active
+ transition blocked_pending_approval: :active
+ end
+
+ event :block_pending_approval do
+ transition active: :blocked_pending_approval
end
event :deactivate do
transition active: :deactivated
end
- state :blocked, :ldap_blocked do
+ state :blocked, :ldap_blocked, :blocked_pending_approval do
def blocked?
true
end
@@ -339,6 +342,7 @@ class User < ApplicationRecord
# Scopes
scope :admins, -> { where(admin: true) }
scope :blocked, -> { with_states(:blocked, :ldap_blocked) }
+ scope :blocked_pending_approval, -> { with_states(:blocked_pending_approval) }
scope :external, -> { where(external: true) }
scope :confirmed, -> { where.not(confirmed_at: nil) }
scope :active, -> { with_state(:active).non_internal }
@@ -381,11 +385,14 @@ class User < ApplicationRecord
super && can?(:log_in)
end
+ # The messages for these keys are defined in `devise.en.yml`
def inactive_message
- if blocked?
- BLOCKED_MESSAGE
+ if blocked_pending_approval?
+ :blocked_pending_approval
+ elsif blocked?
+ :blocked
elsif internal?
- LOGIN_FORBIDDEN
+ :forbidden
else
super
end
@@ -535,6 +542,8 @@ class User < ApplicationRecord
admins
when 'blocked'
blocked
+ when 'blocked_pending_approval'
+ blocked_pending_approval
when 'two_factor_disabled'
without_two_factor
when 'two_factor_enabled'
@@ -687,6 +696,17 @@ class User < ApplicationRecord
end
end
+ def security_bot
+ email_pattern = "security-bot%s@#{Settings.gitlab.host}"
+
+ unique_internal(where(user_type: :security_bot), 'GitLab-Security-Bot', email_pattern) do |u|
+ u.bio = 'System bot that monitors detected vulnerabilities for solutions and creates merge requests with the fixes.'
+ u.name = 'GitLab Security Bot'
+ u.website_url = Gitlab::Routing.url_helpers.help_page_url('user/application_security/security_bot/index.md')
+ u.avatar = bot_avatar(image: 'security-bot.png')
+ end
+ end
+
def support_bot
email_pattern = "support%s@#{Settings.gitlab.host}"
@@ -773,7 +793,7 @@ class User < ApplicationRecord
end
def two_factor_otp_enabled?
- otp_required_for_login?
+ otp_required_for_login? || Feature.enabled?(:forti_authenticator, self)
end
def two_factor_u2f_enabled?
@@ -1676,6 +1696,8 @@ class User < ApplicationRecord
end
def terms_accepted?
+ return true if project_bot?
+
accepted_term_id.present?
end
@@ -1706,7 +1728,7 @@ class User < ApplicationRecord
end
def can_be_deactivated?
- active? && no_recent_activity?
+ active? && no_recent_activity? && !internal?
end
def last_active_at