diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-07-28 20:30:34 +0300 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-09-22 16:50:47 +0300 |
| commit | b3f0a82f501ce26717a6f9e57d91cb2b1f1a967b (patch) | |
| tree | d4eabb5b40c1140fd6619084ff11e849d44eb7db /app | |
| parent | 8071dc83fa00361b7bdee6e76ef2d4a59851b154 (diff) | |
New Members::ApproveAccessRequestService
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/concerns/membership_actions.rb | 7 | ||||
| -rw-r--r-- | app/services/members/approve_access_request_service.rb | 30 |
2 files changed, 31 insertions, 6 deletions
diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index 52682ef9dc9..ba7c02b0ba7 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -1,6 +1,5 @@ module MembershipActions extend ActiveSupport::Concern - include MembersHelper def request_access membershipable.request_access(current_user) @@ -10,11 +9,7 @@ module MembershipActions end def approve_access_request - @member = membershipable.requesters.find(params[:id]) - - return render_403 unless can?(current_user, action_member_permission(:update, @member), @member) - - @member.accept_request + Members::ApproveAccessRequestService.new(membershipable, current_user, user_id: params[:id]).execute redirect_to polymorphic_url([membershipable, :members]) end diff --git a/app/services/members/approve_access_request_service.rb b/app/services/members/approve_access_request_service.rb new file mode 100644 index 00000000000..0324f0bb4bd --- /dev/null +++ b/app/services/members/approve_access_request_service.rb @@ -0,0 +1,30 @@ +module Members + class ApproveAccessRequestService < BaseService + include MembersHelper + + attr_accessor :source + + def initialize(source, current_user, params = {}) + @source = source + @current_user = current_user + @params = params + end + + def execute + access_requester = source.requesters.find_by!(user_id: params[:user_id]) + + raise Gitlab::Access::AccessDeniedError if cannot_update_access_requester?(access_requester) + + access_requester.access_level = params[:access_level] if params[:access_level] + access_requester.accept_request + + access_requester + end + + private + + def cannot_update_access_requester?(access_requester) + !access_requester || !can?(current_user, action_member_permission(:update, access_requester), access_requester) + end + end +end |