diff options
-rw-r--r-- | app/controllers/concerns/access_request_actions.rb | 38 | ||||
-rw-r--r-- | app/controllers/groups/group_members_controller.rb | 27 | ||||
-rw-r--r-- | app/controllers/projects/project_members_controller.rb | 32 | ||||
-rw-r--r-- | config/routes.rb | 5 | ||||
-rw-r--r-- | spec/controllers/groups/group_members_controller_spec.rb | 6 | ||||
-rw-r--r-- | spec/controllers/projects/project_members_controller_spec.rb | 6 |
6 files changed, 77 insertions, 37 deletions
diff --git a/app/controllers/concerns/access_request_actions.rb b/app/controllers/concerns/access_request_actions.rb new file mode 100644 index 00000000000..1b0a1fe3081 --- /dev/null +++ b/app/controllers/concerns/access_request_actions.rb @@ -0,0 +1,38 @@ +module AccessRequestActions + extend ActiveSupport::Concern + + def request_access + access_requestable_resource.request_access(current_user) + + redirect_to access_requestable_resource_path, + notice: 'Your request for access has been queued for review.' + end + + def approve + @member = access_requestable_resource.public_send(member_entity_name.pluralize).request.find(params[:id]) + + return render_403 unless can?(current_user, :"update_#{member_entity_name}", @member) + + @member.accept_request + + redirect_to access_requestable_resource_members_path + end + + protected + + def access_requestable_resource + raise NotImplementedError + end + + def access_requestable_resource_path + access_requestable_resource + end + + def access_requestable_resource_members_path + [access_requestable_resource, 'members'] + end + + def member_entity_name + "#{access_requestable_resource.class.to_s.underscore}_member" + end +end diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index 2ebc506040f..a37129062f9 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -1,4 +1,6 @@ class Groups::GroupMembersController < Groups::ApplicationController + include AccessRequestActions + # Authorize before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access] @@ -82,25 +84,22 @@ class Groups::GroupMembersController < Groups::ApplicationController end end - def request_access - @group.request_access(current_user) + protected - redirect_to group_path(@group), notice: 'Your request for access has been queued for review.' + def member_params + params.require(:group_member).permit(:access_level, :user_id) end - def approve - @group_member = @group.group_members.request.find(params[:id]) - - return render_403 unless can?(current_user, :update_group_member, @group_member) - - @group_member.accept_request - - redirect_to group_group_members_path(@group) + # AccessRequestActions concern + def access_requestable_resource + @group end - protected + def access_requestable_resource_path + group_path(@group) + end - def member_params - params.require(:group_member).permit(:access_level, :user_id) + def access_requestable_resource_members_path + group_group_members_path(@group) end end diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index c979c5e9fa9..c61eda95bc7 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -1,4 +1,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController + include AccessRequestActions + # Authorize before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access] @@ -99,23 +101,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController end end - def request_access - @project.request_access(current_user) - - redirect_to namespace_project_path(@project.namespace, @project), - notice: 'Your request for access has been queued for review.' - end - - def approve - @project_member = @project.project_members.request.find(params[:id]) - - return render_403 unless can?(current_user, :update_project_member, @project_member) - - @project_member.accept_request - - redirect_to namespace_project_project_members_path(@project.namespace, @project) - end - def apply_import source_project = Project.find(params[:source_project_id]) @@ -135,4 +120,17 @@ class Projects::ProjectMembersController < Projects::ApplicationController def member_params params.require(:project_member).permit(:user_id, :access_level) end + + # AccessRequestActions concern + def access_requestable_resource + @project + end + + def access_requestable_resource_path + namespace_project_path(@project.namespace, @project) + end + + def access_requestable_resource_members_path + namespace_project_project_members_path(@project.namespace, @project) + end end diff --git a/config/routes.rb b/config/routes.rb index 62c892ee9f4..2eccb19deff 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -30,6 +30,11 @@ Rails.application.routes.draw do mount LetterOpenerWeb::Engine, at: '/rails/letter_opener' end + concern :access_requestable do + post :request_access, on: :collection + post :approve_access_request_access_request, on: :member + end + namespace :ci do # CI API Ci::API::API.logger Rails.logger diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb index aea809f890b..0ca8a656f63 100644 --- a/spec/controllers/groups/group_members_controller_spec.rb +++ b/spec/controllers/groups/group_members_controller_spec.rb @@ -165,7 +165,7 @@ describe Groups::GroupMembersController do context 'when member is not found' do it 'returns 403' do - post :approve, group_id: group, + post :approve_access_request, group_id: group, id: 42 expect(response.status).to eq(403) @@ -187,7 +187,7 @@ describe Groups::GroupMembersController do end it 'returns 403' do - post :approve, group_id: group, + post :approve_access_request, group_id: group, id: member expect(response.status).to eq(403) @@ -202,7 +202,7 @@ describe Groups::GroupMembersController do end it 'adds user to members' do - post :approve, group_id: group, + post :approve_access_request, group_id: group, id: member expect(response).to redirect_to(group_group_members_path(group)) diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb index 2ea09f43f26..d3bd2d0bbba 100644 --- a/spec/controllers/projects/project_members_controller_spec.rb +++ b/spec/controllers/projects/project_members_controller_spec.rb @@ -224,7 +224,7 @@ describe Projects::ProjectMembersController do context 'when member is not found' do it 'returns 404' do - post :approve, namespace_id: project.namespace, + post :approve_access_request, namespace_id: project.namespace, project_id: project, id: 42 @@ -247,7 +247,7 @@ describe Projects::ProjectMembersController do end it 'returns 404' do - post :approve, namespace_id: project.namespace, + post :approve_access_request, namespace_id: project.namespace, project_id: project, id: member @@ -263,7 +263,7 @@ describe Projects::ProjectMembersController do end it 'adds user to members' do - post :approve, namespace_id: project.namespace, + post :approve_access_request, namespace_id: project.namespace, project_id: project, id: member |