gitlab-org--gitlab-foss/app/services/members/destroy_service.rb

module Members
  class DestroyService < BaseService
    include MembersHelper

    attr_accessor :source

    ALLOWED_SCOPES = %i[members requesters all]

    def initialize(source, current_user, params = {})
      @source = source
      @current_user = current_user
      @params = params
    end

    def execute(scope = :members)
      raise "scope :#{scope} is not allowed!" unless ALLOWED_SCOPES.include?(scope)

      member = find_member!(scope)

      raise Gitlab::Access::AccessDeniedError unless can_destroy_member?(member)

      AuthorizedDestroyService.new(member, current_user).execute
    end

    private

    def find_member!(scope)
      condition = params[:user_id] ? { user_id: params[:user_id] } : { id: params[:id] }
      case scope
      when :all
        source.members.find_by(condition) ||
          source.requesters.find_by!(condition)
      else
        source.public_send(scope).find_by!(condition)
      end
    end

    def can_destroy_member?(member)
      member && can?(current_user, action_member_permission(:destroy, member), member)
    end
  end
end
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`module Members`
			`class DestroyService < BaseService`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`include MembersHelper`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`attr_accessor :source`

			`ALLOWED_SCOPES = %i[members requesters all]`

			`def initialize(source, current_user, params = {})`
			`@source = source`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 11:14:31 -04:00			`@current_user = current_user`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`@params = params`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`end`

Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`def execute(scope = :members)`
			`raise "scope :#{scope} is not allowed!" unless ALLOWED_SCOPES.include?(scope)`

Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 12:51:31 -04:00			`member = find_member!(scope)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
Invert method's naming Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 07:37:21 -04:00			`raise Gitlab::Access::AccessDeniedError unless can_destroy_member?(member)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
Extract Members::AuthorizedDestroyService from Members::DestroyService. 2016-08-04 17:34:57 -04:00			`AuthorizedDestroyService.new(member, current_user).execute`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00
			`private`

Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 12:51:31 -04:00			`def find_member!(scope)`
			`condition = params[:user_id] ? { user_id: params[:user_id] } : { id: params[:id] }`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`case scope`
			`when :all`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 12:51:31 -04:00			`source.members.find_by(condition) \|\|`
			`source.requesters.find_by!(condition)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`else`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 12:51:31 -04:00			`source.public_send(scope).find_by!(condition)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`end`
			`end`

Invert method's naming Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-16 07:37:21 -04:00			`def can_destroy_member?(member)`
			`member && can?(current_user, action_member_permission(:destroy, member), member)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 13:31:17 -04:00			`end`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 08:06:55 -04:00			`end`
			`end`