Move secure name method to HasUserType

Move from UsersHelper to HasUserType

Move secure name method to HasUserType
Move from UsersHelper to HasUserType
1edd7c71 · Serena Fang · Douglas Barbosa Alexandre · 79611ed1 · 1edd7c71 · 1edd7c71
Commit 1edd7c71 authored Mar 03, 2022 by Serena Fang Committed by Douglas Barbosa Alexandre Mar 08, 2022
4 changed files
--- a/app/graphql/types/user_interface.rb
+++ b/app/graphql/types/user_interface.rb
@@ -3,7 +3,6 @@
 module Types
  module UserInterface
    include Types::BaseInterface
-    include UsersHelper

    graphql_name 'User'
    description 'Representation of a GitLab user.'
@@ -137,7 +136,7 @@ module Types
    def redacted_name
      return object.name unless object.project_bot?

-      secure_project_bot_name(context[:current_user], object)
+      object.secure_name(context[:current_user])
    end
  end
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -176,19 +176,6 @@ module UsersHelper
    user.public_email.present?
  end

-  def secure_project_bot_name(current_user, user)
-    if user.groups.any?
-      return user.name if current_user&.can?(:read_group, user.groups.first)
-    end
-
-    return user.name if current_user&.can?(:read_project, user.projects.first)
-
-    # If the requester does not have permission to read the project bot name,
-    # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
-    # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
-    '****'
-  end
-
  private

  def admin_users_paths

--- a/app/models/concerns/has_user_type.rb
+++ b/app/models/concerns/has_user_type.rb
@@ -46,4 +46,17 @@ module HasUserType
  def internal?
    ghost? || (bot? && !project_bot?)
  end
+
+  def secure_name(viewing_user)
+    if self.groups.any?
+      return self.name if viewing_user&.can?(:read_group, self.groups.first)
+    end
+
+    return self.name if viewing_user&.can?(:read_project, self.projects.first)
+
+    # If the requester does not have permission to read the project bot name,
+    # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
+    '****'
+  end
 end
--- a/lib/api/entities/user_safe.rb
+++ b/lib/api/entities/user_safe.rb
@@ -3,13 +3,11 @@
 module API
  module Entities
    class UserSafe < Grape::Entity
-      include UsersHelper
-
      expose :id, :username
      expose :name do |user|
        next user.name unless user.project_bot?

-        secure_project_bot_name(options[:current_user], user)
+        user.secure_name(options[:current_user])
      end
    end
  end