summaryrefslogtreecommitdiff
path: root/lib/api/members.rb
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2016-09-16 17:54:21 +0200
committerRémy Coutable <remy@rymai.me>2016-09-28 09:43:00 +0200
commitec0061a95cbba02286b2c143048c93d8f26ff5f0 (patch)
tree21daadac7aaf5a8caf3247c9e54604a0f633bd23 /lib/api/members.rb
parent3b206ccb8393d8f2c5ad227874d9a60beb054782 (diff)
downloadgitlab-ce-ec0061a95cbba02286b2c143048c93d8f26ff5f0.tar.gz
Allow Member.add_user to handle access requesters
Changes include: - Ensure Member.add_user is not called directly when not necessary - New GroupMember.add_users_to_group to have the same abstraction level as for Project - Refactor Member.add_user to take a source instead of an array of members - Fix Rubocop offenses - Always use Project#add_user instead of project.team.add_user - Factorize users addition as members in Member.add_users_to_source - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects - Destroy any requester before adding them as a member - Improve the way we handle access requesters in Member.add_user Instead of removing the requester and creating a new member, we now simply accepts their access request. This way, they will receive a "access request granted" email. - Fix error that was previously silently ignored - Stop raising when access level is invalid in Member, let Rails validation do their work Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'lib/api/members.rb')
-rw-r--r--lib/api/members.rb17
1 files changed, 2 insertions, 15 deletions
diff --git a/lib/api/members.rb b/lib/api/members.rb
index 37f0a6512f4..a18ce769e29 100644
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -59,13 +59,6 @@ module API
authorize_admin_source!(source_type, source)
required_attributes! [:user_id, :access_level]
- access_requester = source.requesters.find_by(user_id: params[:user_id])
- if access_requester
- # We pass current_user = access_requester so that the requester doesn't
- # receive a "access denied" email
- ::Members::DestroyService.new(access_requester, access_requester.user).execute
- end
-
member = source.members.find_by(user_id: params[:user_id])
# This is to ensure back-compatibility but 409 behavior should be used
@@ -73,18 +66,12 @@ module API
conflict!('Member already exists') if source_type == 'group' && member
unless member
- source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
- member = source.members.find_by(user_id: params[:user_id])
+ member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
end
- if member
+ if member.persisted? && member.valid?
present member.user, with: Entities::Member, member: member
else
- # Since `source.add_user` doesn't return a member object, we have to
- # build a new one and populate its errors in order to render them.
- member = source.members.build(attributes_for_keys([:user_id, :access_level, :expires_at]))
- member.valid? # populate the errors
-
# This is to ensure back-compatibility but 400 behavior should be used
# for all validation errors in 9.0!
render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)