Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/groups/group_members_controller.rb
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2016-06-17 19:59:33 +0300
committerRémy Coutable <remy@rymai.me>2016-06-18 07:06:34 +0300
commit654565c9dc734a597c525a75c8f72dd63235604b (patch)
tree0dbd5935c0019201dc93ee183e69e95d5f3513ce /app/controllers/groups/group_members_controller.rb
parenta08a26ac814d7fd9f7523e22847fab0cc25ceb78 (diff)
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member
This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/controllers/groups/group_members_controller.rb')
-rw-r--r--app/controllers/groups/group_members_controller.rb6
1 files changed, 0 insertions, 6 deletions
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index c3929ded6dd..2c49fe3833e 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -36,8 +36,6 @@ class Groups::GroupMembersController < Groups::ApplicationController
def destroy
@group_member = @group.group_members.find(params[:id])
- return render_403 unless can?(current_user, :destroy_group_member, @group_member)
-
Members::DestroyService.new(@group_member, current_user).execute
respond_to do |format|
@@ -68,8 +66,4 @@ class Groups::GroupMembersController < Groups::ApplicationController
# MembershipActions concern
alias_method :membershipable, :group
-
- def cannot_leave?
- @group.last_owner?(current_user)
- end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-01 18:35:41 +0300