Mark Organization as "not isolated"

What does this MR do and why?

Most data in the database belongs to an organization. If we want to migrate an organization to a cell, all the data in that organization does not cross organization boundaries.

We expect that the logic will work like this:

  • A crawler will establish that a group is isolated
  • The logic in this MR will check if the organization is still isolated

Implementation

  • after_update_commit, we check if any belongs_to associations have been updated
  • If so, a Organizations::CheckOrganizationIsolationStatusWorker is scheduled. Arguments: model name, record id, changed fields
  • The worker returns if the record is not found or the state of the record has been changed
  • The worker will call Gitlab::Organizations::IsolationStatus.new(record, changed_associations).verify!
  • This class will check if the record and the updated belongs_to record belong to the same organization.
  • If they don't match, the isolation state of the Organization and (if exist) the Namespace will be changed to false

References

Related to #577780 (closed)

How to set up and validate locally

Assign an issue to a user outside of the Default Organization

Use rails console to create a user in another user:

Feature.enable(:isolation_status_check)

my_org = Organizations::Organization.find_or_create_by!(path: 'my-org') { |org| org.name = 'My Org' }

# Mark organizations as isolated
Organizations::Organization.all.each{|o| o.mark_as_isolated! }

root = User.find_by(username: 'root')
other_user = User.find_by(username: 'user-in-my-org') || ::Users::AuthorizedCreateService.new(root, {name: 'User In MyOrg', username: 'user-in-my-org', organization_id: my_org.id, email: 'test@example.org', password: 'r234234cc#'}).execute[:user]

# this is true
Organizations::Organization.find_by(path: 'default').isolated?

# Assign user from different organization: 
Issue.first.update!(author: other_user)

# A background worker changes this now to false, this can take some time on development
Organizations::Organization.find_by(path: 'default').isolated?

# Remove member
other_user.destroy

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Rutger Wessels

Merge request reports

Loading