Commit 5c08f3fa authored by Mike Greiling's avatar Mike Greiling

Merge branch...

Merge branch '33750-follow-up-from-resolve-deactivate-a-user-with-self-service-reactivation' into 'master'

Do not allow deactivated users to use slash commands

See merge request gitlab-org/gitlab!18365
parents 434a0586 df1ad388
......@@ -33,9 +33,12 @@ class SlashCommandsService < Service
return unless valid_token?(params[:token])
chat_user = find_chat_user(params)
user = chat_user&.user
if user
unless user.can?(:use_slash_commands)
return Gitlab::SlashCommands::Presenters::Access.new.deactivated if user.deactivated?
if chat_user&.user
unless chat_user.user.can?(:use_slash_commands)
return Gitlab::SlashCommands::Presenters::Access.new.access_denied(project)
end
......
......@@ -48,6 +48,7 @@ class GlobalPolicy < BasePolicy
prevent :access_git
prevent :access_api
prevent :receive_notifications
prevent :use_slash_commands
end
rule { required_terms_not_accepted }.policy do
......
......@@ -9,6 +9,8 @@
= s_('AdminUsers|The user will not be able to access the API')
%li
= s_('AdminUsers|The user will not receive any notifications')
%li
= s_('AdminUsers|The user will not be able to use slash commands')
%li
= s_('AdminUsers|When the user logs back in, their account will reactivate as a fully active account')
%li
......
---
title: Do not allow deactivated users to use slash commands
merge_request: 18365
author:
type: fixed
......@@ -55,6 +55,7 @@ A deactivated user:
- Cannot access Git repositories or the API.
- Will not receive any notifications from GitLab.
- Will not be able to use [slash commands](../../../integration/slash_commands.md).
Personal projects, group and user history of the deactivated user will be left intact.
......
......@@ -15,6 +15,15 @@ module Gitlab
MESSAGE
end
def deactivated
ephemeral_response(text: <<~MESSAGE)
You are not allowed to perform the given chatops command since
your account has been deactivated by your administrator.
Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}
MESSAGE
end
def not_found
ephemeral_response(text: "404 not found! GitLab couldn't find what you were looking for! :boom:")
end
......
......@@ -1258,6 +1258,9 @@ msgstr ""
msgid "AdminUsers|The user will not be able to access the API"
msgstr ""
msgid "AdminUsers|The user will not be able to use slash commands"
msgstr ""
msgid "AdminUsers|The user will not receive any notifications"
msgstr ""
......
......@@ -3,6 +3,13 @@
require 'spec_helper'
describe Gitlab::SlashCommands::Presenters::Access do
shared_examples_for 'displays an error message' do
it do
expect(subject[:text]).to match(error_message)
expect(subject[:response_type]).to be(:ephemeral)
end
end
describe '#access_denied' do
let(:project) { build(:project) }
......@@ -10,9 +17,18 @@ describe Gitlab::SlashCommands::Presenters::Access do
it { is_expected.to be_a(Hash) }
it 'displays an error message' do
expect(subject[:text]).to match('are not allowed')
expect(subject[:response_type]).to be(:ephemeral)
it_behaves_like 'displays an error message' do
let(:error_message) { 'you do not have access to the GitLab project' }
end
end
describe '#deactivated' do
subject { described_class.new.deactivated }
it { is_expected.to be_a(Hash) }
it_behaves_like 'displays an error message' do
let(:error_message) { 'your account has been deactivated by your administrator' }
end
end
......
......@@ -288,6 +288,14 @@ describe GlobalPolicy do
it { is_expected.not_to be_allowed(:use_slash_commands) }
end
context 'when deactivated' do
before do
current_user.deactivate
end
it { is_expected.not_to be_allowed(:use_slash_commands) }
end
context 'when access locked' do
before do
current_user.lock_access!
......
......@@ -94,16 +94,32 @@ RSpec.shared_examples 'chat slash commands service' do
subject.trigger(params)
end
shared_examples_for 'blocks command execution' do
it do
expect_any_instance_of(Gitlab::SlashCommands::Command).not_to receive(:execute)
result = subject.trigger(params)
expect(result[:text]).to match(error_message)
end
end
context 'when user is blocked' do
before do
chat_name.user.block
end
it 'blocks command execution' do
expect_any_instance_of(Gitlab::SlashCommands::Command).not_to receive(:execute)
it_behaves_like 'blocks command execution' do
let(:error_message) { 'you do not have access to the GitLab project' }
end
end
result = subject.trigger(params)
expect(result).to include(text: /^You are not allowed/)
context 'when user is deactivated' do
before do
chat_name.user.deactivate
end
it_behaves_like 'blocks command execution' do
let(:error_message) { 'your account has been deactivated by your administrator' }
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment