1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
# frozen_string_literal: true
module Members
class CreateService < Members::BaseService
BlankInvitesError = Class.new(StandardError)
TooManyInvitesError = Class.new(StandardError)
MembershipLockedError = Class.new(StandardError)
DEFAULT_INVITE_LIMIT = 100
attr_reader :membership_locked
def initialize(*args)
super
@errors = []
@invites = invites_from_params
@source = params[:source]
@tasks_to_be_done_members = []
end
def execute
raise Gitlab::Access::AccessDeniedError unless can?(current_user, create_member_permission(source), source)
# rubocop:disable Layout/EmptyLineAfterGuardClause
raise Gitlab::Access::AccessDeniedError if adding_at_least_one_owner &&
cannot_assign_owner_responsibilities_to_member_in_project?
# rubocop:enable Layout/EmptyLineAfterGuardClause
validate_invite_source!
validate_invitable!
add_members
create_tasks_to_be_done
enqueue_onboarding_progress_action
publish_event!
result
rescue BlankInvitesError, TooManyInvitesError, MembershipLockedError => e
error(e.message)
end
def single_member
members.last
end
private
attr_reader :source, :errors, :invites, :member_created_namespace_id, :members,
:tasks_to_be_done_members, :member_created_member_task_id
def adding_at_least_one_owner
params[:access_level] == Gitlab::Access::OWNER
end
def cannot_assign_owner_responsibilities_to_member_in_project?
source.is_a?(Project) && !current_user.can?(:manage_owners, source)
end
def invites_from_params
# String, Nil, Array, Integer
return params[:user_id] if params[:user_id].is_a?(Array)
return [] unless params[:user_id]
params[:user_id].to_s.split(',').uniq
end
def validate_invite_source!
raise ArgumentError, s_('AddMember|No invite source provided.') unless invite_source.present?
end
def validate_invitable!
raise BlankInvitesError, blank_invites_message if invites.blank?
return unless user_limit && invites.size > user_limit
raise TooManyInvitesError,
format(s_("AddMember|Too many users specified (limit is %{user_limit})"), user_limit: user_limit)
end
def blank_invites_message
s_('AddMember|No users specified.')
end
def add_members
@members = source.add_members(
invites,
params[:access_level],
expires_at: params[:expires_at],
current_user: current_user,
tasks_to_be_done: params[:tasks_to_be_done],
tasks_project_id: params[:tasks_project_id]
)
members.each { |member| process_result(member) }
end
def process_result(member)
existing_errors = member.errors.full_messages
# calling invalid? clears any errors that were added outside of the
# rails validation process
if member.invalid? || existing_errors.present?
add_error_for_member(member, existing_errors)
else
after_execute(member: member)
@member_created_namespace_id ||= member.namespace_id
end
end
# overridden
def add_error_for_member(member, existing_errors)
prefix = "#{member.user.username}: " if member.user.present?
errors << "#{prefix}#{all_member_errors(member, existing_errors).to_sentence}"
end
def all_member_errors(member, existing_errors)
existing_errors.concat(member.errors.full_messages).uniq
end
def after_execute(member:)
super
build_tasks_to_be_done_members(member)
track_invite_source(member)
end
def track_invite_source(member)
Gitlab::Tracking.event(self.class.name,
'create_member',
label: invite_source,
property: tracking_property(member),
user: current_user)
end
def invite_source
params[:invite_source]
end
def tracking_property(member)
# ideally invites go down the invite service class instead, but there is nothing that limits an invite
# from being used in this class and if you send emails as a comma separated list to the api/members
# endpoint, it will support invites
member.invite? ? 'net_new_user' : 'existing_user'
end
def build_tasks_to_be_done_members(member)
return unless tasks_to_be_done?(member)
@tasks_to_be_done_members << member
# We can take the first `member_task` here, since all tasks will have the same attributes needed
# for the `TasksToBeDone::CreateWorker`, ie. `project` and `tasks_to_be_done`.
@member_created_member_task_id ||= member.member_task.id
end
def tasks_to_be_done?(member)
return false if params[:tasks_to_be_done].blank? || params[:tasks_project_id].blank?
# Only create task issues for existing users. Tasks for new users are created when they signup.
member.member_task&.valid? && member.user.present?
end
def create_tasks_to_be_done
return unless member_created_member_task_id # signal if there is any work to be done here
TasksToBeDone::CreateWorker.perform_async(member_created_member_task_id,
current_user.id,
tasks_to_be_done_members.map(&:user_id))
end
def user_limit
limit = params.fetch(:limit, DEFAULT_INVITE_LIMIT)
limit && limit < 0 ? nil : limit
end
def enqueue_onboarding_progress_action
return unless member_created_namespace_id
Namespaces::OnboardingUserAddedWorker.perform_async(member_created_namespace_id)
end
def result
if errors.any?
error(formatted_errors)
else
success
end
end
def formatted_errors
errors.to_sentence
end
def publish_event!
Gitlab::EventStore.publish(
Members::MembersAddedEvent.new(data: {
source_id: source.id,
source_type: source.class.name
})
)
end
def create_member_permission(source)
case source
when Group
:admin_group_member
when Project
:admin_project_member
else
raise "Unknown source type: #{source.class}!"
end
end
end
end
Members::CreateService.prepend_mod_with('Members::CreateService')
|