1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# frozen_string_literal: true
module HasUserType
extend ActiveSupport::Concern
USER_TYPES = {
human: 0,
support_bot: 1,
alert_bot: 2,
visual_review_bot: 3,
service_user: 4,
ghost: 5,
project_bot: 6,
migration_bot: 7,
security_bot: 8,
automation_bot: 9,
security_policy_bot: 10, # Currently not in use. See https://gitlab.com/gitlab-org/gitlab/-/issues/384174
admin_bot: 11,
suggested_reviewers_bot: 12,
service_account: 13,
llm_bot: 14
}.with_indifferent_access.freeze
BOT_USER_TYPES = %w[
alert_bot
project_bot
support_bot
visual_review_bot
migration_bot
security_bot
automation_bot
security_policy_bot
admin_bot
suggested_reviewers_bot
service_account
llm_bot
].freeze
# `service_account` allows instance/namespaces to configure a user for external integrations/automations
# `service_user` is an internal, `gitlab-com`-specific user type for integrations like suggested reviewers
NON_INTERNAL_USER_TYPES = %w[human project_bot service_user service_account].freeze
INTERNAL_USER_TYPES = (USER_TYPES.keys - NON_INTERNAL_USER_TYPES).freeze
included do
enum user_type: USER_TYPES
scope :bots, -> { where(user_type: BOT_USER_TYPES) }
scope :without_bots, -> { where(user_type: USER_TYPES.keys - BOT_USER_TYPES) }
scope :non_internal, -> { where(user_type: NON_INTERNAL_USER_TYPES) }
scope :without_ghosts, -> { where(user_type: USER_TYPES.keys - ['ghost']) }
scope :without_project_bot, -> { where(user_type: USER_TYPES.keys - ['project_bot']) }
scope :human_or_service_user, -> { where(user_type: %i[human service_user]) }
validates :user_type, presence: true
end
def bot?
BOT_USER_TYPES.include?(user_type)
end
def internal?
INTERNAL_USER_TYPES.include?(user_type)
end
def redacted_name(viewing_user)
return self.name unless self.project_bot?
return self.name if self.groups.any? && viewing_user&.can?(:read_group, self.groups.first)
return self.name if viewing_user&.can?(:read_project, self.projects.first)
# If the requester does not have permission to read the project bot name,
# the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
# https://gitlab.com/gitlab-org/gitlab/-/issues/346058
'****'
end
end
|