group.rb 6.27 KB
Newer Older
Steven Thonus's avatar
Steven Thonus committed
1 2
require 'carrierwave/orm/activerecord'

3
class Group < Namespace
4
  include Gitlab::ConfigHelper
5
  include Gitlab::VisibilityLevel
6
  include AccessRequestable
7
  include Referable
8
  include SelectForProjectAuthorization
9

10
  has_many :group_members, -> { where(requested_at: nil) }, dependent: :destroy, as: :source
11
  alias_method :members, :group_members
12
  has_many :users, through: :group_members
13
  has_many :owners,
14
    -> { where(members: { access_level: Gitlab::Access::OWNER }) },
15 16 17
    through: :group_members,
    source: :user

18 19
  has_many :requesters, -> { where.not(requested_at: nil) }, dependent: :destroy, as: :source, class_name: 'GroupMember'

20 21
  has_many :project_group_links, dependent: :destroy
  has_many :shared_projects, through: :project_group_links, source: :project
22
  has_many :notification_settings, dependent: :destroy, as: :source
23
  has_many :labels, class_name: 'GroupLabel'
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
24

25
  validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
26 27
  validate :visibility_level_allowed_by_projects

28
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
Steven Thonus's avatar
Steven Thonus committed
29

30 31
  validates :two_factor_grace_period, presence: true, numericality: { greater_than_or_equal_to: 0 }

Douwe Maan's avatar
Douwe Maan committed
32
  mount_uploader :avatar, AvatarUploader
33
  has_many :uploads, as: :model, dependent: :destroy
34

35 36
  after_create :post_create_hook
  after_destroy :post_destroy_hook
37
  after_save :update_two_factor_requirement
38

39
  class << self
40 41 42 43 44 45 46
    # Searches for groups matching the given query.
    #
    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
    #
    # query - The search query as a String
    #
    # Returns an ActiveRecord::Relation.
47
    def search(query)
48
      table   = Namespace.arel_table
49 50 51
      pattern = "%#{query}%"

      where(table[:name].matches(pattern).or(table[:path].matches(pattern)))
52 53 54
    end

    def sort(method)
55 56 57 58 59 60 61
      if method == 'storage_size_desc'
        # storage_size is a virtual column so we need to
        # pass a string to avoid AR adding the table name
        reorder('storage_size DESC, namespaces.id DESC')
      else
        order_by(method)
      end
62
    end
63 64

    def reference_prefix
65 66 67 68 69
      User.reference_prefix
    end

    def reference_pattern
      User.reference_pattern
70
    end
71 72 73 74

    def visible_to_user(user)
      where(id: user.authorized_groups.select(:id).reorder(nil))
    end
75 76 77

    def select_for_project_authorization
      if current_scope.joins_values.include?(:shared_projects)
78 79 80
        joins('INNER JOIN namespaces project_namespace ON project_namespace.id = projects.namespace_id')
          .where('project_namespace.share_with_group_lock = ?',  false)
          .select("members.user_id, projects.id AS project_id, LEAST(project_group_links.group_access, members.access_level) AS access_level")
81 82 83 84
      else
        super
      end
    end
85 86
  end

87
  def to_reference(_from_project = nil, full: nil)
88
    "#{self.class.reference_prefix}#{full_path}"
89 90
  end

91
  def web_url
92
    Gitlab::Routing.url_helpers.group_canonical_url(self)
93 94
  end

95
  def human_name
96
    full_name
97
  end
98

Felipe Artur's avatar
Felipe Artur committed
99
  def visibility_level_field
100
    :visibility_level
Felipe Artur's avatar
Felipe Artur committed
101 102
  end

103
  def visibility_level_allowed_by_projects
Douwe Maan's avatar
Douwe Maan committed
104
    allowed_by_projects = self.projects.where('visibility_level > ?', self.visibility_level).none?
105 106 107 108 109 110 111 112 113

    unless allowed_by_projects
      level_name = Gitlab::VisibilityLevel.level_name(visibility_level).downcase
      self.errors.add(:visibility_level, "#{level_name} is not allowed since there are projects with higher visibility.")
    end

    allowed_by_projects
  end

114
  def avatar_url(size = nil)
115
    if self[:avatar].present?
116 117 118 119
      [gitlab_config.url, avatar.url].join
    end
  end

120 121 122 123 124 125 126
  def lfs_enabled?
    return false unless Gitlab.config.lfs.enabled
    return Gitlab.config.lfs.enabled if self[:lfs_enabled].nil?

    self[:lfs_enabled]
  end

127
  def add_users(users, access_level, current_user: nil, expires_at: nil)
128
    GroupMember.add_users(
129 130 131 132 133 134
      self,
      users,
      access_level,
      current_user: current_user,
      expires_at: expires_at
    )
135 136
  end

137
  def add_user(user, access_level, current_user: nil, expires_at: nil)
138 139 140 141 142 143 144
    GroupMember.add_user(
      self,
      user,
      access_level,
      current_user: current_user,
      expires_at: expires_at
    )
145 146
  end

147
  def add_guest(user, current_user = nil)
148
    add_user(user, :guest, current_user: current_user)
149 150 151
  end

  def add_reporter(user, current_user = nil)
152
    add_user(user, :reporter, current_user: current_user)
153 154 155
  end

  def add_developer(user, current_user = nil)
156
    add_user(user, :developer, current_user: current_user)
157 158 159
  end

  def add_master(user, current_user = nil)
160
    add_user(user, :master, current_user: current_user)
161 162
  end

Douwe Maan's avatar
Douwe Maan committed
163
  def add_owner(user, current_user = nil)
164
    add_user(user, :owner, current_user: current_user)
Douwe Maan's avatar
Douwe Maan committed
165 166 167
  end

  def has_owner?(user)
168
    members_with_parents.owners.where(user_id: user).any?
Douwe Maan's avatar
Douwe Maan committed
169 170 171
  end

  def has_master?(user)
172
    members_with_parents.masters.where(user_id: user).any?
Douwe Maan's avatar
Douwe Maan committed
173 174
  end

175 176
  # Check if user is a last owner of the group.
  # Parent owners are ignored for nested groups.
Douwe Maan's avatar
Douwe Maan committed
177
  def last_owner?(user)
178
    owners.include?(user) && owners.size == 1
Douwe Maan's avatar
Douwe Maan committed
179 180
  end

Steven Thonus's avatar
Steven Thonus committed
181 182 183 184 185
  def avatar_type
    unless self.avatar.image?
      self.errors.add :avatar, "only images allowed"
    end
  end
186

187
  def post_create_hook
188 189
    Gitlab::AppLogger.info("Group \"#{name}\" was created")

190 191 192 193
    system_hook_service.execute_hooks_for(self, :create)
  end

  def post_destroy_hook
194 195
    Gitlab::AppLogger.info("Group \"#{name}\" was removed")

196 197 198 199 200 201
    system_hook_service.execute_hooks_for(self, :destroy)
  end

  def system_hook_service
    SystemHooksService.new
  end
202 203

  def refresh_members_authorized_projects
204 205 206 207 208 209
    UserProjectAccessChangedService.new(user_ids_for_project_authorizations).
      execute
  end

  def user_ids_for_project_authorizations
    users_with_parents.pluck(:id)
210 211 212
  end

  def members_with_parents
213
    GroupMember.non_request.where(source_id: ancestors.pluck(:id).push(id))
214 215 216
  end

  def users_with_parents
217
    User.where(id: members_with_parents.select(:user_id))
218
  end
Z.J. van de Weg's avatar
Z.J. van de Weg committed
219 220 221 222 223 224 225 226 227 228

  def mattermost_team_params
    max_length = 59

    {
      name: path[0..max_length],
      display_name: name[0..max_length],
      type: public? ? 'O' : 'I' # Open vs Invite-only
    }
  end
229 230 231 232 233 234 235 236

  protected

  def update_two_factor_requirement
    return unless require_two_factor_authentication_changed? || two_factor_grace_period_changed?

    users.find_each(&:update_two_factor_requirement)
  end
237
end