gitlab-org--gitlab-foss/app/workers/delete_user_worker.rb
Stan Hu e23c803769
Add user deletion permission check in Users::DestroyService
We saw from a recent incident that the `Users::DestroyService` would
attempt to delete a user over and over. Revoking the permissions
from the current user did not help. We should ensure that the
current user does, in fact, have permissions to delete the user.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-02-20 17:19:11 +01:00

13 lines
441 B
Ruby

class DeleteUserWorker
include Sidekiq::Worker
include DedicatedSidekiqQueue
def perform(current_user_id, delete_user_id, options = {})
delete_user = User.find(delete_user_id)
current_user = User.find(current_user_id)
Users::DestroyService.new(current_user).execute(delete_user, options.symbolize_keys)
rescue Gitlab::Access::AccessDeniedError => e
Rails.logger.warn("User could not be destroyed: #{e}")
end
end