diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-05 09:08:32 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-05 09:08:32 +0000 |
commit | 56a61b24575775bb91c019f8886e9f45a05bfb62 (patch) | |
tree | 84a80abbb7fc68fbd9ec28efab76c6d13bbea3e7 | |
parent | e9c6f820c83730cd4a6beb852859bf66117ce2d0 (diff) | |
download | gitlab-ce-56a61b24575775bb91c019f8886e9f45a05bfb62.tar.gz |
Add latest changes from gitlab-org/gitlab@15-5-stable-ee
-rw-r--r-- | app/services/resource_access_tokens/create_service.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb index b8a210c0a95..c6948536053 100644 --- a/app/services/resource_access_tokens/create_service.rb +++ b/app/services/resource_access_tokens/create_service.rb @@ -13,6 +13,7 @@ module ResourceAccessTokens return error("User does not have permission to create #{resource_type} access token") unless has_permission_to_create? access_level = params[:access_level] || Gitlab::Access::MAINTAINER + return error("Could not provision owner access to project access token") if do_not_allow_owner_access_level_for_project_bot?(access_level) user = create_user @@ -107,7 +108,7 @@ module ResourceAccessTokens end def create_membership(resource, user, access_level) - resource.add_member(user, access_level, current_user: current_user, expires_at: params[:expires_at]) + resource.add_member(user, access_level, expires_at: params[:expires_at]) end def log_event(token) @@ -121,6 +122,12 @@ module ResourceAccessTokens def success(access_token) ServiceResponse.success(payload: { access_token: access_token }) end + + def do_not_allow_owner_access_level_for_project_bot?(access_level) + resource.is_a?(Project) && + access_level == Gitlab::Access::OWNER && + !current_user.can?(:manage_owners, resource) + end end end |