Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/services/resource_access_tokens/create_service.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/services/resource_access_tokens/create_service.rb')
-rw-r--r--app/services/resource_access_tokens/create_service.rb13
1 files changed, 3 insertions, 10 deletions
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb
index eed03ba22fe..b8a210c0a95 100644
--- a/app/services/resource_access_tokens/create_service.rb
+++ b/app/services/resource_access_tokens/create_service.rb
@@ -13,7 +13,6 @@ module ResourceAccessTokens
return error("User does not have permission to create #{resource_type} access token") unless has_permission_to_create?
access_level = params[:access_level] || Gitlab::Access::MAINTAINER
- return error("Could not provision owner access to project access token") if do_not_allow_owner_access_level_for_project_bot?(access_level)
user = create_user
@@ -48,9 +47,9 @@ module ResourceAccessTokens
end
def create_user
- # Even project maintainers can create project access tokens, which in turn
+ # Even project maintainers/owners can create project access tokens, which in turn
# creates a bot user, and so it becomes necessary to have `skip_authorization: true`
- # since someone like a project maintainer does not inherently have the ability
+ # since someone like a project maintainer/owner does not inherently have the ability
# to create a new user in the system.
::Users::AuthorizedCreateService.new(current_user, default_user_params).execute
@@ -108,7 +107,7 @@ module ResourceAccessTokens
end
def create_membership(resource, user, access_level)
- resource.add_member(user, access_level, expires_at: params[:expires_at])
+ resource.add_member(user, access_level, current_user: current_user, expires_at: params[:expires_at])
end
def log_event(token)
@@ -122,12 +121,6 @@ module ResourceAccessTokens
def success(access_token)
ServiceResponse.success(payload: { access_token: access_token })
end
-
- def do_not_allow_owner_access_level_for_project_bot?(access_level)
- resource.is_a?(Project) &&
- access_level == Gitlab::Access::OWNER &&
- !current_user.can?(:manage_owners, resource)
- end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 02:43:23 +0300