diff options
Diffstat (limited to 'app/services/resource_access_tokens/create_service.rb')
-rw-r--r-- | app/services/resource_access_tokens/create_service.rb | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb index eed03ba22fe..b8a210c0a95 100644 --- a/app/services/resource_access_tokens/create_service.rb +++ b/app/services/resource_access_tokens/create_service.rb @@ -13,7 +13,6 @@ module ResourceAccessTokens return error("User does not have permission to create #{resource_type} access token") unless has_permission_to_create? access_level = params[:access_level] || Gitlab::Access::MAINTAINER - return error("Could not provision owner access to project access token") if do_not_allow_owner_access_level_for_project_bot?(access_level) user = create_user @@ -48,9 +47,9 @@ module ResourceAccessTokens end def create_user - # Even project maintainers can create project access tokens, which in turn + # Even project maintainers/owners can create project access tokens, which in turn # creates a bot user, and so it becomes necessary to have `skip_authorization: true` - # since someone like a project maintainer does not inherently have the ability + # since someone like a project maintainer/owner does not inherently have the ability # to create a new user in the system. ::Users::AuthorizedCreateService.new(current_user, default_user_params).execute @@ -108,7 +107,7 @@ module ResourceAccessTokens end def create_membership(resource, user, access_level) - resource.add_member(user, access_level, expires_at: params[:expires_at]) + resource.add_member(user, access_level, current_user: current_user, expires_at: params[:expires_at]) end def log_event(token) @@ -122,12 +121,6 @@ module ResourceAccessTokens def success(access_token) ServiceResponse.success(payload: { access_token: access_token }) end - - def do_not_allow_owner_access_level_for_project_bot?(access_level) - resource.is_a?(Project) && - access_level == Gitlab::Access::OWNER && - !current_user.can?(:manage_owners, resource) - end end end |