2016-03-08 19:01:33 -05:00
|
|
|
#Checks visibility level permission check before updating a group
|
|
|
|
|
#Do not allow to put Group visibility level smaller than its projects
|
|
|
|
|
#Do not allow unauthorized permission levels
|
|
|
|
|
|
|
|
|
|
module Groups
|
|
|
|
|
class UpdateService < Groups::BaseService
|
|
|
|
|
def execute
|
2016-03-16 18:44:33 -04:00
|
|
|
return false unless visibility_level_allowed?(params[:visibility_level])
|
|
|
|
|
group.update_attributes(params)
|
2016-03-08 19:01:33 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def visibility_level_allowed?(level)
|
|
|
|
|
return true unless level.present?
|
|
|
|
|
|
2016-03-17 18:42:46 -04:00
|
|
|
visibility_allowed_for_project?(level) && visibility_allowed_for_user?(level)
|
2016-03-08 19:01:33 -05:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
