Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/projects/group_links_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/projects/group_links_controller.rb')
-rw-r--r--app/controllers/projects/group_links_controller.rb21
1 files changed, 16 insertions, 5 deletions
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb
index 08eebfa0e4b..451f1d1363b 100644
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
@@ -2,13 +2,13 @@
class Projects::GroupLinksController < Projects::ApplicationController
layout 'project_settings'
- before_action :authorize_admin_project!
+ before_action :authorize_admin_project!, except: [:destroy]
+ before_action :authorize_admin_project_group_link!, only: [:destroy]
before_action :authorize_admin_project_member!, only: [:update]
feature_category :subgroups
def update
- group_link = @project.project_group_links.find(params[:id])
Projects::GroupLinks::UpdateService.new(group_link, current_user).execute(group_link_params)
if group_link.expires?
@@ -22,13 +22,15 @@ class Projects::GroupLinksController < Projects::ApplicationController
end
def destroy
- group_link = project.project_group_links.find(params[:id])
-
::Projects::GroupLinks::DestroyService.new(project, current_user).execute(group_link)
respond_to do |format|
format.html do
- redirect_to project_project_members_path(project), status: :found
+ if can?(current_user, :admin_group, group_link.group)
+ redirect_to group_path(group_link.group), status: :found
+ elsif can?(current_user, :admin_project, group_link.project)
+ redirect_to project_project_members_path(project), status: :found
+ end
end
format.js { head :ok }
end
@@ -36,6 +38,15 @@ class Projects::GroupLinksController < Projects::ApplicationController
protected
+ def authorize_admin_project_group_link!
+ render_404 unless can?(current_user, :admin_project_group_link, group_link)
+ end
+
+ def group_link
+ @project.project_group_links.find(params[:id])
+ end
+ strong_memoize_attr :group_link
+
def group_link_params
params.require(:group_link).permit(:group_access, :expires_at)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 15:59:43 +0300