Skip to content

G
gitlab-ce
An error occurred fetching the project authors.
Switch branch/tag
  1. 24 Mar, 2017 1 commit
  3. 22 Mar, 2017 1 commit
  5. 17 Mar, 2017 1 commit
  7. 10 Mar, 2017 1 commit
  9. 09 Mar, 2017 5 commits
  11. 06 Mar, 2017 2 commits
  13. 05 Mar, 2017 1 commit
  15. 03 Mar, 2017 1 commit
  17. 28 Feb, 2017 3 commits
  19. 24 Feb, 2017 7 commits
    • Timothy Andrew's avatar
      Don't allow deleting a ghost user. · 6fdb17cb
      Timothy Andrew authored 
      - Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.
      6fdb17cb
    • Timothy Andrew's avatar
      Implement final review comments from @DouweM and @rymai · f2ed82fa
      Timothy Andrew authored 
      - Have `Uniquify` take a block instead of a Proc/function. This is more
  idiomatic than passing around a function in Ruby.

- Block a user before moving their issues to the ghost user. This avoids a data
  race where an issue is created after the issues are migrated to the ghost user,
  and before the destroy takes place.

- No need to migrate issues (to the ghost user) in a transaction, because
  we're using `update_all`

- Other minor changes
      f2ed82fa
    • Timothy Andrew's avatar
      Implement review comments from @rymai and @yorickpeterse · 8f01644f
      Timothy Andrew authored 
      1. Refactoring and specs in the `Uniquify` class.

2. Don't use the `AdvisoryLocking` class. Similar functionality is
provided (backed by Redis) in the `ExclusiveLease` class.
      8f01644f
    • Timothy Andrew's avatar
      Use a `ghost` boolean to track ghost users. · 8e684809
      Timothy Andrew authored 
      Rather than using a separate `ghost` state. This lets us have the benefits of
both ghost and blocked users (ghost: true, state: blocked) without having to
rewrite a number of queries to include cases for `state: ghost`.
      8e684809
    • Timothy Andrew's avatar
      Implement review comments from @DouweM and @nick.thomas. · 53c34c74
      Timothy Andrew authored 
      1. Use an advisory lock to guarantee the absence of concurrency in `User.ghost`,
to prevent data races from creating more than one ghost, or preventing the
creation of ghost users by causing validation errors.

2. Use `update_all` instead of updating issues one-by-one.
      53c34c74
    • Timothy Andrew's avatar
      Extract code from `Namespace#clean_path` for ghost user generation. · ca16c373
      Timothy Andrew authored 
      1. Create a `Uniquify` class, which generalizes the process of generating unique
   strings, by accepting a function that defines what "uniqueness" means in a
   given context.

2. WIP: Make sure tests for `Namespace` pass, add more if necessary.

3. WIP: Add tests for `Uniquify`
      ca16c373
    • Timothy Andrew's avatar
      Deleting a user shouldn't delete associated issues. · ff19bbd3
      Timothy Andrew authored 
      - "Associated" issues are issues the user has created + issues that the
  user is assigned to.

- Issues that a user owns are transferred to a "Ghost User" (just a
  regular user with `state = 'ghost'` that is created when
  `User.ghost` is called).

- Issues that a user is assigned to are moved to the "Unassigned" state.

- Fix a spec failure in `profile_spec` — a spec was asserting that when a user
  is deleted, `User.count` decreases by 1. After this change, deleting a user
  creates (potentially) a ghost user, causing `User.count` not to change. The
  spec has been updated to look for the relevant user in the assertion.
      ff19bbd3
  21. 23 Feb, 2017 5 commits
  23. 15 Feb, 2017 1 commit
  25. 13 Feb, 2017 2 commits
  27. 10 Feb, 2017 1 commit
  29. 08 Feb, 2017 1 commit
  31. 07 Feb, 2017 2 commits
  33. 06 Feb, 2017 2 commits
  35. 25 Jan, 2017 1 commit
  37. 24 Jan, 2017 1 commit
  39. 08 Jan, 2017 1 commit
    • Yorick Peterse's avatar
      Remove the project_authorizations.id column · de321fbb
      Yorick Peterse authored 
      This column used to be a 32 bits integer, allowing for only a maximum of
2 147 483 647 rows. Given enough users one can hit this limit pretty
quickly, as was the case for GitLab.com.

Changing this type to bigint (= 64 bits) would give us more space, but
we'd eventually hit the same limit given enough users and projects. A
much more sustainable solution is to simply drop the "id" column.

There were only 2 lines of code depending on this column being present,
and neither truly required it to be present. Instead the code now uses
the "project_id" column combined with the "user_id" column. This means
that instead of something like this:

    DELETE FROM project_authorizations
    WHERE user_id = X
    AND id = Y;

We now run the following when removing rows:

    DELETE FROM project_authorizations
    WHERE user_id = X
    AND project_id = Y;

Since both user_id and project_id are indexed this should not slow down
the DELETE query.

This commit also removes the "dependent: destroy" clause from the
"project_authorizations" relation in the User and Project models.
Keeping this prevents Rails from being able to remove data as it relies
on an "id" column being present. Since the "project_authorizations"
table has proper foreign keys set up (with cascading removals) we don't
need to depend on any Rails logic.
      de321fbb
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7