diff options
author | Nick Thomas <nick@gitlab.com> | 2017-06-06 17:55:12 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-06-06 18:04:26 +0300 |
commit | 5c602e306cdf979a70aaa81cd473f491f2eee45a (patch) | |
tree | e1c1d5490f74b9ae44ecb8b91712c7b54c139ec7 /app/services | |
parent | 2f02843fe9fbcbef09ef8f122e9a84d809f2c29a (diff) |
Limit non-administrators to adding 100 members at a time to groups and projects
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/members/create_service.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/app/services/members/create_service.rb b/app/services/members/create_service.rb index 3a58f6c065d..26906ae7167 100644 --- a/app/services/members/create_service.rb +++ b/app/services/members/create_service.rb @@ -1,22 +1,38 @@ module Members class CreateService < BaseService + DEFAULT_LIMIT = 100 + def initialize(source, current_user, params = {}) @source = source @current_user = current_user @params = params + @error = nil end def execute - return false if params[:user_ids].blank? + return error('No users specified.') if params[:user_ids].blank? + + user_ids = params[:user_ids].split(',').uniq + + return error("Too many users specified (limit is #{user_limit})") if + user_limit && user_ids.size > user_limit @source.add_users( - params[:user_ids].split(','), + user_ids, params[:access_level], expires_at: params[:expires_at], current_user: current_user ) - true + success + end + + private + + def user_limit + limit = params.fetch(:limit, DEFAULT_LIMIT) + + limit && limit < 0 ? nil : limit end end end |