diff options
author | Nick Thomas <nick@gitlab.com> | 2017-06-06 15:55:12 +0100 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-06-06 16:04:26 +0100 |
commit | 5c602e306cdf979a70aaa81cd473f491f2eee45a (patch) | |
tree | e1c1d5490f74b9ae44ecb8b91712c7b54c139ec7 /app | |
parent | 2f02843fe9fbcbef09ef8f122e9a84d809f2c29a (diff) | |
download | gitlab-ce-5c602e306cdf979a70aaa81cd473f491f2eee45a.tar.gz |
Limit non-administrators to adding 100 members at a time to groups and projects
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/admin/groups_controller.rb | 7 | ||||
-rw-r--r-- | app/controllers/concerns/membership_actions.rb | 7 | ||||
-rw-r--r-- | app/services/members/create_service.rb | 22 |
3 files changed, 27 insertions, 9 deletions
diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 5885b3543bb..5a2a7c7f27b 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -43,12 +43,13 @@ class Admin::GroupsController < Admin::ApplicationController end def members_update - status = Members::CreateService.new(@group, current_user, params).execute + member_params = params.permit(:user_ids, :access_level, :expires_at) + result = Members::CreateService.new(@group, current_user, member_params.merge(limit: -1)).execute - if status + if result[:status] == :success redirect_to [:admin, @group], notice: 'Users were successfully added.' else - redirect_to [:admin, @group], alert: 'No users specified.' + redirect_to [:admin, @group], alert: result[:message] end end diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index b1bacc8ffe5..cefb9b4e766 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -2,14 +2,15 @@ module MembershipActions extend ActiveSupport::Concern def create - status = Members::CreateService.new(membershipable, current_user, params).execute + create_params = params.permit(:user_ids, :access_level, :expires_at) + result = Members::CreateService.new(membershipable, current_user, create_params).execute redirect_url = members_page_url - if status + if result[:status] == :success redirect_to redirect_url, notice: 'Users were successfully added.' else - redirect_to redirect_url, alert: 'No users specified.' + redirect_to redirect_url, alert: result[:message] end end diff --git a/app/services/members/create_service.rb b/app/services/members/create_service.rb index 3a58f6c065d..26906ae7167 100644 --- a/app/services/members/create_service.rb +++ b/app/services/members/create_service.rb @@ -1,22 +1,38 @@ module Members class CreateService < BaseService + DEFAULT_LIMIT = 100 + def initialize(source, current_user, params = {}) @source = source @current_user = current_user @params = params + @error = nil end def execute - return false if params[:user_ids].blank? + return error('No users specified.') if params[:user_ids].blank? + + user_ids = params[:user_ids].split(',').uniq + + return error("Too many users specified (limit is #{user_limit})") if + user_limit && user_ids.size > user_limit @source.add_users( - params[:user_ids].split(','), + user_ids, params[:access_level], expires_at: params[:expires_at], current_user: current_user ) - true + success + end + + private + + def user_limit + limit = params.fetch(:limit, DEFAULT_LIMIT) + + limit && limit < 0 ? nil : limit end end end |