e23c803769
We saw from a recent incident that the `Users::DestroyService` would attempt to delete a user over and over. Revoking the permissions from the current user did not help. We should ensure that the current user does, in fact, have permissions to delete the user. Signed-off-by: Rémy Coutable <remy@rymai.me>
13 lines
441 B
Ruby
13 lines
441 B
Ruby
class DeleteUserWorker
|
|
include Sidekiq::Worker
|
|
include DedicatedSidekiqQueue
|
|
|
|
def perform(current_user_id, delete_user_id, options = {})
|
|
delete_user = User.find(delete_user_id)
|
|
current_user = User.find(current_user_id)
|
|
|
|
Users::DestroyService.new(current_user).execute(delete_user, options.symbolize_keys)
|
|
rescue Gitlab::Access::AccessDeniedError => e
|
|
Rails.logger.warn("User could not be destroyed: #{e}")
|
|
end
|
|
end
|