From b804db26485ea09dc93269898dc969ed692130a2 Mon Sep 17 00:00:00 2001
From: James Lopez <james@jameslopez.es>
Date: Fri, 23 Jun 2017 11:34:07 +0200
Subject: refactor update user service not to do auth checks

---
 app/services/users/update_service.rb | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

(limited to 'app/services/users')

diff --git a/app/services/users/update_service.rb b/app/services/users/update_service.rb
index 36dcc69f8cf..2037664f56a 100644
--- a/app/services/users/update_service.rb
+++ b/app/services/users/update_service.rb
@@ -1,14 +1,13 @@
 module Users
   # Service for updating a user.
   class UpdateService < BaseService
-    def initialize(current_user, user, params = {})
-      @current_user = current_user
+    def initialize(user, params = {})
       @user = user
       @params = params.dup
     end
 
-    def execute(skip_authorization: false, validate: true, &block)
-      assign_attributes(skip_authorization, &block)
+    def execute(validate: true, &block)
+      assign_attributes(&block)
 
       if @user.save(validate: validate)
         success
@@ -20,23 +19,17 @@ module Users
     def execute!(*args, &block)
       result = execute(*args, &block)
 
-      raise ActiveRecord::RecordInvalid(result[:message]) unless result[:status] == :success
+      raise ActiveRecord::RecordInvalid.new(@user) unless result[:status] == :success
 
       true
     end
 
     private
 
-    def assign_attributes(skip_authorization, &block)
-      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_update_user?
-
+    def assign_attributes(&block)
       yield(@user) if block_given?
 
       @user.assign_attributes(params) if params.any?
     end
-
-    def can_update_user?
-      current_user == @user || current_user&.admin?
-    end
   end
 end
-- 
cgit v1.2.3