summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-12-05 09:08:32 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2022-12-05 09:08:32 +0000
commit56a61b24575775bb91c019f8886e9f45a05bfb62 (patch)
tree84a80abbb7fc68fbd9ec28efab76c6d13bbea3e7
parente9c6f820c83730cd4a6beb852859bf66117ce2d0 (diff)
downloadgitlab-ce-56a61b24575775bb91c019f8886e9f45a05bfb62.tar.gz
Add latest changes from gitlab-org/gitlab@15-5-stable-ee
Diffstat
-rw-r--r--app/services/resource_access_tokens/create_service.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb
index b8a210c0a95..c6948536053 100644
--- a/app/services/resource_access_tokens/create_service.rb
+++ b/app/services/resource_access_tokens/create_service.rb
@@ -13,6 +13,7 @@ module ResourceAccessTokens
return error("User does not have permission to create #{resource_type} access token") unless has_permission_to_create?
access_level = params[:access_level] || Gitlab::Access::MAINTAINER
+ return error("Could not provision owner access to project access token") if do_not_allow_owner_access_level_for_project_bot?(access_level)
user = create_user
@@ -107,7 +108,7 @@ module ResourceAccessTokens
end
def create_membership(resource, user, access_level)
- resource.add_member(user, access_level, current_user: current_user, expires_at: params[:expires_at])
+ resource.add_member(user, access_level, expires_at: params[:expires_at])
end
def log_event(token)
@@ -121,6 +122,12 @@ module ResourceAccessTokens
def success(access_token)
ServiceResponse.success(payload: { access_token: access_token })
end
+
+ def do_not_allow_owner_access_level_for_project_bot?(access_level)
+ resource.is_a?(Project) &&
+ access_level == Gitlab::Access::OWNER &&
+ !current_user.can?(:manage_owners, resource)
+ end
end
end
View Lorry Controller Status