2021-06-28 18:08:39 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Members
|
|
|
|
module Projects
|
|
|
|
class CreatorService < Members::CreatorService
|
2022-06-16 09:09:15 +00:00
|
|
|
class << self
|
|
|
|
def cannot_manage_owners?(source, current_user)
|
|
|
|
!Ability.allowed?(current_user, :manage_owners, source)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-06-28 18:08:39 +00:00
|
|
|
private
|
|
|
|
|
2022-04-14 12:09:31 +00:00
|
|
|
def can_create_new_member?
|
2022-05-30 12:08:23 +00:00
|
|
|
return false if assigning_project_member_with_owner_access_level? &&
|
|
|
|
cannot_assign_owner_responsibilities_to_member_in_project?
|
|
|
|
|
2022-05-12 03:08:58 +00:00
|
|
|
# This access check(`admin_project_member`) will write to safe request store cache for the user being added.
|
|
|
|
# This means any operations inside the same request will need to purge that safe request
|
|
|
|
# store cache if operations are needed to be done inside the same request that checks max member access again on
|
|
|
|
# that user.
|
|
|
|
current_user.can?(:admin_project_member, member.project) || adding_the_creator_as_owner_in_a_personal_project?
|
2022-04-14 12:09:31 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def can_update_existing_member?
|
2022-05-30 12:08:23 +00:00
|
|
|
# rubocop:disable Layout/EmptyLineAfterGuardClause
|
|
|
|
raise ::Gitlab::Access::AccessDeniedError if assigning_project_member_with_owner_access_level? &&
|
|
|
|
cannot_assign_owner_responsibilities_to_member_in_project?
|
|
|
|
# rubocop:enable Layout/EmptyLineAfterGuardClause
|
|
|
|
|
2022-04-14 12:09:31 +00:00
|
|
|
current_user.can?(:update_project_member, member)
|
2021-06-28 18:08:39 +00:00
|
|
|
end
|
|
|
|
|
2022-03-29 00:09:12 +00:00
|
|
|
def adding_the_creator_as_owner_in_a_personal_project?
|
2022-07-05 18:08:43 +00:00
|
|
|
# this condition is reached during testing setup a lot due to use of `.add_member`
|
2022-04-14 12:09:31 +00:00
|
|
|
member.project.personal_namespace_holder?(member.user)
|
2021-06-28 18:08:39 +00:00
|
|
|
end
|
2022-05-30 12:08:23 +00:00
|
|
|
|
|
|
|
def assigning_project_member_with_owner_access_level?
|
|
|
|
return true if member && member.owner?
|
|
|
|
|
|
|
|
access_level == Gitlab::Access::OWNER
|
|
|
|
end
|
|
|
|
|
|
|
|
def cannot_assign_owner_responsibilities_to_member_in_project?
|
|
|
|
member.is_a?(ProjectMember) && !current_user.can?(:manage_owners, member.source)
|
|
|
|
end
|
2021-06-28 18:08:39 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|