2016-06-17 08:06:55 -04:00
|
|
|
module Members
|
|
|
|
class DestroyService < BaseService
|
2016-07-28 13:31:17 -04:00
|
|
|
include MembersHelper
|
2016-06-17 08:06:55 -04:00
|
|
|
|
2016-07-28 13:31:17 -04:00
|
|
|
attr_accessor :source
|
|
|
|
|
2017-02-21 18:32:18 -05:00
|
|
|
ALLOWED_SCOPES = %i[members requesters all].freeze
|
2016-07-28 13:31:17 -04:00
|
|
|
|
|
|
|
def initialize(source, current_user, params = {})
|
|
|
|
@source = source
|
2016-06-23 11:14:31 -04:00
|
|
|
@current_user = current_user
|
2016-07-28 13:31:17 -04:00
|
|
|
@params = params
|
2016-06-17 08:06:55 -04:00
|
|
|
end
|
|
|
|
|
2016-07-28 13:31:17 -04:00
|
|
|
def execute(scope = :members)
|
|
|
|
raise "scope :#{scope} is not allowed!" unless ALLOWED_SCOPES.include?(scope)
|
|
|
|
|
2016-09-09 12:51:31 -04:00
|
|
|
member = find_member!(scope)
|
2016-07-28 13:31:17 -04:00
|
|
|
|
2016-09-16 07:37:21 -04:00
|
|
|
raise Gitlab::Access::AccessDeniedError unless can_destroy_member?(member)
|
2016-07-28 13:31:17 -04:00
|
|
|
|
2016-08-04 17:34:57 -04:00
|
|
|
AuthorizedDestroyService.new(member, current_user).execute
|
2016-06-17 08:06:55 -04:00
|
|
|
end
|
2016-07-28 13:31:17 -04:00
|
|
|
|
|
|
|
private
|
|
|
|
|
2016-09-09 12:51:31 -04:00
|
|
|
def find_member!(scope)
|
|
|
|
condition = params[:user_id] ? { user_id: params[:user_id] } : { id: params[:id] }
|
2016-07-28 13:31:17 -04:00
|
|
|
case scope
|
|
|
|
when :all
|
2016-09-09 12:51:31 -04:00
|
|
|
source.members.find_by(condition) ||
|
|
|
|
source.requesters.find_by!(condition)
|
2016-07-28 13:31:17 -04:00
|
|
|
else
|
2017-08-10 12:39:26 -04:00
|
|
|
source.public_send(scope).find_by!(condition) # rubocop:disable GitlabSecurity/PublicSend
|
2016-07-28 13:31:17 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-09-16 07:37:21 -04:00
|
|
|
def can_destroy_member?(member)
|
|
|
|
member && can?(current_user, action_member_permission(:destroy, member), member)
|
2016-07-28 13:31:17 -04:00
|
|
|
end
|
2016-06-17 08:06:55 -04:00
|
|
|
end
|
|
|
|
end
|