921677782f
Implement CreateMembers service to make controller thin
2016-11-01 10:17:04 +02:00
61e2b88dd1
Allow Members::ApproveAccessRequestService to accept a new :force param
...
This param allows to bypass permission check. It is useful for LDAP-sync
where even owners don't have the :admin_group_member permission.
See
6081c37123/app/policies/group_policy.rb (L38)https://gitlab.com/gitlab-org/gitlab-ee/issues/1159
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-10-28 15:45:26 +02:00
e9d7b4f765
Invert method's naming
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-10-03 16:57:48 +02:00
c8b1311934
Fix a few things after the initial improvment to Members::DestroyService
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-10-03 16:57:48 +02:00
3158f57dba
Improve Members::DestroyService
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-10-03 16:57:48 +02:00
076e040639
Merge branch 'rc-new-members-request-access-service' into 'master'
...
New `Members::RequestAccessService`
Part of #21979 .
See merge request !6265
2016-10-02 11:33:06 +00:00
94996963c5
Inverse condition in Members::ApproveAccessRequestService
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-22 15:50:48 +02:00
5dcdf1d51b
Ensure Members::ApproveAccessRequestService can fin a requester by ID
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-22 15:50:48 +02:00
b3f0a82f50
New Members::ApproveAccessRequestService
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-22 15:50:47 +02:00
94edafdf09
Inverse condition in Members::RequestAccessService
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-22 11:12:18 +02:00
6b02127f03
New Members::RequestAccessService
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-22 11:12:17 +02:00
d2cd9d9696
Ensure last group owner isn't removed on expiry
2016-08-18 21:32:42 +01:00
8b1656282b
Merge branch 'master' into expiration-date-on-memberships
2016-08-18 15:54:07 +01:00
29850364ec
New AccessRequests API endpoints for Group & Project
...
Also, mutualize AccessRequests and Members endpoints for Group &
Project.
New API documentation for the AccessRequests endpoints.
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-08-10 19:07:05 +02:00
b4b51441aa
Extract Members::AuthorizedDestroyService from Members::DestroyService.
2016-08-04 23:34:57 +02:00
654565c9dc
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member
...
This is a try for a new approach to put the access checks at the service level.
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-18 06:06:34 +02:00
a08a26ac81
Don't send the "access declined" email on access request withdrawal
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-18 05:46:45 +02:00
4652489f40
New Members::DestroyService
...
This is to ensure we don't send unwanted notifications when deleting a
project. In other words, stop abusing AR callbacks and use services.
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-18 05:46:45 +02:00
Valery Sizov