Release 2025 03 05

Release 2025 03 05

Author: DominikAlberski

lib/travis/api/app/endpoint.rb

@@ -117,6 +117,7 @@ def authorizer
       end
 
       def auth_for_repo(id, type)
+        current_user&.touch
         permission = authorizer.for_repo(id, type)
         halt 403, { error: { message: "We're sorry, but you're not authorized to perform this request" } } unless permission
       rescue Travis::API::V3::AuthorizerError

lib/travis/api/v3/access_control/org_token.rb

@@ -0,0 +1,38 @@
+require 'travis/api/v3/access_control/generic'
+
+module Travis::API::V3
+  class AccessControl::OrgToken < AccessControl::Generic
+    auth_type('org.token')
+
+    attr_accessor :org, :token
+
+    def self.for_request(type, token, env)
+      new(token)
+    end
+
+    def initialize(token)
+      if token.is_a? Array
+        self.org = token.first
+        self.token = token.last
+      elsif token.include?(':')
+        self.org = token.split(':')&.first
+        self.token = token.split(':')&.last
+      else
+        self.org = Models::OrganizationToken.find_by(token: self.token)&.organization_id
+        self.token = token
+      end
+    end
+
+    def visible?(object, type = nil)
+      return Models::OrganizationToken.where(organization: org).joins(:organization_token_permissions).where(organization_token_permissions: {permission: object})&.first&.token&.split(':')&.last == token
+    end
+
+    def logged_in?
+      false
+    end
+
+    def full_access?
+      false
+    end
+  end
+end

lib/travis/api/v3/access_control/user.rb

@@ -7,6 +7,7 @@ class AccessControl::User < AccessControl::Generic
     def initialize(user)
       user                = Models::User.find(user.id) if user.is_a? ::User
       @user               = user
+      user.touch
       @access_permissions = user.permissions.where(user_id: user.id)
       super()
     end

lib/travis/api/v3/models/bulk_change_result.rb

@@ -0,0 +1,10 @@
+module Travis::API::V3
+  class Models::BulkChangeResult
+    attr_accessor :changed, :skipped
+
+    def initialize(attrs)
+      @changed = attrs[:changed]
+      @skipped = attrs[:skipped]
+    end
+  end
+end

lib/travis/api/v3/models/cron.rb

@@ -66,6 +66,7 @@ def enqueue
       )
 
       update_attribute(:last_run, DateTime.now.utc)
+      update_activity
       schedule_next_build
     end
 
@@ -82,6 +83,15 @@ def deactivate
       update!(active: false)
     end
 
+    def update_activity
+      owner = branch.repository.owner
+      owner&.touch if owner.is_a? Models::User
+      build = Build.find_by_id(branch.last_build_id)
+      if build && build.sender_type == 'User' && build.sender_id > 0
+        Models::User.find(build.sender_id)&.touch
+      end
+    end
+
     def deactivate_and_log_reason(reason)
       Travis.logger.info "Removing cron #{self.id} because the associated #{reason}"
       deactivate

lib/travis/api/v3/models/organization_token.rb

@@ -0,0 +1,8 @@
+module Travis::API::V3
+  class Models::OrganizationToken < Model
+    belongs_to :organization
+    has_many :organization_token_permissions
+
+    serialize :token, Travis::Model::EncryptedColumn.new
+  end
+end

lib/travis/api/v3/models/organization_token_permission.rb

@@ -0,0 +1,5 @@
+module Travis::API::V3
+  class Models::OrganizationTokenPermission < Model
+    belongs_to :organization_token
+  end
+end

lib/travis/api/v3/models/user.rb

@@ -87,6 +87,10 @@ def installation
       @installation = Models::Installation.find_by(owner_type: 'User', owner_id: id, removed_by_id: nil)
     end
 
+    def touch
+      update(last_activity_at: Time.now) if last_activity_at.nil? || Time.now.utc - last_activity_at > 300
+    end
+
     def internal?
       !!get_internal_user
     end

lib/travis/api/v3/queries/organization.rb

@@ -19,11 +19,50 @@ def update_billing_permission(user_id)
       client.update_organization_billing_permission(params['organization.id'], data)
     end
 
+    def active(value, from)
+      org = Models::Organization.find_by_id(id) if id
+      from ||= Time.now - 1.day
+      sort Models::User.where('id in (?)', org.memberships.pluck(:user_id)).where("users.last_activity_at #{value ? '>' : '<'}  ?", from)
+    end
+
+    def suspend(value)
+      if params['vcs_type']
+       raise WrongParams, 'missing user ids'.freeze unless params['vcs_ids']&.size > 0
+
+      user_ids = Models::User.where("vcs_type = ? and vcs_id in (?)", vcs_type,params['vcs_ids']).all.map(&:id)
+     else
+       raise WrongParams, 'missing user ids'.freeze unless params['user_ids']&.size > 0
+
+       user_ids = params['user_ids']
+     end
+
+      filtered_ids = filter_ids(user_ids)
+      Models::User.where("id in (?)", filtered_ids).update!(suspended: value, suspended_at: value ? Time.now.utc : nil)
+      Models::BulkChangeResult.new(
+        changed: filtered_ids,
+        skipped: user_ids - filtered_ids
+      )
+    end
+
+    def filter_ids(ids)
+      Membership.where(organization_id: id, user_id: ids).all.map(&:user_id)
+    end
+
+    def vcs_type
+      @_vcs_type ||=
+        params['vcs_type'] ?
+          (
+            params['vcs_type'].end_with?('User') ?
+              params['vcs_type'] :
+              "#{params['vcs_type'].capitalize}User"
+          )
+        : 'GithubUser'
+    end
+
     private
 
     def provider
       params['provider'] || 'github'
     end
-
   end
 end

lib/travis/api/v3/queries/users.rb

@@ -0,0 +1,40 @@
+module Travis::API::V3
+  class Queries::Users < Query
+    params :user_ids, :vcs_ids, :vcs_type
+
+    def suspend(value)
+      if params['vcs_type']
+       raise WrongParams, 'missing user ids'.freeze unless params['vcs_ids']&.size > 0
+
+      ids = Models::User.where("vcs_type = ? and vcs_id in (?)", vcs_type, params['vcs_ids']).all.map(&:id)
+     else
+       raise WrongParams, 'missing user ids'.freeze unless params['user_ids']&.size > 0
+
+      ids = params['user_ids']
+     end
+      Models::User.where('id in (?)' , ids).update!(suspended: value, suspended_at: value ? Time.now.utc : nil)
+      skipped =  unknown_ids(ids)
+      Models::BulkChangeResult.new(
+        changed: ids - skipped,
+        skipped: skipped
+      )
+    end
+
+    def unknown_ids(ids)
+      @_unknown_ids ||= ids - User.where('id in (?)', ids).all.map(&:id)
+    end
+
+    private
+
+    def vcs_type
+      @_vcs_type ||=
+        params['vcs_type'] ?
+          (
+            params['vcs_type'].end_with?('User') ?
+              params['vcs_type'] :
+              "#{params['vcs_type'].capitalize}User"
+          )
+        : 'GithubUser'
+    end
+  end
+end