Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member

This is a try for a new approach to put the access checks at the service level.

Signed-off-by: Rémy Coutable <remy@rymai.me>

1 files changed, 6 insertions, 20 deletions

diff --git a/app/services/members/destroy_service.rb b/app/services/members/destroy_service.rb
index 59a55e42e38..15358f80208 100644
--- a/app/services/members/destroy_service.rb
+++ b/app/services/members/destroy_service.rb
@@ -7,29 +7,15 @@ module Members
     end
 
     def execute
-      if can?(current_user, "destroy_#{member.type.underscore}".to_sym, member)
-        member.destroy
-
-        if member.request? && member.user != current_user
-          notification_service.decline_access_request(member)
-        end
+      unless member && can?(current_user, "destroy_#{member.type.underscore}".to_sym, member)
+        raise Gitlab::Access::AccessDeniedError
       end
 
-      member
-    end
-
-    private
-
-    def abilities
-      Ability.abilities
-    end
-
-    def can?(object, action, subject)
-      abilities.allowed?(object, action, subject)
-    end
+      member.destroy
 
-    def notification_service
-      NotificationService.new
+      if member.request? && member.user != current_user
+        notification_service.decline_access_request(member)
+      end
     end
   end
 end