diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-06-06 20:45:34 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-06-06 20:45:34 +0000 |
| commit | 71f9c43c833531fb6e2231225b74a42dea4ae00c (patch) | |
| tree | e1e4dac0d9f100c4cf10d265a926065e1d17a07b /app | |
| parent | d1c2d36f0325c79aed9b5ae2e6396591c6ced3be (diff) | |
| parent | 5c602e306cdf979a70aaa81cd473f491f2eee45a (diff) | |
| download | gitlab-ce-71f9c43c833531fb6e2231225b74a42dea4ae00c.tar.gz | |
Merge branch '27148-limit-bulk-create-memberships' into 'master'
Limit non-administrators to adding 100 members at a time to groups and projects
Closes #27148
See merge request !11940
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/admin/groups_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/concerns/membership_actions.rb | 7 | ||||
| -rw-r--r-- | app/services/members/create_service.rb | 22 |
3 files changed, 27 insertions, 9 deletions
diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 5885b3543bb..5a2a7c7f27b 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -43,12 +43,13 @@ class Admin::GroupsController < Admin::ApplicationController end def members_update - status = Members::CreateService.new(@group, current_user, params).execute + member_params = params.permit(:user_ids, :access_level, :expires_at) + result = Members::CreateService.new(@group, current_user, member_params.merge(limit: -1)).execute - if status + if result[:status] == :success redirect_to [:admin, @group], notice: 'Users were successfully added.' else - redirect_to [:admin, @group], alert: 'No users specified.' + redirect_to [:admin, @group], alert: result[:message] end end diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index b1bacc8ffe5..cefb9b4e766 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -2,14 +2,15 @@ module MembershipActions extend ActiveSupport::Concern def create - status = Members::CreateService.new(membershipable, current_user, params).execute + create_params = params.permit(:user_ids, :access_level, :expires_at) + result = Members::CreateService.new(membershipable, current_user, create_params).execute redirect_url = members_page_url - if status + if result[:status] == :success redirect_to redirect_url, notice: 'Users were successfully added.' else - redirect_to redirect_url, alert: 'No users specified.' + redirect_to redirect_url, alert: result[:message] end end diff --git a/app/services/members/create_service.rb b/app/services/members/create_service.rb index 3a58f6c065d..26906ae7167 100644 --- a/app/services/members/create_service.rb +++ b/app/services/members/create_service.rb @@ -1,22 +1,38 @@ module Members class CreateService < BaseService + DEFAULT_LIMIT = 100 + def initialize(source, current_user, params = {}) @source = source @current_user = current_user @params = params + @error = nil end def execute - return false if params[:user_ids].blank? + return error('No users specified.') if params[:user_ids].blank? + + user_ids = params[:user_ids].split(',').uniq + + return error("Too many users specified (limit is #{user_limit})") if + user_limit && user_ids.size > user_limit @source.add_users( - params[:user_ids].split(','), + user_ids, params[:access_level], expires_at: params[:expires_at], current_user: current_user ) - true + success + end + + private + + def user_limit + limit = params.fetch(:limit, DEFAULT_LIMIT) + + limit && limit < 0 ? nil : limit end end end |