diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-13 00:10:43 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-13 00:10:43 +0300 |
| commit | 3c0d198d0c0fff5a7949f676bb6cb414908bca02 (patch) | |
| tree | 3101b330803e94e2110fc71ecc6b8324a71fb66a /lib | |
| parent | b0fe37ef58e19bc6f5d1db99f2ddc809f180a6f5 (diff) | |
Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/background_migration/recalculate_project_authorizations.rb | 42 | ||||
| -rw-r--r-- | lib/gitlab/project_authorizations.rb | 12 |
2 files changed, 48 insertions, 6 deletions
diff --git a/lib/gitlab/background_migration/recalculate_project_authorizations.rb b/lib/gitlab/background_migration/recalculate_project_authorizations.rb new file mode 100644 index 00000000000..3d2ce9fc10c --- /dev/null +++ b/lib/gitlab/background_migration/recalculate_project_authorizations.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # rubocop:disable Style/Documentation + class RecalculateProjectAuthorizations + def perform(user_ids) + user_ids.each do |user_id| + user = User.find_by(id: user_id) + + next unless user + + service = Users::RefreshAuthorizedProjectsService.new( + user, + incorrect_auth_found_callback: + ->(project_id, access_level) do + logger.info(message: 'Removing ProjectAuthorizations', + user_id: user.id, + project_id: project_id, + access_level: access_level) + end, + missing_auth_found_callback: + ->(project_id, access_level) do + logger.info(message: 'Creating ProjectAuthorizations', + user_id: user.id, + project_id: project_id, + access_level: access_level) + end + ) + + service.execute + end + end + + private + + def logger + @logger ||= Gitlab::BackgroundMigration::Logger.build + end + end + end +end diff --git a/lib/gitlab/project_authorizations.rb b/lib/gitlab/project_authorizations.rb index e2271b1492c..d65e8759ec9 100644 --- a/lib/gitlab/project_authorizations.rb +++ b/lib/gitlab/project_authorizations.rb @@ -68,12 +68,10 @@ module Gitlab .select([namespaces[:id], members[:access_level]]) .except(:order) - if Feature.enabled?(:share_group_with_group, default_enabled: true) - # Namespaces shared with any of the group - cte << Group.select([namespaces[:id], 'group_group_links.group_access AS access_level']) - .joins(join_group_group_links) - .joins(join_members_on_group_group_links) - end + # Namespaces shared with any of the group + cte << Group.select([namespaces[:id], 'group_group_links.group_access AS access_level']) + .joins(join_group_group_links) + .joins(join_members_on_group_group_links) # Sub groups of any groups the user is a member of. cte << Group.select([ @@ -114,6 +112,8 @@ module Gitlab members = Member.arel_table cond = group_group_links[:shared_with_group_id].eq(members[:source_id]) + .and(members[:source_type].eq('Namespace')) + .and(members[:requested_at].eq(nil)) .and(members[:user_id].eq(user.id)) Arel::Nodes::InnerJoin.new(members, Arel::Nodes::On.new(cond)) end |