51 lines
1.3 KiB
Ruby
51 lines
1.3 KiB
Ruby
module Members
|
|
class DestroyService < BaseService
|
|
include MembersHelper
|
|
|
|
attr_accessor :source
|
|
|
|
ALLOWED_SCOPES = %i[members requesters all].freeze
|
|
|
|
def initialize(source, current_user, params = {})
|
|
@source = source
|
|
@current_user = current_user
|
|
@params = params
|
|
end
|
|
|
|
def execute(scope = :members)
|
|
raise "scope :#{scope} is not allowed!" unless ALLOWED_SCOPES.include?(scope)
|
|
|
|
member = find_member!(scope)
|
|
|
|
raise Gitlab::Access::AccessDeniedError unless can_destroy_member?(member)
|
|
|
|
AuthorizedDestroyService.new(member, current_user).execute
|
|
end
|
|
|
|
private
|
|
|
|
def find_member!(scope)
|
|
condition = params[:user_id] ? { user_id: params[:user_id] } : { id: params[:id] }
|
|
case scope
|
|
when :all
|
|
source.members.find_by(condition) ||
|
|
source.requesters.find_by!(condition)
|
|
else
|
|
source.public_send(scope).find_by!(condition) # rubocop:disable GitlabSecurity/PublicSend
|
|
end
|
|
end
|
|
|
|
def can_destroy_member?(member)
|
|
member && can?(current_user, destroy_member_permission(member), member)
|
|
end
|
|
|
|
def destroy_member_permission(member)
|
|
case member
|
|
when GroupMember
|
|
:destroy_group_member
|
|
when ProjectMember
|
|
:destroy_project_member
|
|
end
|
|
end
|
|
end
|
|
end
|