diff options
Diffstat (limited to 'app/services/resource_access_tokens/create_service.rb')
-rw-r--r-- | app/services/resource_access_tokens/create_service.rb | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb index cdeb57627a8..70e09be9407 100644 --- a/app/services/resource_access_tokens/create_service.rb +++ b/app/services/resource_access_tokens/create_service.rb @@ -15,13 +15,20 @@ module ResourceAccessTokens user = create_user return error(user.errors.full_messages.to_sentence) unless user.persisted? - return error("Failed to provide maintainer access") unless provision_access(resource, user) + + member = create_membership(resource, user) + + unless member.persisted? + delete_failed_user(user) + return error("Could not provision maintainer access to project access token") + end token_response = create_personal_access_token(user) if token_response.success? success(token_response.payload[:personal_access_token]) else + delete_failed_user(user) error(token_response.message) end end @@ -43,6 +50,10 @@ module ResourceAccessTokens Users::CreateService.new(current_user, default_user_params).execute(skip_authorization: true) end + def delete_failed_user(user) + DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: true, skip_authorization: true) + end + def default_user_params { name: params[:name] || "#{resource.name.to_s.humanize} bot", @@ -72,7 +83,9 @@ module ResourceAccessTokens end def create_personal_access_token(user) - PersonalAccessTokens::CreateService.new(user, personal_access_token_params).execute + PersonalAccessTokens::CreateService.new( + current_user: user, target_user: user, params: personal_access_token_params + ).execute end def personal_access_token_params @@ -88,7 +101,7 @@ module ResourceAccessTokens Gitlab::Auth.resource_bot_scopes end - def provision_access(resource, user) + def create_membership(resource, user) resource.add_user(user, :maintainer, expires_at: params[:expires_at]) end |