Commit d71fbe0d authored by Rémy Coutable's avatar Rémy Coutable

Factorize #request_access and #approve_access_request into a new...

Factorize #request_access and #approve_access_request  into a new AccessRequestActions controller concern
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent d26f8123
module AccessRequestActions
extend ActiveSupport::Concern
def request_access
access_requestable_resource.request_access(current_user)
redirect_to access_requestable_resource_path,
notice: 'Your request for access has been queued for review.'
end
def approve
@member = access_requestable_resource.public_send(member_entity_name.pluralize).request.find(params[:id])
return render_403 unless can?(current_user, :"update_#{member_entity_name}", @member)
@member.accept_request
redirect_to access_requestable_resource_members_path
end
protected
def access_requestable_resource
raise NotImplementedError
end
def access_requestable_resource_path
access_requestable_resource
end
def access_requestable_resource_members_path
[access_requestable_resource, 'members']
end
def member_entity_name
"#{access_requestable_resource.class.to_s.underscore}_member"
end
end
class Groups::GroupMembersController < Groups::ApplicationController class Groups::GroupMembersController < Groups::ApplicationController
include AccessRequestActions
# Authorize # Authorize
before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access] before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access]
...@@ -82,25 +84,22 @@ class Groups::GroupMembersController < Groups::ApplicationController ...@@ -82,25 +84,22 @@ class Groups::GroupMembersController < Groups::ApplicationController
end end
end end
def request_access protected
@group.request_access(current_user)
redirect_to group_path(@group), notice: 'Your request for access has been queued for review.' def member_params
params.require(:group_member).permit(:access_level, :user_id)
end end
def approve # AccessRequestActions concern
@group_member = @group.group_members.request.find(params[:id]) def access_requestable_resource
@group
return render_403 unless can?(current_user, :update_group_member, @group_member)
@group_member.accept_request
redirect_to group_group_members_path(@group)
end end
protected def access_requestable_resource_path
group_path(@group)
end
def member_params def access_requestable_resource_members_path
params.require(:group_member).permit(:access_level, :user_id) group_group_members_path(@group)
end end
end end
class Projects::ProjectMembersController < Projects::ApplicationController class Projects::ProjectMembersController < Projects::ApplicationController
include AccessRequestActions
# Authorize # Authorize
before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access] before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access]
...@@ -99,23 +101,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController ...@@ -99,23 +101,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
end end
end end
def request_access
@project.request_access(current_user)
redirect_to namespace_project_path(@project.namespace, @project),
notice: 'Your request for access has been queued for review.'
end
def approve
@project_member = @project.project_members.request.find(params[:id])
return render_403 unless can?(current_user, :update_project_member, @project_member)
@project_member.accept_request
redirect_to namespace_project_project_members_path(@project.namespace, @project)
end
def apply_import def apply_import
source_project = Project.find(params[:source_project_id]) source_project = Project.find(params[:source_project_id])
...@@ -135,4 +120,17 @@ class Projects::ProjectMembersController < Projects::ApplicationController ...@@ -135,4 +120,17 @@ class Projects::ProjectMembersController < Projects::ApplicationController
def member_params def member_params
params.require(:project_member).permit(:user_id, :access_level) params.require(:project_member).permit(:user_id, :access_level)
end end
# AccessRequestActions concern
def access_requestable_resource
@project
end
def access_requestable_resource_path
namespace_project_path(@project.namespace, @project)
end
def access_requestable_resource_members_path
namespace_project_project_members_path(@project.namespace, @project)
end
end end
...@@ -30,6 +30,11 @@ Rails.application.routes.draw do ...@@ -30,6 +30,11 @@ Rails.application.routes.draw do
mount LetterOpenerWeb::Engine, at: '/rails/letter_opener' mount LetterOpenerWeb::Engine, at: '/rails/letter_opener'
end end
concern :access_requestable do
post :request_access, on: :collection
post :approve_access_request_access_request, on: :member
end
namespace :ci do namespace :ci do
# CI API # CI API
Ci::API::API.logger Rails.logger Ci::API::API.logger Rails.logger
......
...@@ -165,7 +165,7 @@ describe Groups::GroupMembersController do ...@@ -165,7 +165,7 @@ describe Groups::GroupMembersController do
context 'when member is not found' do context 'when member is not found' do
it 'returns 403' do it 'returns 403' do
post :approve, group_id: group, post :approve_access_request, group_id: group,
id: 42 id: 42
expect(response.status).to eq(403) expect(response.status).to eq(403)
...@@ -187,7 +187,7 @@ describe Groups::GroupMembersController do ...@@ -187,7 +187,7 @@ describe Groups::GroupMembersController do
end end
it 'returns 403' do it 'returns 403' do
post :approve, group_id: group, post :approve_access_request, group_id: group,
id: member id: member
expect(response.status).to eq(403) expect(response.status).to eq(403)
...@@ -202,7 +202,7 @@ describe Groups::GroupMembersController do ...@@ -202,7 +202,7 @@ describe Groups::GroupMembersController do
end end
it 'adds user to members' do it 'adds user to members' do
post :approve, group_id: group, post :approve_access_request, group_id: group,
id: member id: member
expect(response).to redirect_to(group_group_members_path(group)) expect(response).to redirect_to(group_group_members_path(group))
......
...@@ -224,7 +224,7 @@ describe Projects::ProjectMembersController do ...@@ -224,7 +224,7 @@ describe Projects::ProjectMembersController do
context 'when member is not found' do context 'when member is not found' do
it 'returns 404' do it 'returns 404' do
post :approve, namespace_id: project.namespace, post :approve_access_request, namespace_id: project.namespace,
project_id: project, project_id: project,
id: 42 id: 42
...@@ -247,7 +247,7 @@ describe Projects::ProjectMembersController do ...@@ -247,7 +247,7 @@ describe Projects::ProjectMembersController do
end end
it 'returns 404' do it 'returns 404' do
post :approve, namespace_id: project.namespace, post :approve_access_request, namespace_id: project.namespace,
project_id: project, project_id: project,
id: member id: member
...@@ -263,7 +263,7 @@ describe Projects::ProjectMembersController do ...@@ -263,7 +263,7 @@ describe Projects::ProjectMembersController do
end end
it 'adds user to members' do it 'adds user to members' do
post :approve, namespace_id: project.namespace, post :approve_access_request, namespace_id: project.namespace,
project_id: project, project_id: project,
id: member id: member
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment