summaryrefslogtreecommitdiff
path: root/app/services/users/approve_service.rb
blob: fea7fc55d90bac3b9d1cc6d2882aa07f8ca4e921 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# frozen_string_literal: true

module Users
  class ApproveService < BaseService
    def initialize(current_user)
      @current_user = current_user
    end

    def execute(user)
      return error(_('You are not allowed to approve a user'), :forbidden) unless allowed?
      return error(_('The user you are trying to approve is not pending approval'), :conflict) if user.active? || !approval_required?(user)

      if user.activate
        # Resends confirmation email if the user isn't confirmed yet.
        # Please see Devise's implementation of `resend_confirmation_instructions` for detail.
        user.resend_confirmation_instructions
        user.accept_pending_invitations! if user.active_for_authentication?
        DeviseMailer.user_admin_approval(user).deliver_later

        log_event(user)
        after_approve_hook(user)
        success(message: 'Success', http_status: :created)
      else
        error(user.errors.full_messages.uniq.join('. '), :unprocessable_entity)
      end
    end

    private

    attr_reader :current_user

    def after_approve_hook(user)
      # overridden by EE module
    end

    def allowed?
      can?(current_user, :approve_user)
    end

    def approval_required?(user)
      user.blocked_pending_approval?
    end

    def log_event(user)
      Gitlab::AppLogger.info(message: "User instance access request approved", user: "#{user.username}", email: "#{user.email}", approved_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
    end
  end
end

Users::ApproveService.prepend_if_ee('EE::Users::ApproveService')