diff options
Diffstat (limited to 'app/controllers/groups/group_members_controller.rb')
-rw-r--r-- | app/controllers/groups/group_members_controller.rb | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index d0f2e2949f0..48dbf656e84 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -1,13 +1,11 @@ class Groups::GroupMembersController < Groups::ApplicationController - include MembershipActions - # Authorize - before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access] + before_action :authorize_admin_group_member!, except: [:index, :leave] def index @project = @group.projects.find(params[:project_id]) if params[:project_id] @members = @group.group_members - @members = @members.non_pending unless can?(current_user, :admin_group, @group) + @members = @members.non_invite unless can?(current_user, :admin_group, @group) if params[:search].present? users = @group.users.search(params[:search]).to_a @@ -60,16 +58,25 @@ class Groups::GroupMembersController < Groups::ApplicationController end end - protected + def leave + @group_member = @group.group_members.find_by(user_id: current_user) - def member_params - params.require(:group_member).permit(:access_level, :user_id) + if can?(current_user, :destroy_group_member, @group_member) + @group_member.destroy + + redirect_to(dashboard_groups_path, notice: "You left #{group.name} group.") + else + if @group.last_owner?(current_user) + redirect_to(dashboard_groups_path, alert: "You can not leave #{group.name} group because you're the last owner. Transfer or delete the group.") + else + return render_403 + end + end end - # MembershipActions concern - alias_method :membershipable, :group + protected - def cannot_leave? - @group.last_owner?(current_user) + def member_params + params.require(:group_member).permit(:access_level, :user_id) end end |