app/services/groups/destroy_service.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

# frozen_string_literal: true

module Groups
  class DestroyService < Groups::BaseService
    DestroyError = Class.new(StandardError)

    def async_execute
      job_id = GroupDestroyWorker.perform_async(group.id, current_user.id)
      Gitlab::AppLogger.info("User #{current_user.id} scheduled a deletion of group ID #{group.id} with job ID #{job_id}")
    end

    # rubocop: disable CodeReuse/ActiveRecord
    def execute
      group.prepare_for_destroy

      group.projects.includes(:project_feature).each do |project|
        # Execute the destruction of the models immediately to ensure atomic cleanup.
        success = ::Projects::DestroyService.new(project, current_user).execute
        raise DestroyError, "Project #{project.id} can't be deleted" unless success
      end

      # reload the relation to prevent triggering destroy hooks on the projects again
      group.projects.reset

      group.children.each do |group|
        # This needs to be synchronous since the namespace gets destroyed below
        DestroyService.new(group, current_user).execute
      end

      group.chat_team&.remove_mattermost_team(current_user)

      # If any other groups are shared with the group that is being destroyed,
      # we should specifically trigger update of all project authorizations
      # for users that are the members of this group.
      # If not, the project authorization records of these users to projects within the shared groups
      # will never be removed, causing inconsistencies with access permissions.
      if any_other_groups_are_shared_with_this_group?
        user_ids_for_project_authorizations_refresh = group.user_ids_for_project_authorizations
      end

      group.destroy

      if user_ids_for_project_authorizations_refresh.present?
        UserProjectAccessChangedService
          .new(user_ids_for_project_authorizations_refresh)
          .execute(blocking: true)
      end

      group
    end
    # rubocop: enable CodeReuse/ActiveRecord

    private

    def any_other_groups_are_shared_with_this_group?
      group.shared_group_links.any?
    end
  end
end

Groups::DestroyService.prepend_if_ee('EE::Groups::DestroyService')