summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/concerns/access_request_actions.rb38
-rw-r--r--app/controllers/groups/group_members_controller.rb27
-rw-r--r--app/controllers/projects/project_members_controller.rb32
-rw-r--r--config/routes.rb5
-rw-r--r--spec/controllers/groups/group_members_controller_spec.rb6
-rw-r--r--spec/controllers/projects/project_members_controller_spec.rb6
6 files changed, 77 insertions, 37 deletions
diff --git a/app/controllers/concerns/access_request_actions.rb b/app/controllers/concerns/access_request_actions.rb
new file mode 100644
index 00000000000..1b0a1fe3081
--- /dev/null
+++ b/app/controllers/concerns/access_request_actions.rb
@@ -0,0 +1,38 @@
+module AccessRequestActions
+ extend ActiveSupport::Concern
+
+ def request_access
+ access_requestable_resource.request_access(current_user)
+
+ redirect_to access_requestable_resource_path,
+ notice: 'Your request for access has been queued for review.'
+ end
+
+ def approve
+ @member = access_requestable_resource.public_send(member_entity_name.pluralize).request.find(params[:id])
+
+ return render_403 unless can?(current_user, :"update_#{member_entity_name}", @member)
+
+ @member.accept_request
+
+ redirect_to access_requestable_resource_members_path
+ end
+
+ protected
+
+ def access_requestable_resource
+ raise NotImplementedError
+ end
+
+ def access_requestable_resource_path
+ access_requestable_resource
+ end
+
+ def access_requestable_resource_members_path
+ [access_requestable_resource, 'members']
+ end
+
+ def member_entity_name
+ "#{access_requestable_resource.class.to_s.underscore}_member"
+ end
+end
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index 2ebc506040f..a37129062f9 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -1,4 +1,6 @@
class Groups::GroupMembersController < Groups::ApplicationController
+ include AccessRequestActions
+
# Authorize
before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access]
@@ -82,25 +84,22 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
end
- def request_access
- @group.request_access(current_user)
+ protected
- redirect_to group_path(@group), notice: 'Your request for access has been queued for review.'
+ def member_params
+ params.require(:group_member).permit(:access_level, :user_id)
end
- def approve
- @group_member = @group.group_members.request.find(params[:id])
-
- return render_403 unless can?(current_user, :update_group_member, @group_member)
-
- @group_member.accept_request
-
- redirect_to group_group_members_path(@group)
+ # AccessRequestActions concern
+ def access_requestable_resource
+ @group
end
- protected
+ def access_requestable_resource_path
+ group_path(@group)
+ end
- def member_params
- params.require(:group_member).permit(:access_level, :user_id)
+ def access_requestable_resource_members_path
+ group_group_members_path(@group)
end
end
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index c979c5e9fa9..c61eda95bc7 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -1,4 +1,6 @@
class Projects::ProjectMembersController < Projects::ApplicationController
+ include AccessRequestActions
+
# Authorize
before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access]
@@ -99,23 +101,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
end
end
- def request_access
- @project.request_access(current_user)
-
- redirect_to namespace_project_path(@project.namespace, @project),
- notice: 'Your request for access has been queued for review.'
- end
-
- def approve
- @project_member = @project.project_members.request.find(params[:id])
-
- return render_403 unless can?(current_user, :update_project_member, @project_member)
-
- @project_member.accept_request
-
- redirect_to namespace_project_project_members_path(@project.namespace, @project)
- end
-
def apply_import
source_project = Project.find(params[:source_project_id])
@@ -135,4 +120,17 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def member_params
params.require(:project_member).permit(:user_id, :access_level)
end
+
+ # AccessRequestActions concern
+ def access_requestable_resource
+ @project
+ end
+
+ def access_requestable_resource_path
+ namespace_project_path(@project.namespace, @project)
+ end
+
+ def access_requestable_resource_members_path
+ namespace_project_project_members_path(@project.namespace, @project)
+ end
end
diff --git a/config/routes.rb b/config/routes.rb
index 62c892ee9f4..2eccb19deff 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -30,6 +30,11 @@ Rails.application.routes.draw do
mount LetterOpenerWeb::Engine, at: '/rails/letter_opener'
end
+ concern :access_requestable do
+ post :request_access, on: :collection
+ post :approve_access_request_access_request, on: :member
+ end
+
namespace :ci do
# CI API
Ci::API::API.logger Rails.logger
diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb
index aea809f890b..0ca8a656f63 100644
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@@ -165,7 +165,7 @@ describe Groups::GroupMembersController do
context 'when member is not found' do
it 'returns 403' do
- post :approve, group_id: group,
+ post :approve_access_request, group_id: group,
id: 42
expect(response.status).to eq(403)
@@ -187,7 +187,7 @@ describe Groups::GroupMembersController do
end
it 'returns 403' do
- post :approve, group_id: group,
+ post :approve_access_request, group_id: group,
id: member
expect(response.status).to eq(403)
@@ -202,7 +202,7 @@ describe Groups::GroupMembersController do
end
it 'adds user to members' do
- post :approve, group_id: group,
+ post :approve_access_request, group_id: group,
id: member
expect(response).to redirect_to(group_group_members_path(group))
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index 2ea09f43f26..d3bd2d0bbba 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -224,7 +224,7 @@ describe Projects::ProjectMembersController do
context 'when member is not found' do
it 'returns 404' do
- post :approve, namespace_id: project.namespace,
+ post :approve_access_request, namespace_id: project.namespace,
project_id: project,
id: 42
@@ -247,7 +247,7 @@ describe Projects::ProjectMembersController do
end
it 'returns 404' do
- post :approve, namespace_id: project.namespace,
+ post :approve_access_request, namespace_id: project.namespace,
project_id: project,
id: member
@@ -263,7 +263,7 @@ describe Projects::ProjectMembersController do
end
it 'adds user to members' do
- post :approve, namespace_id: project.namespace,
+ post :approve_access_request, namespace_id: project.namespace,
project_id: project,
id: member