1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
# frozen_string_literal: true
module Users
class DeactivateService < BaseService
def initialize(current_user, skip_authorization: false)
@current_user = current_user
@skip_authorization = skip_authorization
end
def execute(user)
unless allowed?
return ::ServiceResponse.error(message: _('You are not authorized to perform this action'),
reason: :forbidden)
end
if user.blocked?
return ::ServiceResponse.error(message: _('Error occurred. A blocked user cannot be deactivated'),
reason: :forbidden)
end
if user.internal?
return ::ServiceResponse.error(message: _('Internal users cannot be deactivated'),
reason: :forbidden)
end
return ::ServiceResponse.success(message: _('User has already been deactivated')) if user.deactivated?
unless user.can_be_deactivated?
message = _(
'The user you are trying to deactivate has been active in the past %{minimum_inactive_days} days ' \
'and cannot be deactivated')
deactivation_error_message = format(message,
minimum_inactive_days: Gitlab::CurrentSettings.deactivate_dormant_users_period)
return ::ServiceResponse.error(message: deactivation_error_message, reason: :forbidden)
end
unless user.deactivate
return ::ServiceResponse.error(message: user.errors.full_messages.to_sentence,
reason: :bad_request)
end
log_event(user)
::ServiceResponse.success
end
private
attr_reader :current_user
def allowed?
return true if @skip_authorization
can?(current_user, :admin_all_resources)
end
def log_event(user)
Gitlab::AppLogger.info(
message: 'User deactivated',
username: user.username.to_s,
user_id: user.id,
email: user.email.to_s,
deactivated_by: current_user.username.to_s,
ip_address: current_user.current_sign_in_ip.to_s
)
end
end
end
Users::DeactivateService.prepend_mod_with('Users::DeactivateService')
|
