BigW Consortium Gitlab

user.rb 24 KB
Newer Older
1 2 3 4
# == Schema Information
#
# Table name: users
#
Stan Hu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
#  id                         :integer          not null, primary key
#  email                      :string(255)      default(""), not null
#  encrypted_password         :string(255)      default(""), not null
#  reset_password_token       :string(255)
#  reset_password_sent_at     :datetime
#  remember_created_at        :datetime
#  sign_in_count              :integer          default(0)
#  current_sign_in_at         :datetime
#  last_sign_in_at            :datetime
#  current_sign_in_ip         :string(255)
#  last_sign_in_ip            :string(255)
#  created_at                 :datetime
#  updated_at                 :datetime
#  name                       :string(255)
#  admin                      :boolean          default(FALSE), not null
#  projects_limit             :integer          default(10)
#  skype                      :string(255)      default(""), not null
#  linkedin                   :string(255)      default(""), not null
#  twitter                    :string(255)      default(""), not null
#  authentication_token       :string(255)
#  theme_id                   :integer          default(1), not null
#  bio                        :string(255)
#  failed_attempts            :integer          default(0)
#  locked_at                  :datetime
#  username                   :string(255)
#  can_create_group           :boolean          default(TRUE), not null
#  can_create_team            :boolean          default(TRUE), not null
#  state                      :string(255)
#  color_scheme_id            :integer          default(1), not null
#  notification_level         :integer          default(1), not null
#  password_expires_at        :datetime
#  created_by_id              :integer
#  last_credential_check_at   :datetime
#  avatar                     :string(255)
#  confirmation_token         :string(255)
#  confirmed_at               :datetime
#  confirmation_sent_at       :datetime
#  unconfirmed_email          :string(255)
#  hide_no_ssh_key            :boolean          default(FALSE)
#  website_url                :string(255)      default(""), not null
#  notification_email         :string(255)
#  hide_no_password           :boolean          default(FALSE)
#  password_automatically_set :boolean          default(FALSE)
#  location                   :string(255)
#  encrypted_otp_secret       :string(255)
#  encrypted_otp_secret_iv    :string(255)
#  encrypted_otp_secret_salt  :string(255)
#  otp_required_for_login     :boolean          default(FALSE), not null
#  otp_backup_codes           :text
#  public_email               :string(255)      default(""), not null
#  dashboard                  :integer          default(0)
#  project_view               :integer          default(0)
Dmitriy Zaporozhets committed
57
#  consumed_timestep          :integer
58
#  layout                     :integer          default(0)
59 60
#

61 62 63
require 'carrierwave/orm/activerecord'
require 'file_size_validator'

gitlabhq committed
64
class User < ActiveRecord::Base
65
  extend Gitlab::ConfigHelper
66 67

  include Gitlab::ConfigHelper
68
  include Gitlab::CurrentSettings
69 70 71
  include Referable
  include Sortable
  include TokenAuthenticatable
72
  include CaseSensitivity
73

74
  default_value_for :admin, false
75
  default_value_for :can_create_group, gitlab_config.default_can_create_group
76 77
  default_value_for :can_create_team, false
  default_value_for :hide_no_ssh_key, false
78
  default_value_for :hide_no_password, false
79
  default_value_for :theme_id, gitlab_config.default_theme
80

81 82
  devise :two_factor_authenticatable,
         otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
83
  alias_attribute :two_factor_enabled, :otp_required_for_login
84

85
  devise :two_factor_backupable, otp_number_of_backup_codes: 10
86 87
  serialize :otp_backup_codes, JSON

88 89
  devise :lockable, :async, :recoverable, :rememberable, :trackable,
    :validatable, :omniauthable, :confirmable, :registerable
gitlabhq committed
90

91
  attr_accessor :force_random_password
gitlabhq committed
92

93 94 95
  # Virtual attribute for authenticating by either username or email
  attr_accessor :login

96 97 98 99
  #
  # Relations
  #

100
  # Namespace for personal projects
101
  has_one :namespace, -> { where type: nil }, dependent: :destroy, foreign_key: :owner_id, class_name: "Namespace"
102 103 104

  # Profile
  has_many :keys, dependent: :destroy
105
  has_many :emails, dependent: :destroy
106
  has_many :identities, dependent: :destroy, autosave: true
107 108

  # Groups
109 110 111 112
  has_many :members, dependent: :destroy
  has_many :project_members, source: 'ProjectMember'
  has_many :group_members, source: 'GroupMember'
  has_many :groups, through: :group_members
113 114
  has_many :owned_groups, -> { where members: { access_level: Gitlab::Access::OWNER } }, through: :group_members, source: :group
  has_many :masters_groups, -> { where members: { access_level: Gitlab::Access::MASTER } }, through: :group_members, source: :group
115

116
  # Projects
117 118
  has_many :groups_projects,          through: :groups, source: :projects
  has_many :personal_projects,        through: :namespace, source: :projects
119
  has_many :projects,                 through: :project_members
120
  has_many :created_projects,         foreign_key: :creator_id, class_name: 'Project'
Ciro Santilli committed
121 122
  has_many :users_star_projects, dependent: :destroy
  has_many :starred_projects, through: :users_star_projects, source: :project
123

124
  has_many :snippets,                 dependent: :destroy, foreign_key: :author_id, class_name: "Snippet"
125
  has_many :project_members,          dependent: :destroy, class_name: 'ProjectMember'
126 127 128 129
  has_many :issues,                   dependent: :destroy, foreign_key: :author_id
  has_many :notes,                    dependent: :destroy, foreign_key: :author_id
  has_many :merge_requests,           dependent: :destroy, foreign_key: :author_id
  has_many :events,                   dependent: :destroy, foreign_key: :author_id,   class_name: "Event"
130
  has_many :subscriptions,            dependent: :destroy
131
  has_many :recent_events, -> { order "id DESC" }, foreign_key: :author_id,   class_name: "Event"
132 133
  has_many :assigned_issues,          dependent: :destroy, foreign_key: :assignee_id, class_name: "Issue"
  has_many :assigned_merge_requests,  dependent: :destroy, foreign_key: :assignee_id, class_name: "MergeRequest"
Valery Sizov committed
134
  has_many :oauth_applications, class_name: 'Doorkeeper::Application', as: :owner, dependent: :destroy
135
  has_one  :abuse_report,             dependent: :destroy
136
  has_many :ci_builds,                dependent: :nullify, class_name: 'Ci::Build'
137

138

139 140 141
  #
  # Validations
  #
Cyril committed
142
  validates :name, presence: true
143
  # Note that a 'uniqueness' and presence check is provided by devise :validatable for email. We do not need to
144
  # duplicate that here as the validation framework will have duplicate errors in the event of a failure.
145
  validates :email, presence: true, email: { strict_mode: true }
146
  validates :notification_email, presence: true, email: { strict_mode: true }
147
  validates :public_email, presence: true, email: { strict_mode: true }, allow_blank: true, uniqueness: true
148
  validates :bio, length: { maximum: 255 }, allow_blank: true
149
  validates :projects_limit, presence: true, numericality: { greater_than_or_equal_to: 0 }
150 151 152 153
  validates :username,
    presence: true,
    uniqueness: { case_sensitive: false },
    exclusion: { in: Gitlab::Blacklist.path },
154 155
    format: { with: Gitlab::Regex.namespace_regex,
              message: Gitlab::Regex.namespace_regex_message }
156

Andrey Kumanyaev committed
157
  validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true
158
  validate :namespace_uniq, if: ->(user) { user.username_changed? }
159
  validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
160
  validate :unique_email, if: ->(user) { user.email_changed? }
161
  validate :owns_notification_email, if: ->(user) { user.notification_email_changed? }
162
  validate :owns_public_email, if: ->(user) { user.public_email_changed? }
163
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
164

165
  before_validation :generate_password, on: :create
166
  before_validation :restricted_signup_domains, on: :create
167
  before_validation :sanitize_attrs
168
  before_validation :set_notification_email, if: ->(user) { user.email_changed? }
169
  before_validation :set_public_email, if: ->(user) { user.public_email_changed? }
170

171
  after_update :update_emails_with_primary_email, if: ->(user) { user.email_changed? }
172
  before_save :ensure_authentication_token
173
  after_save :ensure_namespace_correct
174
  after_initialize :set_projects_limit
175 176 177
  after_create :post_create_hook
  after_destroy :post_destroy_hook

178
  # User's Layout preference
179
  enum layout: [:fixed, :fluid]
180

181 182
  # User's Dashboard preference
  # Note: When adding an option, it MUST go on the end of the array.
183
  enum dashboard: [:projects, :stars, :project_activity, :starred_project_activity]
184

185 186
  # User's Project preference
  # Note: When adding an option, it MUST go on the end of the array.
187
  enum project_view: [:readme, :activity, :files]
188

189
  alias_attribute :private_token, :authentication_token
190

191
  delegate :path, to: :namespace, allow_nil: true, prefix: true
192

193 194 195 196 197 198 199 200 201 202
  state_machine :state, initial: :active do
    event :block do
      transition active: :blocked
    end

    event :activate do
      transition blocked: :active
    end
  end

203
  mount_uploader :avatar, AvatarUploader
204

Andrey Kumanyaev committed
205
  # Scopes
206
  scope :admins, -> { where(admin: true) }
207 208
  scope :blocked, -> { with_state(:blocked) }
  scope :active, -> { with_state(:active) }
skv committed
209
  scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
210
  scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
211 212
  scope :with_two_factor,    -> { where(two_factor_enabled: true) }
  scope :without_two_factor, -> { where(two_factor_enabled: false) }
Andrey Kumanyaev committed
213

214 215 216
  #
  # Class methods
  #
Andrey Kumanyaev committed
217
  class << self
218
    # Devise method overridden to allow sign in with email or username
219 220 221 222 223 224 225 226
    def find_for_database_authentication(warden_conditions)
      conditions = warden_conditions.dup
      if login = conditions.delete(:login)
        where(conditions).where(["lower(username) = :value OR lower(email) = :value", { value: login.downcase }]).first
      else
        where(conditions).first
      end
    end
227

Valery Sizov committed
228 229
    def sort(method)
      case method.to_s
230 231 232 233
      when 'recent_sign_in' then reorder(last_sign_in_at: :desc)
      when 'oldest_sign_in' then reorder(last_sign_in_at: :asc)
      else
        order_by(method)
Valery Sizov committed
234 235 236
      end
    end

237 238
    # Find a User by their primary email or any associated secondary email
    def find_by_any_email(email)
239 240 241 242 243 244 245
      sql = 'SELECT *
      FROM users
      WHERE id IN (
        SELECT id FROM users WHERE email = :email
        UNION
        SELECT emails.user_id FROM emails WHERE email = :email
      )
246 247 248
      LIMIT 1;'

      User.find_by_sql([sql, { email: email }]).first
249
    end
250

251
    def filter(filter_name)
Andrey Kumanyaev committed
252
      case filter_name
253 254 255 256 257 258 259 260 261 262
      when 'admins'
        self.admins
      when 'blocked'
        self.blocked
      when 'two_factor_disabled'
        self.without_two_factor
      when 'two_factor_enabled'
        self.with_two_factor
      when 'wop'
        self.without_projects
Andrey Kumanyaev committed
263 264 265
      else
        self.active
      end
266 267
    end

268
    def search(query)
269
      where("lower(name) LIKE :query OR lower(email) LIKE :query OR lower(username) LIKE :query", query: "%#{query.downcase}%")
Andrey Kumanyaev committed
270
    end
271

272
    def by_login(login)
273 274 275 276 277 278 279
      return nil unless login

      if login.include?('@'.freeze)
        unscoped.iwhere(email: login).take
      else
        unscoped.iwhere(username: login).take
      end
280 281
    end

282 283 284 285
    def find_by_username!(username)
      find_by!('lower(username) = ?', username.downcase)
    end

286
    def by_username_or_id(name_or_id)
287
      where('users.username = ? OR users.id = ?', name_or_id.to_s, name_or_id.to_i).first
288
    end
289

290 291
    def build_user(attrs = {})
      User.new(attrs)
292
    end
293 294 295 296

    def reference_prefix
      '@'
    end
297 298 299 300 301 302 303 304

    # Pattern used to extract `@user` user references from text
    def reference_pattern
      %r{
        #{Regexp.escape(reference_prefix)}
        (?<user>#{Gitlab::Regex::NAMESPACE_REGEX_STR})
      }x
    end
vsizov committed
305
  end
randx committed
306

307 308 309
  #
  # Instance methods
  #
310 311 312 313 314

  def to_param
    username
  end

315 316 317 318
  def to_reference(_from_project = nil)
    "#{self.class.reference_prefix}#{username}"
  end

319 320 321 322
  def notification
    @notification ||= Notification.new(self)
  end

Andrey Kumanyaev committed
323 324 325 326
  def generate_password
    if self.force_random_password
      self.password = self.password_confirmation = Devise.friendly_token.first(8)
    end
randx committed
327
  end
328

329
  def generate_reset_token
330
    @reset_token, enc = Devise.token_generator.generate(self.class, :reset_password_token)
331 332 333 334

    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc

335
    @reset_token
336 337
  end

338 339 340 341
  def recently_sent_password_reset?
    reset_password_sent_at.present? && reset_password_sent_at >= 1.minute.ago
  end

342 343 344 345 346 347 348 349 350 351
  def disable_two_factor!
    update_attributes(
      two_factor_enabled:        false,
      encrypted_otp_secret:      nil,
      encrypted_otp_secret_iv:   nil,
      encrypted_otp_secret_salt: nil,
      otp_backup_codes:          nil
    )
  end

352 353
  def namespace_uniq
    namespace_name = self.username
354 355
    existing_namespace = Namespace.by_path(namespace_name)
    if existing_namespace && existing_namespace != self.namespace
356
      self.errors.add :username, "already exists"
357 358
    end
  end
359

360 361 362 363 364 365
  def avatar_type
    unless self.avatar.image?
      self.errors.add :avatar, "only images allowed"
    end
  end

366
  def unique_email
367 368 369
    if !self.emails.exists?(email: self.email) && Email.exists?(email: self.email)
      self.errors.add(:email, 'has already been taken')
    end
370 371
  end

372 373 374 375
  def owns_notification_email
    self.errors.add(:notification_email, "is not an email you own") unless self.all_emails.include?(self.notification_email)
  end

376
  def owns_public_email
377 378
    return if self.public_email.blank?

379 380 381 382 383 384 385 386
    self.errors.add(:public_email, "is not an email you own") unless self.all_emails.include?(self.public_email)
  end

  def update_emails_with_primary_email
    primary_email_record = self.emails.find_by(email: self.email)
    if primary_email_record
      primary_email_record.destroy
      self.emails.create(email: self.email_was)
387

388 389 390 391
      self.update_secondary_emails!
    end
  end

392 393
  # Returns the groups a user has access to
  def authorized_groups
394
    union = Gitlab::SQL::Union.
395
      new([groups.select(:id), authorized_projects.select(:namespace_id)])
396

397
    Group.where("namespaces.id IN (#{union.to_sql})")
398 399
  end

400
  # Returns the groups a user is authorized to access.
401 402
  def authorized_projects
    Project.where("projects.id IN (#{projects_union.to_sql})")
403 404
  end

405
  def owned_projects
406
    @owned_projects ||=
407 408
      Project.where('namespace_id IN (?) OR namespace_id = ?',
                    owned_groups.select(:id), namespace.id).joins(:namespace)
409 410
  end

411 412
  # Team membership in authorized projects
  def tm_in_authorized_projects
413
    ProjectMember.where(source_id: authorized_projects.map(&:id), user_id: self.id)
414
  end
Dmitriy Zaporozhets committed
415 416 417 418 419 420 421 422 423

  def is_admin?
    admin
  end

  def require_ssh_key?
    keys.count == 0
  end

424 425 426 427
  def require_password?
    password_automatically_set? && !ldap_user?
  end

428
  def can_change_username?
429
    gitlab_config.username_changing_enabled
430 431
  end

Dmitriy Zaporozhets committed
432
  def can_create_project?
433
    projects_limit_left > 0
Dmitriy Zaporozhets committed
434 435 436
  end

  def can_create_group?
437
    can?(:create_group, nil)
Dmitriy Zaporozhets committed
438 439 440
  end

  def abilities
Ciro Santilli committed
441
    Ability.abilities
Dmitriy Zaporozhets committed
442 443
  end

444 445 446 447
  def can_select_namespace?
    several_namespaces? || admin
  end

448
  def can?(action, subject)
Dmitriy Zaporozhets committed
449 450 451 452 453 454 455 456
    abilities.allowed?(self, action, subject)
  end

  def first_name
    name.split.first unless name.blank?
  end

  def cared_merge_requests
457
    MergeRequest.cared(self)
Dmitriy Zaporozhets committed
458 459
  end

460
  def projects_limit_left
461
    projects_limit - personal_projects.count
462 463
  end

Dmitriy Zaporozhets committed
464 465
  def projects_limit_percent
    return 100 if projects_limit.zero?
466
    (personal_projects.count.to_f / projects_limit) * 100
Dmitriy Zaporozhets committed
467 468
  end

469
  def recent_push(project_id = nil)
Dmitriy Zaporozhets committed
470 471 472 473
    # Get push events not earlier than 2 hours ago
    events = recent_events.code_push.where("created_at > ?", Time.now - 2.hours)
    events = events.where(project_id: project_id) if project_id

474 475 476 477 478 479 480 481 482 483 484 485 486
    # Use the latest event that has not been pushed or merged recently
    events.recent.find do |event|
      project = Project.find_by_id(event.project_id)
      next unless project
      repo = project.repository

      if repo.branch_names.include?(event.branch_name)
        merge_requests = MergeRequest.where("created_at >= ?", event.created_at).
            where(source_project_id: project.id,
                  source_branch: event.branch_name)
        merge_requests.empty?
      end
    end
Dmitriy Zaporozhets committed
487 488 489 490 491 492 493
  end

  def projects_sorted_by_activity
    authorized_projects.sorted_by_activity
  end

  def several_namespaces?
494
    owned_groups.any? || masters_groups.any?
Dmitriy Zaporozhets committed
495 496 497 498 499
  end

  def namespace_id
    namespace.try :id
  end
500

501 502 503
  def name_with_username
    "#{name} (#{username})"
  end
504 505

  def tm_of(project)
506
    project.project_member_by_id(self.id)
507
  end
508

509
  def already_forked?(project)
510 511 512
    !!fork_of(project)
  end

513
  def fork_of(project)
514 515 516 517 518 519 520 521
    links = ForkedProjectLink.where(forked_from_project_id: project, forked_to_project_id: personal_projects)

    if links.any?
      links.first.forked_to_project
    else
      nil
    end
  end
522 523

  def ldap_user?
524 525 526 527 528
    identities.exists?(["provider LIKE ? AND extern_uid IS NOT NULL", "ldap%"])
  end

  def ldap_identity
    @ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"])
529
  end
530

531
  def project_deploy_keys
532
    DeployKey.unscoped.in_projects(self.authorized_projects.pluck(:id)).distinct(:id)
533 534
  end

535
  def accessible_deploy_keys
536 537 538 539 540
    @accessible_deploy_keys ||= begin
      key_ids = project_deploy_keys.pluck(:id)
      key_ids.push(*DeployKey.are_public.pluck(:id))
      DeployKey.where(id: key_ids)
    end
541
  end
542 543

  def created_by
skv committed
544
    User.find_by(id: created_by_id) if created_by_id
545
  end
546 547

  def sanitize_attrs
548
    %w(name username skype linkedin twitter).each do |attr|
549 550 551 552
      value = self.send(attr)
      self.send("#{attr}=", Sanitize.clean(value)) if value.present?
    end
  end
553

554 555
  def set_notification_email
    if self.notification_email.blank? || !self.all_emails.include?(self.notification_email)
556
      self.notification_email = self.email
557 558 559
    end
  end

560 561
  def set_public_email
    if self.public_email.blank? || !self.all_emails.include?(self.public_email)
562
      self.public_email = ''
563 564 565
    end
  end

566 567 568 569 570 571
  def update_secondary_emails!
    self.set_notification_email
    self.set_public_email
    self.save if self.notification_email_changed? || self.public_email_changed?
  end

572 573 574 575 576 577 578
  def set_projects_limit
    connection_default_value_defined = new_record? && !projects_limit_changed?
    return unless self.projects_limit.nil? || connection_default_value_defined

    self.projects_limit = current_application_settings.default_projects_limit
  end

579
  def requires_ldap_check?
580 581 582
    if !Gitlab.config.ldap.enabled
      false
    elsif ldap_user?
583 584 585 586 587 588
      !last_credential_check_at || (last_credential_check_at + 1.hour) < Time.now
    else
      false
    end
  end

589 590 591 592 593
  def solo_owned_groups
    @solo_owned_groups ||= owned_groups.select do |group|
      group.owners == [self]
    end
  end
594 595

  def with_defaults
596 597
    User.defaults.each do |k, v|
      self.send("#{k}=", v)
598
    end
599 600

    self
601
  end
602

603 604 605 606
  def can_leave_project?(project)
    project.namespace != namespace &&
      project.project_member(self)
  end
607 608 609 610 611 612 613 614 615 616 617 618 619 620

  # Reset project events cache related to this user
  #
  # Since we do cache @event we need to reset cache in special cases:
  # * when the user changes their avatar
  # Events cache stored like  events/23-20130109142513.
  # The cache key includes updated_at timestamp.
  # Thus it will automatically generate a new fragment
  # when the event is updated because the key changes.
  def reset_events_cache
    Event.where(author_id: self.id).
      order('id DESC').limit(1000).
      update_all(updated_at: Time.now)
  end
Jerome Dalbert committed
621 622

  def full_website_url
623
    return "http://#{website_url}" if website_url !~ /\Ahttps?:\/\//
Jerome Dalbert committed
624 625 626 627 628

    website_url
  end

  def short_website_url
629
    website_url.sub(/\Ahttps?:\/\//, '')
Jerome Dalbert committed
630
  end
GitLab committed
631

632
  def all_ssh_keys
633
    keys.map(&:publishable_key)
634
  end
635 636

  def temp_oauth_email?
637
    email.start_with?('temp-email-for-oauth')
638 639
  end

640 641
  def avatar_url(size = nil)
    if avatar.present?
642
      [gitlab_config.url, avatar.url].join
643
    else
644
      GravatarService.new.execute(email, size)
645 646
    end
  end
647

648 649 650 651
  def all_emails
    [self.email, *self.emails.map(&:email)]
  end

Kirill Zaitsev committed
652 653 654 655 656 657 658 659
  def hook_attrs
    {
      name: name,
      username: username,
      avatar_url: avatar_url
    }
  end

660 661 662 663 664 665 666 667 668 669 670
  def ensure_namespace_correct
    # Ensure user has namespace
    self.create_namespace!(path: self.username, name: self.username) unless self.namespace

    if self.username_changed?
      self.namespace.update_attributes(path: self.username, name: self.username)
    end
  end

  def post_create_hook
    log_info("User \"#{self.name}\" (#{self.email}) was created")
671
    notification_service.new_user(self, @reset_token) if self.created_by_id
672 673 674 675 676 677 678 679
    system_hook_service.execute_hooks_for(self, :create)
  end

  def post_destroy_hook
    log_info("User \"#{self.name}\" (#{self.email})  was removed")
    system_hook_service.execute_hooks_for(self, :destroy)
  end

680
  def notification_service
681 682 683
    NotificationService.new
  end

684
  def log_info(message)
685 686 687 688 689 690
    Gitlab::AppLogger.info message
  end

  def system_hook_service
    SystemHooksService.new
  end
Ciro Santilli committed
691 692 693 694 695 696

  def starred?(project)
    starred_projects.exists?(project)
  end

  def toggle_star(project)
697 698 699 700 701 702 703 704 705
    UsersStarProject.transaction do
      user_star_project = users_star_projects.
          where(project: project, user: self).lock(true).first

      if user_star_project
        user_star_project.destroy
      else
        UsersStarProject.create!(project: project, user: self)
      end
Ciro Santilli committed
706 707
    end
  end
708 709

  def manageable_namespaces
710
    @manageable_namespaces ||= [namespace] + owned_groups + masters_groups
711
  end
712

713 714 715 716 717 718
  def namespaces
    namespace_ids = groups.pluck(:id)
    namespace_ids.push(namespace.id)
    Namespace.where(id: namespace_ids)
  end

719 720 721
  def oauth_authorized_tokens
    Doorkeeper::AccessToken.where(resource_owner_id: self.id, revoked_at: nil)
  end
722

723 724 725 726 727 728 729 730 731
  # Returns the projects a user contributed to in the last year.
  #
  # This method relies on a subquery as this performs significantly better
  # compared to a JOIN when coupled with, for example,
  # `Project.visible_to_user`. That is, consider the following code:
  #
  #     some_user.contributed_projects.visible_to_user(other_user)
  #
  # If this method were to use a JOIN the resulting query would take roughly 200
732
  # ms on a database with a similar size to GitLab.com's database. On the other
733 734 735 736
  # hand, using a subquery means we can get the exact same data in about 40 ms.
  def contributed_projects
    events = Event.select(:project_id).
      contributions.where(author_id: self).
737
      where("created_at > ?", Time.now - 1.year).
738
      uniq.
739 740 741
      reorder(nil)

    Project.where(id: events)
742
  end
743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765

  def restricted_signup_domains
    email_domains = current_application_settings.restricted_signup_domains

    unless email_domains.blank?
      match_found = email_domains.any? do |domain|
        escaped = Regexp.escape(domain).gsub('\*','.*?')
        regexp = Regexp.new "^#{escaped}$", Regexp::IGNORECASE
        email_domain = Mail::Address.new(self.email).domain
        email_domain =~ regexp
      end

      unless match_found
        self.errors.add :email,
                        'is not whitelisted. ' +
                        'Email domains valid for registration are: ' +
                        email_domains.join(', ')
        return false
      end
    end

    true
  end
766 767 768 769

  def can_be_removed?
    !solo_owned_groups.present?
  end
770 771

  def ci_authorized_runners
772 773
    @ci_authorized_runners ||= begin
      runner_ids = Ci::RunnerProject.joins(:project).
774
        where("ci_projects.gitlab_id IN (#{ci_projects_union.to_sql})").
775 776
        select(:runner_id)

777 778
      Ci::Runner.specific.where(id: runner_ids)
    end
779
  end
780 781 782 783 784 785 786 787

  private

  def projects_union
    Gitlab::SQL::Union.new([personal_projects.select(:id),
                            groups_projects.select(:id),
                            projects.select(:id)])
  end
788 789 790 791 792 793 794 795 796

  def ci_projects_union
    scope  = { access_level: [Gitlab::Access::MASTER, Gitlab::Access::OWNER] }
    groups = groups_projects.where(members: scope)
    other  = projects.where(members: scope)

    Gitlab::SQL::Union.new([personal_projects.select(:id), groups.select(:id),
                            other.select(:id)])
  end
gitlabhq committed
797
end