diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
commit | 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch) | |
tree | c8f718a08e110ad7e1894510980d2155a6549197 /app/services/personal_access_tokens/create_service.rb | |
parent | e852b0ae16db4052c1c567d9efa4facc81146e88 (diff) |
Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42
Diffstat (limited to 'app/services/personal_access_tokens/create_service.rb')
-rw-r--r-- | app/services/personal_access_tokens/create_service.rb | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/app/services/personal_access_tokens/create_service.rb b/app/services/personal_access_tokens/create_service.rb index ff9bb7d6802..93a0135669f 100644 --- a/app/services/personal_access_tokens/create_service.rb +++ b/app/services/personal_access_tokens/create_service.rb @@ -2,23 +2,30 @@ module PersonalAccessTokens class CreateService < BaseService - def initialize(current_user, params = {}) + def initialize(current_user:, target_user:, params: {}) @current_user = current_user + @target_user = target_user @params = params.dup + @ip_address = @params.delete(:ip_address) end def execute - personal_access_token = current_user.personal_access_tokens.create(params.slice(*allowed_params)) + return ServiceResponse.error(message: 'Not permitted to create') unless creation_permitted? - if personal_access_token.persisted? - ServiceResponse.success(payload: { personal_access_token: personal_access_token }) + token = target_user.personal_access_tokens.create(params.slice(*allowed_params)) + + if token.persisted? + log_event(token) + ServiceResponse.success(payload: { personal_access_token: token }) else - ServiceResponse.error(message: personal_access_token.errors.full_messages.to_sentence) + ServiceResponse.error(message: token.errors.full_messages.to_sentence, payload: { personal_access_token: token }) end end private + attr_reader :target_user, :ip_address + def allowed_params [ :name, @@ -27,5 +34,15 @@ module PersonalAccessTokens :expires_at ] end + + def creation_permitted? + Ability.allowed?(current_user, :create_user_personal_access_token, target_user) + end + + def log_event(token) + log_info("PAT CREATION: created_by: '#{current_user.username}', created_for: '#{token.user.username}', token_id: '#{token.id}'") + end end end + +PersonalAccessTokens::CreateService.prepend_if_ee('EE::PersonalAccessTokens::CreateService') |