diff options
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/error_tracking/list_projects_service.rb | 4 | ||||
-rw-r--r-- | app/services/projects/operations/update_service.rb | 2 | ||||
-rw-r--r-- | app/services/users/deactivate_service.rb | 65 |
3 files changed, 67 insertions, 4 deletions
diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb index d52306ef805..35a8179d54d 100644 --- a/app/services/error_tracking/list_projects_service.rb +++ b/app/services/error_tracking/list_projects_service.rb @@ -2,8 +2,6 @@ module ErrorTracking class ListProjectsService < ErrorTracking::BaseService - MASKED_TOKEN_REGEX = /\A\*+\z/.freeze - private def perform @@ -46,7 +44,7 @@ module ErrorTracking end def masked_token? - MASKED_TOKEN_REGEX.match?(params[:token]) + ErrorTracking::SentryClient::Token.masked_token?(params[:token]) end end end diff --git a/app/services/projects/operations/update_service.rb b/app/services/projects/operations/update_service.rb index b2166dc84c7..d0bef9da329 100644 --- a/app/services/projects/operations/update_service.rb +++ b/app/services/projects/operations/update_service.rb @@ -93,7 +93,7 @@ module Projects sentry_project_id: settings.dig(:project, :sentry_project_id) } } - params[:error_tracking_setting_attributes][:token] = settings[:token] unless /\A\*+\z/.match?(settings[:token]) # Don't update token if we receive masked value + params[:error_tracking_setting_attributes][:token] = settings[:token] unless ::ErrorTracking::SentryClient::Token.masked_token?(settings[:token]) # Don't update token if we receive masked value params[:error_tracking_setting_attributes][:integrated] = settings[:integrated] unless settings[:integrated].nil? params diff --git a/app/services/users/deactivate_service.rb b/app/services/users/deactivate_service.rb new file mode 100644 index 00000000000..e69ce13d3cc --- /dev/null +++ b/app/services/users/deactivate_service.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +module Users + class DeactivateService < BaseService + def initialize(current_user, skip_authorization: false) + @current_user = current_user + @skip_authorization = skip_authorization + end + + def execute(user) + unless allowed? + return ::ServiceResponse.error(message: _('You are not authorized to perform this action'), + reason: :forbidden) + end + + if user.blocked? + return ::ServiceResponse.error(message: _('Error occurred. A blocked user cannot be deactivated'), + reason: :forbidden) + end + + if user.internal? + return ::ServiceResponse.error(message: _('Internal users cannot be deactivated'), + reason: :forbidden) + end + + return ::ServiceResponse.success(message: _('User has already been deactivated')) if user.deactivated? + + unless user.can_be_deactivated? + message = _( + 'The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days ' \ + 'and cannot be deactivated') + + deactivation_error_message = format(message, + minimum_inactive_days: Gitlab::CurrentSettings.deactivate_dormant_users_period) + return ::ServiceResponse.error(message: deactivation_error_message, reason: :forbidden) + end + + unless user.deactivate + return ::ServiceResponse.error(message: user.errors.full_messages.to_sentence, + reason: :bad_request) + end + + log_event(user) + + ::ServiceResponse.success + end + + private + + attr_reader :current_user + + def allowed? + return true if @skip_authorization + + can?(current_user, :admin_all_resources) + end + + def log_event(user) + Gitlab::AppLogger.info(message: 'User deactivated', user: user.username.to_s, email: user.email.to_s, + deactivated_by: current_user.username.to_s, ip_address: current_user.current_sign_in_ip.to_s) + end + end +end + +Users::DeactivateService.prepend_mod_with('Users::DeactivateService') |