users_controller.rb 5.83 KB
Newer Older
1
class Admin::UsersController < Admin::ApplicationController
2
  before_action :user, except: [:index, :new, :create]
3

gitlabhq's avatar
gitlabhq committed
4
  def index
5
    @users = User.order_name_asc.filter(params[:filter])
6
    @users = @users.search_with_secondary_emails(params[:search_query]) if params[:search_query].present?
7
    @users = @users.sort_by_attribute(@sort = params[:sort])
8
    @users = @users.page(params[:page])
gitlabhq's avatar
gitlabhq committed
9 10 11
  end

  def show
12 13 14
  end

  def projects
15 16
    @personal_projects = user.personal_projects
    @joined_projects = user.projects.joined(@user)
17 18 19
  end

  def keys
20
    @keys = user.keys.order_id_desc
gitlabhq's avatar
gitlabhq committed
21 22 23
  end

  def new
24
    @user = User.new
gitlabhq's avatar
gitlabhq committed
25 26 27
  end

  def edit
28
    user
gitlabhq's avatar
gitlabhq committed
29 30
  end

31
  def impersonate
32
    if can?(user, :log_in)
33 34 35 36
      session[:impersonator_id] = current_user.id

      warden.set_user(user, scope: :user)

37 38
      Gitlab::AppLogger.info("User #{current_user.username} has started impersonating #{user.username}")

39 40 41
      flash[:alert] = "You are now impersonating #{user.username}"

      redirect_to root_path
42 43 44 45 46 47 48 49 50 51 52
    else
      flash[:alert] =
        if user.blocked?
          "You cannot impersonate a blocked user"
        elsif user.internal?
          "You cannot impersonate an internal user"
        else
          "You cannot impersonate a user who cannot log in"
        end

      redirect_to admin_user_path(user)
53 54 55
    end
  end

56
  def block
57
    if update_user { |user| user.block }
58
      redirect_back_or_admin_user(notice: "Successfully blocked")
59
    else
60
      redirect_back_or_admin_user(alert: "Error occurred. User was not blocked")
61 62 63
    end
  end

64
  def unblock
65 66
    if user.ldap_blocked?
      redirect_back_or_admin_user(alert: "This user cannot be unlocked manually from GitLab")
67
    elsif update_user { |user| user.activate }
68
      redirect_back_or_admin_user(notice: "Successfully unblocked")
69
    else
70
      redirect_back_or_admin_user(alert: "Error occurred. User was not unblocked")
71 72 73
    end
  end

74
  def unlock
75
    if update_user { |user| user.unlock_access! }
76
      redirect_back_or_admin_user(alert: "Successfully unlocked")
77
    else
78
      redirect_back_or_admin_user(alert: "Error occurred. User was not unlocked")
79 80 81
    end
  end

82
  def confirm
83
    if update_user { |user| user.confirm }
84
      redirect_back_or_admin_user(notice: "Successfully confirmed")
85
    else
86
      redirect_back_or_admin_user(alert: "Error occurred. User was not confirmed")
87 88 89
    end
  end

90
  def disable_two_factor
91 92
    update_user { |user| user.disable_two_factor! }

93 94 95 96
    redirect_to admin_user_path(user),
      notice: 'Two-factor Authentication has been disabled for this user'
  end

gitlabhq's avatar
gitlabhq committed
97
  def create
98
    opts = {
99 100
      reset_password: true,
      skip_confirmation: true
101 102
    }

103
    @user = Users::CreateService.new(current_user, user_params.merge(opts)).execute
gitlabhq's avatar
gitlabhq committed
104 105

    respond_to do |format|
106
      if @user.persisted?
107 108
        format.html { redirect_to [:admin, @user], notice: 'User was successfully created.' }
        format.json { render json: @user, status: :created, location: @user }
gitlabhq's avatar
gitlabhq committed
109
      else
110
        format.html { render "new" }
111
        format.json { render json: @user.errors, status: :unprocessable_entity }
gitlabhq's avatar
gitlabhq committed
112 113 114 115 116
      end
    end
  end

  def update
117 118
    user_params_with_pass = user_params.dup

119
    if params[:user][:password].present?
120
      password_params = {
121
        password: params[:user][:password],
122 123 124 125 126 127
        password_confirmation: params[:user][:password_confirmation]
      }

      password_params[:password_expires_at] = Time.now unless changing_own_password?

      user_params_with_pass.merge!(password_params)
128
    end
gitlabhq's avatar
gitlabhq committed
129 130

    respond_to do |format|
131
      result = Users::UpdateService.new(current_user, user_params_with_pass.merge(user: user)).execute do |user|
132 133
        user.skip_reconfirmation!
      end
James Lopez's avatar
James Lopez committed
134

135
      if result[:status] == :success
136
        format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
gitlabhq's avatar
gitlabhq committed
137 138
        format.json { head :ok }
      else
139
        # restore username to keep form action url.
140
        user.username = params[:id]
141
        format.html { render "edit" }
James Lopez's avatar
James Lopez committed
142
        format.json { render json: [result[:message]], status: result[:status] }
gitlabhq's avatar
gitlabhq committed
143 144 145 146 147
      end
    end
  end

  def destroy
148
    user.delete_async(deleted_by: current_user, params: params.permit(:hard_delete))
gitlabhq's avatar
gitlabhq committed
149 150

    respond_to do |format|
151
      format.html { redirect_to admin_users_path, status: 302, notice: "The user is being deleted." }
gitlabhq's avatar
gitlabhq committed
152 153 154
      format.json { head :ok }
    end
  end
155

156 157
  def remove_email
    email = user.emails.find(params[:email_id])
158
    success = Emails::DestroyService.new(current_user, user: user).execute(email)
159

James Lopez's avatar
James Lopez committed
160
    respond_to do |format|
161
      if success
James Lopez's avatar
James Lopez committed
162
        format.html { redirect_back_or_admin_user(notice: 'Successfully removed email.') }
James Lopez's avatar
James Lopez committed
163 164
        format.json { head :ok }
      else
James Lopez's avatar
James Lopez committed
165
        format.html { redirect_back_or_admin_user(alert: 'There was an error removing the e-mail.') }
Lin Jen-Shin's avatar
Lin Jen-Shin committed
166
        format.json { render json: 'There was an error removing the e-mail.', status: :bad_request }
James Lopez's avatar
James Lopez committed
167
      end
168 169 170
    end
  end

171 172
  protected

173 174 175 176
  def changing_own_password?
    user == current_user
  end

177
  def user
skv's avatar
skv committed
178
    @user ||= User.find_by!(username: params[:id])
179
  end
180

181 182 183 184 185 186 187
  def redirect_back_or_admin_user(options = {})
    redirect_back_or_default(default: default_route, options: options)
  end

  def default_route
    [:admin, @user]
  end
188 189

  def user_params
Lin Jen-Shin's avatar
Lin Jen-Shin committed
190
    params.require(:user).permit(allowed_user_params)
191 192
  end

Lin Jen-Shin's avatar
Lin Jen-Shin committed
193
  def allowed_user_params
194
    [
195
      :access_level,
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
      :avatar,
      :bio,
      :can_create_group,
      :color_scheme_id,
      :email,
      :extern_uid,
      :external,
      :force_random_password,
      :hide_no_password,
      :hide_no_ssh_key,
      :key_id,
      :linkedin,
      :name,
      :password_expires_at,
      :projects_limit,
      :provider,
      :remember_me,
      :skype,
214
      :theme_id,
215 216 217 218 219
      :twitter,
      :username,
      :website_url
    ]
  end
220

221
  def update_user(&block)
222
    result = Users::UpdateService.new(current_user, user: user).execute(&block)
223 224 225

    result[:status] == :success
  end
gitlabhq's avatar
gitlabhq committed
226
end