debian-mirror-gitlab/app/services/members/projects/creator_service.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

51 lines
1.9 KiB
Ruby
Raw Normal View History

2021-09-30 23:02:18 +05:30
# frozen_string_literal: true
module Members
module Projects
class CreatorService < Members::CreatorService
2022-07-23 23:45:48 +05:30
class << self
def cannot_manage_owners?(source, current_user)
!Ability.allowed?(current_user, :manage_owners, source)
end
end
2021-09-30 23:02:18 +05:30
private
2022-06-21 17:19:12 +05:30
def can_create_new_member?
2022-07-23 23:45:48 +05:30
return false if assigning_project_member_with_owner_access_level? &&
cannot_assign_owner_responsibilities_to_member_in_project?
2022-07-16 23:28:13 +05:30
# This access check(`admin_project_member`) will write to safe request store cache for the user being added.
# This means any operations inside the same request will need to purge that safe request
# store cache if operations are needed to be done inside the same request that checks max member access again on
# that user.
current_user.can?(:admin_project_member, member.project) || adding_the_creator_as_owner_in_a_personal_project?
2022-06-21 17:19:12 +05:30
end
def can_update_existing_member?
2022-07-23 23:45:48 +05:30
# rubocop:disable Layout/EmptyLineAfterGuardClause
raise ::Gitlab::Access::AccessDeniedError if assigning_project_member_with_owner_access_level? &&
cannot_assign_owner_responsibilities_to_member_in_project?
# rubocop:enable Layout/EmptyLineAfterGuardClause
2022-06-21 17:19:12 +05:30
current_user.can?(:update_project_member, member)
2021-09-30 23:02:18 +05:30
end
2022-06-21 17:19:12 +05:30
def adding_the_creator_as_owner_in_a_personal_project?
2021-09-30 23:02:18 +05:30
# this condition is reached during testing setup a lot due to use of `.add_user`
2022-06-21 17:19:12 +05:30
member.project.personal_namespace_holder?(member.user)
2021-09-30 23:02:18 +05:30
end
2022-07-23 23:45:48 +05:30
def assigning_project_member_with_owner_access_level?
return true if member && member.owner?
access_level == Gitlab::Access::OWNER
end
def cannot_assign_owner_responsibilities_to_member_in_project?
member.is_a?(ProjectMember) && !current_user.can?(:manage_owners, member.source)
end
2021-09-30 23:02:18 +05:30
end
end
end