gitlab-org--gitlab-foss/app/finders/access_requests_finder.rb
Rémy Coutable 486f755c4f Use Ability.allowed? instead of current_user.can? in AccessRequestsFinder
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-28 08:46:59 +02:00

27 lines
562 B
Ruby

class AccessRequestsFinder
attr_accessor :source
# Arguments:
# source - a Group or Project
def initialize(source)
@source = source
end
def execute(*args)
execute!(*args)
rescue Gitlab::Access::AccessDeniedError
[]
end
def execute!(current_user)
raise Gitlab::Access::AccessDeniedError unless can_see_access_requests?(current_user)
source.requesters
end
private
def can_see_access_requests?(current_user)
source && Ability.allowed?(current_user, :"admin_#{source.class.to_s.underscore}", source)
end
end