2018-11-18 11:00:15 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-11-03 12:29:30 +05:30
|
|
|
module Members
|
2018-03-27 19:54:05 +05:30
|
|
|
class ApproveAccessRequestService < Members::BaseService
|
|
|
|
def execute(access_requester, skip_authorization: false, skip_log_audit_event: false)
|
2022-07-23 23:45:48 +05:30
|
|
|
validate_access!(access_requester) unless skip_authorization
|
2016-11-03 12:29:30 +05:30
|
|
|
|
|
|
|
access_requester.access_level = params[:access_level] if params[:access_level]
|
2023-03-17 16:20:25 +05:30
|
|
|
access_requester.accept_request(current_user)
|
2016-11-03 12:29:30 +05:30
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
after_execute(member: access_requester, skip_log_audit_event: skip_log_audit_event)
|
|
|
|
|
2016-11-03 12:29:30 +05:30
|
|
|
access_requester
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
def validate_access!(access_requester)
|
2023-01-13 00:05:48 +05:30
|
|
|
raise Gitlab::Access::AccessDeniedError unless can_approve_access_requester?(access_requester)
|
2022-07-23 23:45:48 +05:30
|
|
|
|
|
|
|
if approving_member_with_owner_access_level?(access_requester) &&
|
|
|
|
cannot_assign_owner_responsibilities_to_member_in_project?(access_requester)
|
|
|
|
raise Gitlab::Access::AccessDeniedError
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-01-13 00:05:48 +05:30
|
|
|
def can_approve_access_requester?(access_requester)
|
|
|
|
can?(current_user, :admin_member_access_request, access_requester.source)
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
2022-07-23 23:45:48 +05:30
|
|
|
|
|
|
|
def approving_member_with_owner_access_level?(access_requester)
|
|
|
|
access_level_value = params[:access_level] || access_requester.access_level
|
|
|
|
|
|
|
|
access_level_value == Gitlab::Access::OWNER
|
|
|
|
end
|
2016-11-03 12:29:30 +05:30
|
|
|
end
|
|
|
|
end
|
2019-12-04 20:38:33 +05:30
|
|
|
|
2021-06-08 01:23:25 +05:30
|
|
|
Members::ApproveAccessRequestService.prepend_mod_with('Members::ApproveAccessRequestService')
|