Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-10-29 00:10:45 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-10-29 00:10:45 +0300
commit: 71d6b9014bef64436bbd996667e6458ebde561c4 (patch)
tree: 21b049d24b2d96be84904576e2b619f82d5d515d /app/services/members
parent: 0076bbc67375ff1507e42ce479406daf92c0a6a2 (diff)
2 files changed, 15 insertions, 3 deletions
diff --git a/app/services/members/approve_access_request_service.rb b/app/services/members/approve_access_request_service.rb
index 5337279f702..51f9492ec91 100644
--- a/app/services/members/approve_access_request_service.rb
+++ b/app/services/members/approve_access_request_service.rb
@@ -16,7 +16,7 @@ module Members
     private
 
     def validate_access!(access_requester)
-      raise Gitlab::Access::AccessDeniedError unless can_update_access_requester?(access_requester)
+      raise Gitlab::Access::AccessDeniedError unless can_approve_access_requester?(access_requester)
 
       if approving_member_with_owner_access_level?(access_requester) &&
         cannot_assign_owner_responsibilities_to_member_in_project?(access_requester)
@@ -24,8 +24,8 @@ module Members
       end
     end
 
-    def can_update_access_requester?(access_requester)
-      can?(current_user, update_member_permission(access_requester), access_requester)
+    def can_approve_access_requester?(access_requester)
+      can?(current_user, :admin_member_access_request, access_requester.source)
     end
 
     def approving_member_with_owner_access_level?(access_requester)
diff --git a/app/services/members/destroy_service.rb b/app/services/members/destroy_service.rb
index ce79907e8a8..f18269454e3 100644
--- a/app/services/members/destroy_service.rb
+++ b/app/services/members/destroy_service.rb
@@ -48,6 +48,10 @@ module Members
     def authorized?(member, destroy_bot)
       return can_destroy_bot_member?(member) if destroy_bot
 
+      if member.request?
+        return can_destroy_member_access_request?(member) || can_withdraw_member_access_request?(member)
+      end
+
       can_destroy_member?(member)
     end
 
@@ -106,6 +110,14 @@ module Members
       can?(current_user, destroy_bot_member_permission(member), member)
     end
 
+    def can_destroy_member_access_request?(member)
+      can?(current_user, :admin_member_access_request, member.source)
+    end
+
+    def can_withdraw_member_access_request?(member)
+      can?(current_user, :withdraw_member_access_request, member)
+    end
+
     def destroying_member_with_owner_access_level?(member)
       member.owner?
     end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-10-29 00:10:45 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-10-29 00:10:45 +0300
commit	71d6b9014bef64436bbd996667e6458ebde561c4 (patch)
tree	21b049d24b2d96be84904576e2b619f82d5d515d /app/services/members
parent	0076bbc67375ff1507e42ce479406daf92c0a6a2 (diff)