diff options
Diffstat (limited to 'app/services/clusters/update_service.rb')
-rw-r--r-- | app/services/clusters/update_service.rb | 41 |
1 files changed, 2 insertions, 39 deletions
diff --git a/app/services/clusters/update_service.rb b/app/services/clusters/update_service.rb index 8cb77040b14..2315df612a1 100644 --- a/app/services/clusters/update_service.rb +++ b/app/services/clusters/update_service.rb @@ -18,46 +18,9 @@ module Clusters private - def can_admin_pipeline_for_project?(project) - Ability.allowed?(current_user, :admin_pipeline, project) - end - def validate_params(cluster) - if params[:management_project_id].present? - management_project = management_project_scope(cluster).find_by_id(params[:management_project_id]) - - unless management_project - cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action')) - - return false - end - - unless can_admin_pipeline_for_project?(management_project) - # Use same message as not found to prevent enumeration - cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action')) - - return false - end - end - - true - end - - def management_project_scope(cluster) - return ::Project.all if cluster.instance_type? - - group = - if cluster.group_type? - cluster.first_group - elsif cluster.project_type? - cluster.first_project&.namespace - end - - # Prevent users from selecting nested projects until - # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved - include_subgroups = cluster.group_type? - - ::GroupProjectsFinder.new(group: group, current_user: current_user, options: { only_owned: true, include_subgroups: include_subgroups }).execute + ::Clusters::Management::ValidateManagementProjectPermissionsService.new(current_user) + .execute(cluster, params[:management_project_id]) end end end |