Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member

This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2016-06-17 19:59:33 +0300
committer: Rémy Coutable <remy@rymai.me> 2016-06-18 07:06:34 +0300
commit: 654565c9dc734a597c525a75c8f72dd63235604b (patch)
tree: 0dbd5935c0019201dc93ee183e69e95d5f3513ce /app/services/members
parent: a08a26ac814d7fd9f7523e22847fab0cc25ceb78 (diff)
1 files changed, 6 insertions, 20 deletions
diff --git a/app/services/members/destroy_service.rb b/app/services/members/destroy_service.rb
index 59a55e42e38..15358f80208 100644
--- a/app/services/members/destroy_service.rb
+++ b/app/services/members/destroy_service.rb
@@ -7,29 +7,15 @@ module Members
     end
 
     def execute
-      if can?(current_user, "destroy_#{member.type.underscore}".to_sym, member)
-        member.destroy
-
-        if member.request? && member.user != current_user
-          notification_service.decline_access_request(member)
-        end
+      unless member && can?(current_user, "destroy_#{member.type.underscore}".to_sym, member)
+        raise Gitlab::Access::AccessDeniedError
       end
 
-      member
-    end
-
-    private
-
-    def abilities
-      Ability.abilities
-    end
-
-    def can?(object, action, subject)
-      abilities.allowed?(object, action, subject)
-    end
+      member.destroy
 
-    def notification_service
-      NotificationService.new
+      if member.request? && member.user != current_user
+        notification_service.decline_access_request(member)
+      end
     end
   end
 end
author	Rémy Coutable <remy@rymai.me>	2016-06-17 19:59:33 +0300
committer	Rémy Coutable <remy@rymai.me>	2016-06-18 07:06:34 +0300
commit	654565c9dc734a597c525a75c8f72dd63235604b (patch)
tree	0dbd5935c0019201dc93ee183e69e95d5f3513ce /app/services/members
parent	a08a26ac814d7fd9f7523e22847fab0cc25ceb78 (diff)