diff options
Diffstat (limited to 'app/services/feature_flags/update_service.rb')
-rw-r--r-- | app/services/feature_flags/update_service.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/services/feature_flags/update_service.rb b/app/services/feature_flags/update_service.rb index ed5e2e794b4..d956d4b3357 100644 --- a/app/services/feature_flags/update_service.rb +++ b/app/services/feature_flags/update_service.rb @@ -10,6 +10,7 @@ module FeatureFlags def execute(feature_flag) return error('Access Denied', 403) unless can_update?(feature_flag) + return error('Not Found', 404) unless valid_user_list_ids?(feature_flag, user_list_ids(params)) ActiveRecord::Base.transaction do feature_flag.assign_attributes(params) @@ -87,5 +88,15 @@ module FeatureFlags def can_update?(feature_flag) Ability.allowed?(current_user, :update_feature_flag, feature_flag) end + + def user_list_ids(params) + params.fetch(:strategies_attributes, []) + .select { |s| s[:user_list_id].present? } + .map { |s| s[:user_list_id] } + end + + def valid_user_list_ids?(feature_flag, user_list_ids) + user_list_ids.empty? || ::Operations::FeatureFlags::UserList.belongs_to?(feature_flag.project_id, user_list_ids) + end end end |