Class: UsersController

Inherits:
ApplicationController show all
Includes:
ControllerWithCrossProjectAccessCheck, Gitlab::NoteableMetadata, InternalRedirect, RendersMemberAccess, RendersProjectsList, RoutableActions, SafeFormatHelper
Defined in:
app/controllers/users_controller.rb

Constant Summary collapse

FOLLOWERS_FOLLOWING_USERS_PER_PAGE = 
21

Constants included from CookiesHelper

CookiesHelper::COOKIE_TYPE_ENCRYPTED, CookiesHelper::COOKIE_TYPE_PERMANENT

Constants included from Gitlab::HttpRouter::RuleContext

Gitlab::HttpRouter::RuleContext::ALLOWED_ROUTER_RULE_ACTIONS, Gitlab::HttpRouter::RuleContext::ALLOWED_ROUTER_RULE_TYPES, Gitlab::HttpRouter::RuleContext::ROUTER_RULE_ACTIONS_WITHOUT_TYPE

Constants included from StrongPaginationParams

StrongPaginationParams::PAGINATION_PARAMS

Constants included from Gitlab::Logging::JsonMetadataHelper

Gitlab::Logging::JsonMetadataHelper::JSON_METADATA_HEADERS

Constants included from Gitlab::Logging::CloudflareHelper

Gitlab::Logging::CloudflareHelper::CLOUDFLARE_CUSTOM_HEADERS

Constants included from Gitlab::EndpointAttributes

Gitlab::EndpointAttributes::DEFAULT_URGENCY

Constants included from Impersonation

Impersonation::SESSION_KEYS_TO_DELETE

Constants included from PreferredLanguageSwitcherHelper

PreferredLanguageSwitcherHelper::SWITCHER_MINIMUM_TRANSLATION_LEVEL

Constants included from Routing::PseudonymizationHelper

Routing::PseudonymizationHelper::PSEUDONOMIZED_GROUP, Routing::PseudonymizationHelper::PSEUDONOMIZED_ID, Routing::PseudonymizationHelper::PSEUDONOMIZED_NAMESPACE, Routing::PseudonymizationHelper::PSEUDONOMIZED_PROJECT, Routing::PseudonymizationHelper::PSEUDONOMIZED_USERNAME

Constants included from Gitlab::NoCacheHeaders

Gitlab::NoCacheHeaders::DEFAULT_GITLAB_NO_CACHE_HEADERS

Instance Method Summary collapse

Methods included from SafeFormatHelper

#safe_format, #tag_pair

Methods included from Gitlab::NoteableMetadata

#noteable_meta_data

Methods included from ControllerWithCrossProjectAccessCheck

#authorize_cross_project_page!, #cross_project_check

Methods included from RendersProjectsList

#preload_member_roles, #prepare_projects_for_rendering

Methods included from RendersMemberAccess

#prepare_groups_for_rendering

Methods included from RoutableActions

#ensure_canonical_path, #find_routable!, #not_found_actions, #perform_not_found_actions, #routable_authorized?

Methods included from InternalRedirect

#full_path_for_uri, #host_allowed?, #referer_path, #safe_redirect_path, #safe_redirect_path_for_url, #sanitize_redirect

Methods inherited from ApplicationController

#feature_category, #handle_unverified_request, #not_found, #redirect_back_or_default, #render, #route_not_found, #urgency

Methods included from CookiesHelper

#set_secure_cookie

Methods included from Gitlab::HttpRouter::RuleMetrics

#increment_http_router_metrics

Methods included from StrongPaginationParams

#pagination_params

Methods included from RequestPayloadLogger

#append_info_to_payload

Methods included from Gitlab::Logging::JsonMetadataHelper

#store_json_metadata_headers!

Methods included from Gitlab::Logging::CloudflareHelper

#store_cloudflare_headers!, #valid_cloudflare_header?

Methods included from CheckRateLimit

#check_rate_limit!

Methods included from FlocOptOut

#floc_enabled?, #set_floc_opt_out_header

Methods included from Impersonation

#current_user

Methods included from InitializesCurrentUserMode

#current_user_mode

Methods included from SessionsHelper

#fallback_to_email_otp_permitted?, #obfuscated_email, #passkey_authentication_data, #remember_me_enabled?, #render_email_otp_fallback_for_totp?, #session_expire_modal_data, #sign_in_form_app_data, #unconfirmed_email?, #verification_data, #webauthn_authentication_data

Methods included from VerifiesWithEmailHelper

#permitted_to_skip_email_otp_in_grace_period?, #treat_as_locked?, #trusted_ip_address?

Methods included from SessionlessAuthentication

#authenticate_sessionless_user!, #request_authenticator, #sessionless_bypass_admin_mode!, #sessionless_sign_in, #sessionless_user?

Methods included from PreferredLanguageSwitcherHelper

#ordered_selectable_locales

Methods included from Gitlab::SearchContext::ControllerConcern

#search_context

Methods included from EnforcesTwoFactorAuthentication

#check_two_factor_requirement, #current_user_requires_two_factor?, #execute_action_for_2fa_reason, #mfa_help_page_url, #skip_two_factor?, #two_factor_authentication_required?, #two_factor_grace_period, #two_factor_grace_period_expired?, #two_factor_skippable?, #two_factor_verifier

Methods included from WorkhorseHelper

#attachment_content_disposition, #content_disposition_for_blob, #inline_content_disposition, #send_artifacts_entry, #send_dependency, #send_git_archive, #send_git_blob, #send_git_diff, #send_git_patch, #set_workhorse_internal_api_content_type, #workhorse_set_content_type!

Methods included from SafeParamsHelper

#safe_params

Methods included from PageLayoutHelper

#blank_container, #container_class, #favicon, #fluid_layout, #full_content_class, #header_title, #nav, #page_canonical_link, #page_card_attributes, #page_card_meta_tags, #page_description, #page_image, #page_itemtype, #page_title, #search_context, #sidebar, #user_status_properties

Methods included from Routing::PackagesHelper

#package_path

Methods included from Routing::PseudonymizationHelper

#masked_page_url, #masked_query_params, #masked_referrer_url, #referrer_params

Methods included from Routing::GraphqlHelper

#graphql_etag_pipeline_path, #graphql_etag_pipeline_sha_path, #graphql_etag_project_on_demand_scan_counts_path

Methods included from Routing::WikiHelper

#group_wiki_page_url, #project_wiki_page_url, #wiki_page_path, #wiki_path

Methods included from Routing::SnippetsHelper

#gitlab_raw_snippet_blob_url, #gitlab_raw_snippet_url, #gitlab_snippet_note_path, #gitlab_snippet_notes_path, #gitlab_snippet_path, #gitlab_snippet_url, #gitlab_toggle_award_emoji_snippet_note_path, #preview_markdown_path, #toggle_award_emoji_personal_snippet_path, #toggle_award_emoji_project_project_snippet_path, #toggle_award_emoji_project_project_snippet_url

Methods included from Routing::PipelineSchedulesHelper

#edit_pipeline_schedule_path, #pipeline_schedule_path, #pipeline_schedules_path, #play_pipeline_schedule_path, #take_ownership_pipeline_schedule_path

Methods included from Routing::ArtifactsHelper

#artifacts_action_path, #expose_fast_artifacts_path, #fast_browse_project_job_artifacts_path, #fast_download_project_job_artifacts_path, #fast_keep_project_job_artifacts_path

Methods included from Routing::MembersHelper

#source_members_url

Methods included from Routing::Groups::MembersHelper

#approve_access_request_group_member_path, #group_member_path, #group_members_url, #leave_group_members_path, #request_access_group_members_path, #resend_invite_group_member_path

Methods included from Routing::Projects::MembersHelper

#approve_access_request_project_member_path, #leave_project_members_path, #project_member_path, #project_members_url, #request_access_project_members_path, #resend_invite_project_member_path

Methods included from Routing::ProjectsHelper

#commit_url, #commits_url, #edit_milestone_path, #environment_delete_path, #environment_path, #issue_path, #merge_request_path, #merge_request_url, #pipeline_job_url, #pipeline_path, #pipeline_url, #project_commits_path, #project_ref_path, #project_tree_path, #release_url, #toggle_subscription_path, #work_item_url

Methods included from API::Helpers::RelatedResourcesHelpers

#expose_path, #expose_url, #issues_available?, #mrs_available?, #project_feature_string_access_level

Methods included from ApplicationSettingsHelper

#all_protocols_enabled?, #allowed_protocols_present?, #anti_spam_service_enabled?, #custom_admin_roles_available?, #default_search_scope_options_for_select, #deletion_protection_data, #deprecated_attributes, #enabled_protocol, #enabled_protocol_button, #expanded_by_default?, #external_authorization_allow_token_help_text, #external_authorization_client_certificate_help_text, #external_authorization_client_key_help_text, #external_authorization_client_pass_help_text, #external_authorization_client_url_help_text, #external_authorization_description, #external_authorization_service_attributes, #external_authorization_timeout_help_text, #external_authorization_url_help_text, #global_search_settings_checkboxes, #http_enabled?, #import_sources_checkboxes, #instance_clusters_enabled?, #integration_expanded?, #key_restriction_options_for_select, #kroki_available_formats, #oauth_providers_checkboxes, #pending_user_count, #registration_features_can_be_prompted?, #repository_storages_options_json, #restricted_level_checkboxes, #runner_token_expiration_interval_attributes, #sidekiq_job_limiter_mode_help_text, #sidekiq_job_limiter_modes_for_select, #signup_enabled?, #signup_form_data, #ssh_enabled?, #storage_weights, #user_oauth_applications?, #valid_runner_registrars, #visible_attributes, #vscode_extension_marketplace_settings_description, #vscode_extension_marketplace_settings_view

Methods included from ProjectsHelper

#able_to_see_forks_count?, #able_to_see_issues?, #able_to_see_merge_requests?, #any_projects?, #archiving_available?, #author_content_tag, #autodeploy_flash_notice, #badge_count, #branch_rules_path, #can_admin_associated_clusters?, #can_change_visibility_level?, #can_disable_emails?, #can_push_code?, #can_set_diff_preview_in_email?, #can_view_branch_rules?, #clusters_deprecation_alert_message, #dashboard_projects_app_data, #delete_confirm_phrase, #directory?, #error_tracking_setting_project_json, #explore_projects_tab?, #external_classification_label_help_message, #fork_button_data_attributes, #hidden_issue_icon, #home_panel_data_attributes, #http_clone_url_to_repo, #import_from_bitbucket_message, #inactive_project_deletion_date, #issue_css_classes, #issue_manual_ordering_class, #last_pipeline_from_status_cache, #last_push_event, #link_to_autodeploy_doc, #link_to_data_loss_doc, #link_to_member, #link_to_member_avatar, #link_to_namespace_change_doc, #link_to_project, #load_catalog_resources, #load_pipeline_status, #localized_project_human_access, #membership_locked?, #no_password_message, #notification_data_attributes, #project_archive_settings_app_data, #project_can_be_shared?, #project_classes, #project_coverage_chart_data_attributes, #project_incident_management_setting, #project_license_name, #project_pages_domain_choices, #project_permissions_panel_data, #project_unarchive_settings_app_data, #projects_filtered_search_and_sort_app_data, #push_project_breadcrumbs, #push_to_create_project_command, #remote_mirror_setting_enabled?, #remove_fork_project_confirm_json, #remove_fork_project_description_message, #remove_fork_project_warning_message, #remove_project_message, #show_archived_badge?, #show_auto_devops_implicitly_enabled_banner?, #show_clusters_alert?, #show_count?, #show_dashboard_projects_welcome_page?, #show_inactive_project_deletion_banner?, #show_invalid_gpg_key_message?, #show_lfs_misconfiguration_banner?, #show_mobile_devops_project_promo?, #show_no_password_message?, #show_no_ssh_key_message?, #show_terraform_banner?, #show_xcode_link?, #ssh_clone_url_to_repo, #star_count_data_attributes, #transfer_project_confirm_button, #transfer_project_message, #visibility_level_content, #visible_fork_source, #vue_fork_divergence_data, #xcode_uri_to_repo

Methods included from Gitlab::Allowable

#can?, #can_all?, #can_any?

Methods included from CompareHelper

#create_mr_button?, #create_mr_path, #project_compare_selector_data, #target_projects

Methods included from Gitlab::NoCacheHeaders

#no_cache_headers

Methods included from Gitlab::GonHelper

#add_gon_feature_flags, #add_gon_user_specific, #add_gon_variables, #current_organization, #default_avatar_url, #push_application_setting, #push_force_frontend_feature_flag, #push_frontend_ability, #push_frontend_feature_flag, #push_namespace_setting, #push_to_gon_attributes

Methods included from Organizations::OrganizationHelper

#admin_organizations_index_app_data, #organization_activity_app_data, #organization_groups_and_projects_app_data, #organization_groups_edit_app_data, #organization_groups_new_app_data, #organization_index_app_data, #organization_layout_nav, #organization_new_app_data, #organization_projects_edit_app_data, #organization_settings_general_app_data, #organization_show_app_data, #organization_user_app_data, #ui_for_organizations_enabled?

Methods included from WebpackHelper

#prefetch_link_tag, #webpack_bundle_tag, #webpack_controller_bundle_tags, #webpack_entrypoint_paths, #webpack_preload_asset_tag, #webpack_public_host, #webpack_public_path

Methods included from ViteHelper

#universal_path_to_stylesheet, #universal_stylesheet_link_tag, #vite_enabled?, #vite_page_entrypoint_paths

Methods inherited from BaseActionController

#append_to_content_security_policy

Methods included from ContentSecurityPolicyPatch

#content_security_policy_with_context

Methods included from CurrentOrganization

#set_current_organization

Instance Method Details

#activityObject 



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'app/controllers/users_controller.rb', line 84

def activity
  respond_to do |format|
    format.html { render 'show' }

    format.json do
      load_events

      @is_personal_homepage = params[:is_personal_homepage].present? && Feature.enabled?(:personal_homepage,
        current_user)

      if Feature.enabled?(:profile_tabs_vue, current_user) && !@is_personal_homepage
        @events = if user.include_private_contributions?
                    @events
                  else
                    @events.select { |event| event.visible_to_user?(current_user) }
                  end

        render json: ::Profile::EventSerializer.new(current_user: current_user, target_user: user)
                                               .represent(@events)
      elsif @is_personal_homepage && @events.empty?
        # Return an empty response so that the personal homepage renders its empty state
      else
        pager_json("events/_events", @events.count, events: @events)
      end
    end
  end
end

#calendarObject 



199
200
201
 
# File 'app/controllers/users_controller.rb', line 199

def calendar
  render json: contributions_calendar.activity_dates
end

#calendar_activitiesObject 



203
204
205
206
207
208
209
210
211
212
213
214
 
# File 'app/controllers/users_controller.rb', line 203

def calendar_activities
  @calendar_date = begin
    Date.parse(params[:date])
  rescue StandardError
    Date.today
  end

  @events = contributions_calendar.events_by_date(@calendar_date).map(&:present)
  Events::RenderService.new(current_user).execute(@events)

  render 'calendar_activities', layout: false
end

#contributedObject 



138
139
140
141
142
 
# File 'app/controllers/users_controller.rb', line 138

def contributed
  present_projects do
    load_contributed_projects
  end
end

#existsObject 



216
217
218
219
220
221
222
 
# File 'app/controllers/users_controller.rb', line 216

def exists
  if Gitlab::CurrentSettings. || current_user
    render json: { exists: Namespace.username_reserved?(params[:username]) }
  else
    render json: { error: _('You must be authenticated to access this path.') }, status: :unauthorized
  end
end

#followObject 



224
225
226
227
228
229
230
231
232
233
234
235
236
 
# File 'app/controllers/users_controller.rb', line 224

def follow
  followee = current_user.follow(user)

  if followee
    flash[:alert] = followee.errors.full_messages.join(', ') if followee&.errors&.any?
  else
    flash[:alert] = s_('Action not allowed.')
  end

  redirect_path = referer_path(request) || @user

  redirect_to redirect_path
end

#followersObject 



150
151
152
153
154
 
# File 'app/controllers/users_controller.rb', line 150

def followers
  present_users do
    @user_followers = user.followers.page(params[:page]).per(FOLLOWERS_FOLLOWING_USERS_PER_PAGE)
  end
end

#followingObject 



156
157
158
159
160
 
# File 'app/controllers/users_controller.rb', line 156

def following
  present_users do
    @user_following = user.followees.page(params[:page]).per(FOLLOWERS_FOLLOWING_USERS_PER_PAGE)
  end
end

#gpg_keysObject

Get all gpg keys of a user(params) in a text format



113
114
115
116
117
 
# File 'app/controllers/users_controller.rb', line 113

def gpg_keys
  keys = user.gpg_keys.filter_map { |gpg_key| gpg_key.key if gpg_key.verified? }.join("\n")
  keys << "\n" unless keys.empty?
  render plain: keys
end

#groupsObject 



119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'app/controllers/users_controller.rb', line 119

def groups
  respond_to do |format|
    format.html { render 'show' }
    format.json do
      load_groups

      render json: {
        html: view_to_html_string("shared/groups/_list", groups: @groups)
      }
    end
  end
end

#present_projectsObject 



162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
# File 'app/controllers/users_controller.rb', line 162

def present_projects
  skip_pagination = Gitlab::Utils.to_boolean(params[:skip_pagination])
  skip_namespace = Gitlab::Utils.to_boolean(params[:skip_namespace])
  compact_mode = Gitlab::Utils.to_boolean(params[:compact_mode])
  card_mode = Gitlab::Utils.to_boolean(params[:card_mode])

  respond_to do |format|
    format.html { render 'show' }
    format.json do
      projects = yield

      pager_json(
        "shared/projects/_list",
        projects.count,
        projects: projects,
        skip_pagination: skip_pagination,
        skip_namespace: skip_namespace,
        compact_mode: compact_mode,
        card_mode: card_mode
      )
    end
  end
end

#projectsObject 



132
133
134
135
136
 
# File 'app/controllers/users_controller.rb', line 132

def projects
  present_projects do
    load_projects
  end
end

#showObject 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'app/controllers/users_controller.rb', line 59

def show
  respond_to do |format|
    format.html

    format.atom do
      load_events
      render layout: 'xml'
    end

    format.json do
      msg = safe_format("This endpoint is deprecated. Use %{user_activity_path} instead.",
        user_activity_path: user_activity_path)
      render json: { message: msg }, status: :not_found
    end
  end
end

#snippetsObject 



186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'app/controllers/users_controller.rb', line 186

def snippets
  respond_to do |format|
    format.html { render 'show' }
    format.json do
      load_snippets

      render json: {
        html: view_to_html_string("snippets/_snippets", collection: @snippets)
      }
    end
  end
end

#ssh_keysObject

Get all keys of a user(params) in a text format Helpful for sysadmins to put in respective servers



78
79
80
81
82
 
# File 'app/controllers/users_controller.rb', line 78

def ssh_keys
  keys = user.all_ssh_keys.join("\n")
  keys << "\n" unless keys.empty?
  render plain: keys
end

#starredObject 



144
145
146
147
148
 
# File 'app/controllers/users_controller.rb', line 144

def starred
  present_projects do
    load_starred_projects
  end
end

#unfollowObject 



238
239
240
241
242
243
244
245
246
247
248
 
# File 'app/controllers/users_controller.rb', line 238

def unfollow
  response = ::Users::UnfollowService.new(
    follower: current_user,
    followee: user
  ).execute

  flash[:alert] = response.message if response.error?
  redirect_path = referer_path(request) || @user

  redirect_to redirect_path
end