gitlab-org--gitlab-foss/app/services/members/approve_access_request_serv...

module Members
  class ApproveAccessRequestService < Members::BaseService
    # opts - A hash of options
    #   :ldap - The call is from a LDAP sync: current_user can be nil in that case
    def execute(access_requester, opts = {})
      raise Gitlab::Access::AccessDeniedError unless can_update_access_requester?(access_requester, opts[:ldap])

      access_requester.access_level = params[:access_level] if params[:access_level]
      access_requester.accept_request

      after_execute(member: access_requester, **opts)

      access_requester
    end

    private

    def can_update_access_requester?(access_requester, ldap)
      access_requester && (
        ldap ||
        can?(current_user, update_member_permission(access_requester), access_requester)
      )
    end
  end
end
New Members::ApproveAccessRequestService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:30:34 +00:00			`module Members`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`class ApproveAccessRequestService < Members::BaseService`
Allow Members::ApproveAccessRequestService to accept a new :force param This param allows to bypass permission check. It is useful for LDAP-sync where even owners don't have the :admin_group_member permission. See https://gitlab.com/gitlab-org/gitlab-ee/blob/6081c37123abae4570f78831b33c2f45f92c2765/app/policies/group_policy.rb#L38 and https://gitlab.com/gitlab-org/gitlab-ee/issues/1159 Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-10-28 09:03:08 +00:00			`# opts - A hash of options`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`# :ldap - The call is from a LDAP sync: current_user can be nil in that case`
			`def execute(access_requester, opts = {})`
			`raise Gitlab::Access::AccessDeniedError unless can_update_access_requester?(access_requester, opts[:ldap])`
New Members::ApproveAccessRequestService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:30:34 +00:00
			`access_requester.access_level = params[:access_level] if params[:access_level]`
			`access_requester.accept_request`

Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`after_execute(member: access_requester, **opts)`

New Members::ApproveAccessRequestService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:30:34 +00:00			`access_requester`
			`end`

			`private`

Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`def can_update_access_requester?(access_requester, ldap)`
Allow Members::ApproveAccessRequestService to accept a new :force param This param allows to bypass permission check. It is useful for LDAP-sync where even owners don't have the :admin_group_member permission. See https://gitlab.com/gitlab-org/gitlab-ee/blob/6081c37123abae4570f78831b33c2f45f92c2765/app/policies/group_policy.rb#L38 and https://gitlab.com/gitlab-org/gitlab-ee/issues/1159 Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-10-28 09:03:08 +00:00			`access_requester && (`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`ldap \|\|`
Refactor member view by using presenter - Create MemberPresenter alongside with GroupMemberPresenter and ProjectMemberPresenter - Make Member model Presentable - Move action_member_permission from MembersHelper into the MemberPresenter - Added rspec using double, separate specs for GroupMemberPresenter and ProjectMemberPresenter Fixes #28004. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-02 06:01:02 +00:00			`can?(current_user, update_member_permission(access_requester), access_requester)`
Allow Members::ApproveAccessRequestService to accept a new :force param This param allows to bypass permission check. It is useful for LDAP-sync where even owners don't have the :admin_group_member permission. See https://gitlab.com/gitlab-org/gitlab-ee/blob/6081c37123abae4570f78831b33c2f45f92c2765/app/policies/group_policy.rb#L38 and https://gitlab.com/gitlab-org/gitlab-ee/issues/1159 Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-10-28 09:03:08 +00:00			`)`
New Members::ApproveAccessRequestService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:30:34 +00:00			`end`
			`end`
			`end`