diff options
Diffstat (limited to 'app/services/members/destroy_service.rb')
-rw-r--r-- | app/services/members/destroy_service.rb | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/app/services/members/destroy_service.rb b/app/services/members/destroy_service.rb index b77485ce744..e432016795d 100644 --- a/app/services/members/destroy_service.rb +++ b/app/services/members/destroy_service.rb @@ -4,7 +4,15 @@ module Members class DestroyService < Members::BaseService include Gitlab::ExclusiveLeaseHelpers - def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false) + def execute( + member, + skip_authorization: false, + skip_subresources: false, + unassign_issuables: false, + destroy_bot: false, + skip_saml_identity: false + ) + unless skip_authorization raise Gitlab::Access::AccessDeniedError unless authorized?(member, destroy_bot) @@ -15,10 +23,10 @@ module Members @skip_auth = skip_authorization if a_group_owner?(member) - process_destroy_of_group_owner_member(member, skip_subresources) + process_destroy_of_group_owner_member(member, skip_subresources, skip_saml_identity) else destroy_member(member) - destroy_data_related_to_member(member, skip_subresources) + destroy_data_related_to_member(member, skip_subresources, skip_saml_identity) end enqueue_jobs_that_needs_to_be_run_only_once_per_hierarchy(member, unassign_issuables) @@ -47,7 +55,7 @@ module Members @recursive_call == true end - def process_destroy_of_group_owner_member(member, skip_subresources) + def process_destroy_of_group_owner_member(member, skip_subresources, skip_saml_identity) # Deleting 2 different group owners via the API in quick succession could lead to # wrong results for the `last_owner?` check due to race conditions. To prevent this # we wrap both the last_owner? check and the deletes of owners within a lock. @@ -61,23 +69,23 @@ module Members end # deletion of related data does not have to be within the lock. - destroy_data_related_to_member(member, skip_subresources) unless last_group_owner + destroy_data_related_to_member(member, skip_subresources, skip_saml_identity) unless last_group_owner end def destroy_member(member) member.destroy end - def destroy_data_related_to_member(member, skip_subresources) + def destroy_data_related_to_member(member, skip_subresources, skip_saml_identity) member.user&.invalidate_cache_counts - delete_member_associations(member, skip_subresources) + delete_member_associations(member, skip_subresources, skip_saml_identity) end def a_group_owner?(member) member.is_a?(GroupMember) && member.owner? end - def delete_member_associations(member, skip_subresources) + def delete_member_associations(member, skip_subresources, skip_saml_identity) if member.request? && member.user != current_user notification_service.decline_access_request(member) end @@ -86,7 +94,7 @@ module Members delete_project_invitations_by(member) unless skip_subresources resolve_access_request_todos(member) - after_execute(member: member) + after_execute(member: member, skip_saml_identity: skip_saml_identity) end def authorized?(member, destroy_bot) |