diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-15 00:09:23 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-15 00:09:23 +0000 |
commit | 8aab944cc5e9b58ecc6f052db7cb8985a8a0ba51 (patch) | |
tree | 67f4c47cd3b3712daa0035bef27f04b04582e1b4 /app/services/members | |
parent | f9cda7671cfb07795d9ea01a7117f7d6c6511d0d (diff) | |
download | gitlab-ce-8aab944cc5e9b58ecc6f052db7cb8985a8a0ba51.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services/members')
-rw-r--r-- | app/services/members/destroy_service.rb | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/app/services/members/destroy_service.rb b/app/services/members/destroy_service.rb index 7e620047c78..fdd43260521 100644 --- a/app/services/members/destroy_service.rb +++ b/app/services/members/destroy_service.rb @@ -2,8 +2,8 @@ module Members class DestroyService < Members::BaseService - def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false) - raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_destroy_member?(member) + def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false) + raise Gitlab::Access::AccessDeniedError unless skip_authorization || authorized?(member, destroy_bot) @skip_auth = skip_authorization @@ -28,6 +28,12 @@ module Members private + def authorized?(member, destroy_bot) + return can_destroy_bot_member?(member) if destroy_bot + + can_destroy_member?(member) + end + def delete_subresources(member) return unless member.is_a?(GroupMember) && member.user && member.group @@ -55,6 +61,10 @@ module Members can?(current_user, destroy_member_permission(member), member) end + def can_destroy_bot_member?(member) + can?(current_user, destroy_bot_member_permission(member), member) + end + def destroy_member_permission(member) case member when GroupMember @@ -66,6 +76,12 @@ module Members end end + def destroy_bot_member_permission(member) + raise "Unsupported bot member type: #{member}" unless member.is_a?(ProjectMember) + + :destroy_project_bot_member + end + def enqueue_unassign_issuables(member) source_type = member.is_a?(GroupMember) ? 'Group' : 'Project' |