app/services/projects/group_links/create_service.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# frozen_string_literal: true

module Projects
  module GroupLinks
    class CreateService < BaseService
      def execute(group)
        return error('Not Found', 404) unless group && can?(current_user, :read_namespace, group)

        link = project.project_group_links.new(
          group: group,
          group_access: params[:link_group_access],
          expires_at: params[:expires_at]
        )

        if link.save
          setup_authorizations(group, link.group_access)
          success(link: link)
        else
          error(link.errors.full_messages.to_sentence, 409)
        end
      end

      private

      def setup_authorizations(group, group_access = nil)
        AuthorizedProjectUpdate::ProjectGroupLinkCreateWorker.perform_async(
          project.id, group.id, group_access)

        # AuthorizedProjectsWorker uses an exclusive lease per user but
        # specialized workers might have synchronization issues. Until we
        # compare the inconsistency rates of both approaches, we still run
        # AuthorizedProjectsWorker but with some delay and lower urgency as a
        # safety net.
        group.refresh_members_authorized_projects(
          blocking: false,
          priority: UserProjectAccessChangedService::LOW_PRIORITY
        )
      end
    end
  end
end

Projects::GroupLinks::CreateService.prepend_mod_with('Projects::GroupLinks::CreateService')