Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6673c101
Commit
6673c101
authored
Oct 05, 2020
by
Małgorzata Ksionek
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add serving new namespace setting field
WIP
parent
474f3967
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
100 additions
and
9 deletions
+100
-9
app/models/group.rb
app/models/group.rb
+5
-1
app/services/groups/update_service.rb
app/services/groups/update_service.rb
+18
-1
app/services/namespace_settings/update_service.rb
app/services/namespace_settings/update_service.rb
+12
-0
app/workers/disallow_2fa_for_subgroups_members_worker.rb
app/workers/disallow_2fa_for_subgroups_members_worker.rb
+18
-0
app/workers/disallow_2fa_worker.rb
app/workers/disallow_2fa_worker.rb
+28
-0
ee/app/services/ee/groups/update_service.rb
ee/app/services/ee/groups/update_service.rb
+6
-6
spec/factories/groups.rb
spec/factories/groups.rb
+0
-1
spec/services/groups/update_service_spec.rb
spec/services/groups/update_service_spec.rb
+13
-0
No files found.
app/models/group.rb
View file @
6673c101
...
@@ -560,12 +560,16 @@ class Group < Namespace
...
@@ -560,12 +560,16 @@ class Group < Namespace
access_level_roles
.
values
access_level_roles
.
values
end
end
def
update_two_factor_requirement_for_members
members_with_descendants
.
find_each
(
&
:update_two_factor_requirement
)
end
private
private
def
update_two_factor_requirement
def
update_two_factor_requirement
return
unless
saved_change_to_require_two_factor_authentication?
||
saved_change_to_two_factor_grace_period?
return
unless
saved_change_to_require_two_factor_authentication?
||
saved_change_to_two_factor_grace_period?
members_with_descendants
.
find_each
(
&
:update_two_factor_requirement
)
update_two_factor_requirement_for_members
end
end
def
path_changed_hook
def
path_changed_hook
...
...
app/services/groups/update_service.rb
View file @
6673c101
...
@@ -4,6 +4,8 @@ module Groups
...
@@ -4,6 +4,8 @@ module Groups
class
UpdateService
<
Groups
::
BaseService
class
UpdateService
<
Groups
::
BaseService
include
UpdateVisibilityLevel
include
UpdateVisibilityLevel
SETTINGS_PARAMS
=
[
:allow_mfa_for_subgroups
].
freeze
def
execute
def
execute
reject_parent_id!
reject_parent_id!
remove_unallowed_params
remove_unallowed_params
...
@@ -20,7 +22,7 @@ module Groups
...
@@ -20,7 +22,7 @@ module Groups
return
false
unless
valid_path_change_with_npm_packages?
return
false
unless
valid_path_change_with_npm_packages?
return
false
unless
update_shared_runners
return
false
unless
update_shared_runners
handle_changes
before_assignment_hook
(
group
,
params
)
before_assignment_hook
(
group
,
params
)
handle_namespace_settings
handle_namespace_settings
...
@@ -101,6 +103,21 @@ module Groups
...
@@ -101,6 +103,21 @@ module Groups
params
.
delete
(
:default_branch_protection
)
unless
can?
(
current_user
,
:update_default_branch_protection
,
group
)
params
.
delete
(
:default_branch_protection
)
unless
can?
(
current_user
,
:update_default_branch_protection
,
group
)
end
end
def
handle_changes
handle_settings_update
end
def
handle_settings_update
settings_params
=
params
.
slice
(
*
allowed_settings_params
)
allowed_settings_params
.
each
{
|
param
|
params
.
delete
(
param
)
}
::
NamespaceSettings
::
UpdateService
.
new
(
current_user
,
group
,
settings_params
).
execute
end
def
allowed_settings_params
@allowed_settings_params
||=
SETTINGS_PARAMS
end
def
valid_share_with_group_lock_change?
def
valid_share_with_group_lock_change?
return
true
unless
changing_share_with_group_lock?
return
true
unless
changing_share_with_group_lock?
return
true
if
can?
(
current_user
,
:change_share_with_group_lock
,
group
)
return
true
if
can?
(
current_user
,
:change_share_with_group_lock
,
group
)
...
...
app/services/namespace_settings/update_service.rb
View file @
6673c101
...
@@ -18,6 +18,18 @@ module NamespaceSettings
...
@@ -18,6 +18,18 @@ module NamespaceSettings
else
else
group
.
build_namespace_settings
(
settings_params
)
group
.
build_namespace_settings
(
settings_params
)
end
end
after_update
end
def
after_update
settings
=
group
.
namespace_settings
return
if
settings
.
allow_mfa_for_subgroups
if
settings
.
previous_changes
.
include?
(
:allow_mfa_for_subgroups
)
# enque in batches
TodosDestroyer
::
GroupPrivateWorker
.
perform_in
(
Todo
::
WAIT_FOR_DELETE
,
group
.
id
)
end
end
end
end
end
end
end
...
...
app/workers/disallow_2fa_for_subgroups_members_worker.rb
0 → 100644
View file @
6673c101
# frozen_string_literal: true
class
Disallow2FAWorker
# rubocop:disable Scalability/IdempotentWorker
include
ApplicationWorker
include
ExceptionBacktrace
feature_category
:subgroups
def
perform
(
group_id
)
begin
group
=
Group
.
find
(
group_id
)
rescue
ActiveRecord
::
RecordNotFound
return
end
group
.
update_two_factor_requirement_for_members
end
end
app/workers/disallow_2fa_worker.rb
0 → 100644
View file @
6673c101
# frozen_string_literal: true
class
Disallow2FAWorker
# rubocop:disable Scalability/IdempotentWorker
include
ApplicationWorker
include
ExceptionBacktrace
INTERVAL
=
2
.
seconds
.
to_i
feature_category
:subgroups
def
perform
(
group_id
)
begin
group
=
Group
.
find
(
group_id
)
rescue
ActiveRecord
::
RecordNotFound
return
end
subgroups
=
group
.
subgroups
.
where
(
require_two_factor_authentication:
true
)
subgroups
.
update_all
(
require_two_factor_authentication:
false
)
subgroups
.
find_each
(
batch_size:
100
).
with_index
do
|
subgroup
,
index
|
# rubocop: disable CodeReuse/ActiveRecord
delay
=
index
*
INTERVAL
with_context
(
subgroup
)
do
Update2FAForSubgroupsMembersWorker
.
perform_in
(
delay
,
subgroup
.
id
)
end
end
end
end
ee/app/services/ee/groups/update_service.rb
View file @
6673c101
...
@@ -4,6 +4,7 @@ module EE
...
@@ -4,6 +4,7 @@ module EE
module
Groups
module
Groups
module
UpdateService
module
UpdateService
extend
::
Gitlab
::
Utils
::
Override
extend
::
Gitlab
::
Utils
::
Override
EE_SETTINGS_PARAMS
=
[
:prevent_forking_outside_group
].
freeze
override
:execute
override
:execute
def
execute
def
execute
...
@@ -90,10 +91,11 @@ module EE
...
@@ -90,10 +91,11 @@ module EE
end
end
end
end
override
:handle_changes
def
handle_changes
def
handle_changes
handle_allowed_email_domains_update
handle_allowed_email_domains_update
handle_ip_restriction_update
handle_ip_restriction_update
handle_settings_update
super
end
end
def
handle_ip_restriction_update
def
handle_ip_restriction_update
...
@@ -112,11 +114,9 @@ module EE
...
@@ -112,11 +114,9 @@ module EE
AllowedEmailDomains
::
UpdateService
.
new
(
current_user
,
group
,
comma_separated_domains
).
execute
AllowedEmailDomains
::
UpdateService
.
new
(
current_user
,
group
,
comma_separated_domains
).
execute
end
end
def
handle_settings_update
override
:allowed_settings_params
settings_params
=
params
.
slice
(
:prevent_forking_outside_group
)
def
allowed_settings_params
params
.
delete
(
:prevent_forking_outside_group
)
@allowed_settings_params
||=
::
Groups
::
UpdateService
::
SETTINGS_PARAMS
+
EE_SETTINGS_PARAMS
::
NamespaceSettings
::
UpdateService
.
new
(
current_user
,
group
,
settings_params
).
execute
end
end
def
log_audit_event
def
log_audit_event
...
...
spec/factories/groups.rb
View file @
6673c101
...
@@ -7,7 +7,6 @@ FactoryBot.define do
...
@@ -7,7 +7,6 @@ FactoryBot.define do
type
{
'Group'
}
type
{
'Group'
}
owner
{
nil
}
owner
{
nil
}
project_creation_level
{
::
Gitlab
::
Access
::
MAINTAINER_PROJECT_ACCESS
}
project_creation_level
{
::
Gitlab
::
Access
::
MAINTAINER_PROJECT_ACCESS
}
association
:namespace_settings
,
factory: :namespace_settings
after
(
:create
)
do
|
group
|
after
(
:create
)
do
|
group
|
if
group
.
owner
if
group
.
owner
...
...
spec/services/groups/update_service_spec.rb
View file @
6673c101
...
@@ -308,6 +308,19 @@ RSpec.describe Groups::UpdateService do
...
@@ -308,6 +308,19 @@ RSpec.describe Groups::UpdateService do
end
end
end
end
context
'changes allowing subgroups to establish own 2FA'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:params
)
{
{
allow_mfa_for_subgroups:
false
}
}
subject
{
described_class
.
new
(
group
,
user
,
params
).
execute
}
it
'changes settings'
do
subject
expect
(
group
.
namespace_settings
.
reload
.
allow_mfa_for_subgroups
).
to
eq
(
false
)
end
end
def
update_group
(
group
,
user
,
opts
)
def
update_group
(
group
,
user
,
opts
)
Groups
::
UpdateService
.
new
(
group
,
user
,
opts
).
execute
Groups
::
UpdateService
.
new
(
group
,
user
,
opts
).
execute
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment