summaryrefslogtreecommitdiff
path: root/app/services/members/create_service.rb
blob: 38bebc1d09de79eb25089aec968f65d50bbe7e28 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# frozen_string_literal: true

module Members
  class CreateService < Members::BaseService
    BlankInvitesError = Class.new(StandardError)
    TooManyInvitesError = Class.new(StandardError)
    MembershipLockedError = Class.new(StandardError)

    DEFAULT_INVITE_LIMIT = 100

    attr_reader :membership_locked

    def initialize(*args)
      super

      @errors = []
      @invites = invites_from_params
      @source = params[:source]
      @tasks_to_be_done_members = []
    end

    def execute
      raise Gitlab::Access::AccessDeniedError unless can?(current_user, create_member_permission(source), source)

      # rubocop:disable Layout/EmptyLineAfterGuardClause
      raise Gitlab::Access::AccessDeniedError if adding_at_least_one_owner &&
        cannot_assign_owner_responsibilities_to_member_in_project?
      # rubocop:enable Layout/EmptyLineAfterGuardClause

      validate_invite_source!
      validate_invitable!

      add_members
      create_tasks_to_be_done
      enqueue_onboarding_progress_action

      publish_event!

      result
    rescue BlankInvitesError, TooManyInvitesError, MembershipLockedError => e
      error(e.message)
    end

    def single_member
      members.last
    end

    private

    attr_reader :source, :errors, :invites, :member_created_namespace_id, :members,
                :tasks_to_be_done_members, :member_created_member_task_id

    def adding_at_least_one_owner
      params[:access_level] == Gitlab::Access::OWNER
    end

    def cannot_assign_owner_responsibilities_to_member_in_project?
      source.is_a?(Project) && !current_user.can?(:manage_owners, source)
    end

    def invites_from_params
      # String, Nil, Array, Integer
      return params[:user_id] if params[:user_id].is_a?(Array)
      return [] unless params[:user_id]

      params[:user_id].to_s.split(',').uniq
    end

    def validate_invite_source!
      raise ArgumentError, s_('AddMember|No invite source provided.') unless invite_source.present?
    end

    def validate_invitable!
      raise BlankInvitesError, blank_invites_message if invites.blank?

      return unless user_limit && invites.size > user_limit

      raise TooManyInvitesError,
            format(s_("AddMember|Too many users specified (limit is %{user_limit})"), user_limit: user_limit)
    end

    def blank_invites_message
      s_('AddMember|No users specified.')
    end

    def add_members
      @members = source.add_members(
        invites,
        params[:access_level],
        expires_at: params[:expires_at],
        current_user: current_user,
        tasks_to_be_done: params[:tasks_to_be_done],
        tasks_project_id: params[:tasks_project_id]
      )

      members.each { |member| process_result(member) }
    end

    def process_result(member)
      existing_errors = member.errors.full_messages

      # calling invalid? clears any errors that were added outside of the
      # rails validation process
      if member.invalid? || existing_errors.present?
        add_error_for_member(member, existing_errors)
      else
        after_execute(member: member)
        @member_created_namespace_id ||= member.namespace_id
      end
    end

    # overridden
    def add_error_for_member(member, existing_errors)
      prefix = "#{member.user.username}: " if member.user.present?

      errors << "#{prefix}#{all_member_errors(member, existing_errors).to_sentence}"
    end

    def all_member_errors(member, existing_errors)
      existing_errors.concat(member.errors.full_messages).uniq
    end

    def after_execute(member:)
      super

      build_tasks_to_be_done_members(member)
      track_invite_source(member)
    end

    def track_invite_source(member)
      Gitlab::Tracking.event(self.class.name,
                             'create_member',
                             label: invite_source,
                             property: tracking_property(member),
                             user: current_user)
    end

    def invite_source
      params[:invite_source]
    end

    def tracking_property(member)
      # ideally invites go down the invite service class instead, but there is nothing that limits an invite
      # from being used in this class and if you send emails as a comma separated list to the api/members
      # endpoint, it will support invites
      member.invite? ? 'net_new_user' : 'existing_user'
    end

    def build_tasks_to_be_done_members(member)
      return unless tasks_to_be_done?(member)

      @tasks_to_be_done_members << member
      # We can take the first `member_task` here, since all tasks will have the same attributes needed
      # for the `TasksToBeDone::CreateWorker`, ie. `project` and `tasks_to_be_done`.
      @member_created_member_task_id ||= member.member_task.id
    end

    def tasks_to_be_done?(member)
      return false if params[:tasks_to_be_done].blank? || params[:tasks_project_id].blank?

      # Only create task issues for existing users. Tasks for new users are created when they signup.
      member.member_task&.valid? && member.user.present?
    end

    def create_tasks_to_be_done
      return unless member_created_member_task_id # signal if there is any work to be done here

      TasksToBeDone::CreateWorker.perform_async(member_created_member_task_id,
                                                current_user.id,
                                                tasks_to_be_done_members.map(&:user_id))
    end

    def user_limit
      limit = params.fetch(:limit, DEFAULT_INVITE_LIMIT)

      limit && limit < 0 ? nil : limit
    end

    def enqueue_onboarding_progress_action
      return unless member_created_namespace_id

      Namespaces::OnboardingUserAddedWorker.perform_async(member_created_namespace_id)
    end

    def result
      if errors.any?
        error(formatted_errors)
      else
        success
      end
    end

    def formatted_errors
      errors.to_sentence
    end

    def publish_event!
      Gitlab::EventStore.publish(
        Members::MembersAddedEvent.new(data: {
          source_id: source.id,
          source_type: source.class.name
        })
      )
    end

    def create_member_permission(source)
      case source
      when Group
        :admin_group_member
      when Project
        :admin_project_member
      else
        raise "Unknown source type: #{source.class}!"
      end
    end
  end
end

Members::CreateService.prepend_mod_with('Members::CreateService')