diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 14:10:13 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 14:10:13 +0300 |
commit | 0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch) | |
tree | 7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /app/models/members | |
parent | 72123183a20411a36d607d70b12d57c484394c8e (diff) |
Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42
Diffstat (limited to 'app/models/members')
-rw-r--r-- | app/models/members/group_member.rb | 34 | ||||
-rw-r--r-- | app/models/members/last_group_owner_assigner.rb | 3 | ||||
-rw-r--r-- | app/models/members/project_member.rb | 16 |
3 files changed, 48 insertions, 5 deletions
diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb index a8a4fbedc41..87af6a9a7f7 100644 --- a/app/models/members/group_member.rb +++ b/app/models/members/group_member.rb @@ -7,6 +7,7 @@ class GroupMember < Member SOURCE_TYPE = 'Namespace' SOURCE_TYPE_FORMAT = /\ANamespace\z/.freeze + THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS = 1000 belongs_to :group, foreign_key: 'source_id' alias_attribute :namespace_id, :source_id @@ -28,6 +29,12 @@ class GroupMember < Member attr_accessor :last_owner, :last_blocked_owner + # For those who get to see a modal with a role dropdown, here are the options presented + def self.permissible_access_level_roles(_, _) + # This method is a stopgap in preparation for https://gitlab.com/gitlab-org/gitlab/-/issues/364087 + access_level_roles + end + def self.access_level_roles Gitlab::Access.options_with_owner end @@ -60,8 +67,28 @@ class GroupMember < Member # its projects are also destroyed, so the removal of project_authorizations # will happen behind the scenes via DB foreign keys anyway. return if destroyed_by_association.present? + return unless user_id + return super if Feature.disabled?(:refresh_authorizations_via_affected_projects_on_group_membership, group) - super + # rubocop:disable CodeReuse/ServiceClass + projects_to_refresh = Groups::ProjectsRequiringAuthorizationsRefresh::OnDirectMembershipFinder.new(group).execute + threshold_exceeded = (projects_to_refresh.size > THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS) + + # We want to try the new approach only if the number of affected projects are greater than the set threshold. + return super unless threshold_exceeded + + AuthorizedProjectUpdate::ProjectAccessChangedService + .new(projects_to_refresh) + .execute(blocking: false) + + # Until we compare the inconsistency rates of the new approach + # the old approach, we still run AuthorizedProjectsWorker + # but with some delay and lower urgency as a safety net. + UserProjectAccessChangedService + .new(user_id) + .execute(blocking: false, priority: UserProjectAccessChangedService::LOW_PRIORITY) + + # rubocop:enable CodeReuse/ServiceClass end def send_invite @@ -91,7 +118,10 @@ class GroupMember < Member end def after_accept_invite - notification_service.accept_group_invite(self) + run_after_commit_or_now do + notification_service.accept_group_invite(self) + end + update_two_factor_requirement super diff --git a/app/models/members/last_group_owner_assigner.rb b/app/models/members/last_group_owner_assigner.rb index dcf0a2d0ad3..c85116858c7 100644 --- a/app/models/members/last_group_owner_assigner.rb +++ b/app/models/members/last_group_owner_assigner.rb @@ -1,5 +1,6 @@ # frozen_string_literal: true +# Optimization class to fix group member n+1 queries class LastGroupOwnerAssigner def initialize(group, members) @group = group @@ -39,6 +40,6 @@ class LastGroupOwnerAssigner end def owners - @owners ||= group.members_with_parents.owners.load + @owners ||= group.all_owners_excluding_project_bots.load end end diff --git a/app/models/members/project_member.rb b/app/models/members/project_member.rb index 995c26d7221..791cb6f0dff 100644 --- a/app/models/members/project_member.rb +++ b/app/models/members/project_member.rb @@ -44,7 +44,7 @@ class ProjectMember < Member project_ids.each do |project_id| project = Project.find(project_id) - Members::Projects::BulkCreatorService.add_users( # rubocop:disable CodeReuse/ServiceClass + Members::Projects::CreatorService.add_users( # rubocop:disable CodeReuse/ServiceClass project, users, access_level, @@ -73,6 +73,16 @@ class ProjectMember < Member truncate_teams [project.id] end + # For those who get to see a modal with a role dropdown, here are the options presented + def permissible_access_level_roles(current_user, project) + # This method is a stopgap in preparation for https://gitlab.com/gitlab-org/gitlab/-/issues/364087 + if Ability.allowed?(current_user, :manage_owners, project) + Gitlab::Access.options_with_owner + else + ProjectMember.access_level_roles + end + end + def access_level_roles Gitlab::Access.options end @@ -158,7 +168,9 @@ class ProjectMember < Member end def after_accept_invite - notification_service.accept_project_invite(self) + run_after_commit_or_now do + notification_service.accept_project_invite(self) + end super end |