Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
5c602e30
Commit
5c602e30
authored
Jun 06, 2017
by
Nick Thomas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Limit non-administrators to adding 100 members at a time to groups and projects
parent
2f02843f
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
57 additions
and
14 deletions
+57
-14
app/controllers/admin/groups_controller.rb
app/controllers/admin/groups_controller.rb
+4
-3
app/controllers/concerns/membership_actions.rb
app/controllers/concerns/membership_actions.rb
+4
-3
app/services/members/create_service.rb
app/services/members/create_service.rb
+19
-3
changelogs/unreleased/27148-limit-bulk-create-memberships.yml
...gelogs/unreleased/27148-limit-bulk-create-memberships.yml
+4
-0
spec/controllers/admin/groups_controller_spec.rb
spec/controllers/admin/groups_controller_spec.rb
+9
-0
spec/controllers/projects/project_members_controller_spec.rb
spec/controllers/projects/project_members_controller_spec.rb
+3
-3
spec/services/members/create_service_spec.rb
spec/services/members/create_service_spec.rb
+14
-2
No files found.
app/controllers/admin/groups_controller.rb
View file @
5c602e30
...
...
@@ -43,12 +43,13 @@ class Admin::GroupsController < Admin::ApplicationController
end
def
members_update
status
=
Members
::
CreateService
.
new
(
@group
,
current_user
,
params
).
execute
member_params
=
params
.
permit
(
:user_ids
,
:access_level
,
:expires_at
)
result
=
Members
::
CreateService
.
new
(
@group
,
current_user
,
member_params
.
merge
(
limit:
-
1
)).
execute
if
statu
s
if
result
[
:status
]
==
:succes
s
redirect_to
[
:admin
,
@group
],
notice:
'Users were successfully added.'
else
redirect_to
[
:admin
,
@group
],
alert:
'No users specified.'
redirect_to
[
:admin
,
@group
],
alert:
result
[
:message
]
end
end
...
...
app/controllers/concerns/membership_actions.rb
View file @
5c602e30
...
...
@@ -2,14 +2,15 @@ module MembershipActions
extend
ActiveSupport
::
Concern
def
create
status
=
Members
::
CreateService
.
new
(
membershipable
,
current_user
,
params
).
execute
create_params
=
params
.
permit
(
:user_ids
,
:access_level
,
:expires_at
)
result
=
Members
::
CreateService
.
new
(
membershipable
,
current_user
,
create_params
).
execute
redirect_url
=
members_page_url
if
statu
s
if
result
[
:status
]
==
:succes
s
redirect_to
redirect_url
,
notice:
'Users were successfully added.'
else
redirect_to
redirect_url
,
alert:
'No users specified.'
redirect_to
redirect_url
,
alert:
result
[
:message
]
end
end
...
...
app/services/members/create_service.rb
View file @
5c602e30
module
Members
class
CreateService
<
BaseService
DEFAULT_LIMIT
=
100
def
initialize
(
source
,
current_user
,
params
=
{})
@source
=
source
@current_user
=
current_user
@params
=
params
@error
=
nil
end
def
execute
return
false
if
params
[
:user_ids
].
blank?
return
error
(
'No users specified.'
)
if
params
[
:user_ids
].
blank?
user_ids
=
params
[
:user_ids
].
split
(
','
).
uniq
return
error
(
"Too many users specified (limit is
#{
user_limit
}
)"
)
if
user_limit
&&
user_ids
.
size
>
user_limit
@source
.
add_users
(
params
[
:user_ids
].
split
(
','
)
,
user_ids
,
params
[
:access_level
],
expires_at:
params
[
:expires_at
],
current_user:
current_user
)
true
success
end
private
def
user_limit
limit
=
params
.
fetch
(
:limit
,
DEFAULT_LIMIT
)
limit
&&
limit
<
0
?
nil
:
limit
end
end
end
changelogs/unreleased/27148-limit-bulk-create-memberships.yml
0 → 100644
View file @
5c602e30
---
title
:
Limit non-administrators to adding 100 members at a time to groups and projects
merge_request
:
11940
author
:
spec/controllers/admin/groups_controller_spec.rb
View file @
5c602e30
...
...
@@ -36,6 +36,15 @@ describe Admin::GroupsController do
expect
(
group
.
users
).
to
include
group_user
end
it
'can add unlimited members'
do
put
:members_update
,
id:
group
,
user_ids:
1
.
upto
(
1000
).
to_a
.
join
(
','
),
access_level:
Gitlab
::
Access
::
GUEST
expect
(
response
).
to
set_flash
.
to
'Users were successfully added.'
expect
(
response
).
to
redirect_to
(
admin_group_path
(
group
))
end
it
'adds no user to members'
do
put
:members_update
,
id:
group
,
user_ids:
''
,
...
...
spec/controllers/projects/project_members_controller_spec.rb
View file @
5c602e30
...
...
@@ -36,7 +36,7 @@ describe Projects::ProjectMembersController do
before
{
project
.
team
<<
[
user
,
:master
]
}
it
'adds user to members'
do
expect_any_instance_of
(
Members
::
CreateService
).
to
receive
(
:execute
).
and_return
(
true
)
expect_any_instance_of
(
Members
::
CreateService
).
to
receive
(
:execute
).
and_return
(
status: :success
)
post
:create
,
namespace_id:
project
.
namespace
,
project_id:
project
,
...
...
@@ -48,14 +48,14 @@ describe Projects::ProjectMembersController do
end
it
'adds no user to members'
do
expect_any_instance_of
(
Members
::
CreateService
).
to
receive
(
:execute
).
and_return
(
false
)
expect_any_instance_of
(
Members
::
CreateService
).
to
receive
(
:execute
).
and_return
(
status: :failure
,
message:
'Message'
)
post
:create
,
namespace_id:
project
.
namespace
,
project_id:
project
,
user_ids:
''
,
access_level:
Gitlab
::
Access
::
GUEST
expect
(
response
).
to
set_flash
.
to
'
No users specified.
'
expect
(
response
).
to
set_flash
.
to
'
Message
'
expect
(
response
).
to
redirect_to
(
namespace_project_settings_members_path
(
project
.
namespace
,
project
))
end
end
...
...
spec/services/members/create_service_spec.rb
View file @
5c602e30
...
...
@@ -11,7 +11,7 @@ describe Members::CreateService, services: true do
params
=
{
user_ids:
project_user
.
id
.
to_s
,
access_level:
Gitlab
::
Access
::
GUEST
}
result
=
described_class
.
new
(
project
,
user
,
params
).
execute
expect
(
result
).
to
be_truthy
expect
(
result
[
:status
]).
to
eq
(
:success
)
expect
(
project
.
users
).
to
include
project_user
end
...
...
@@ -19,7 +19,19 @@ describe Members::CreateService, services: true do
params
=
{
user_ids:
''
,
access_level:
Gitlab
::
Access
::
GUEST
}
result
=
described_class
.
new
(
project
,
user
,
params
).
execute
expect
(
result
).
to
be_falsey
expect
(
result
[
:status
]).
to
eq
(
:error
)
expect
(
result
[
:message
]).
to
be_present
expect
(
project
.
users
).
not_to
include
project_user
end
it
'limits the number of users to 100'
do
user_ids
=
1
.
upto
(
101
).
to_a
.
join
(
','
)
params
=
{
user_ids:
user_ids
,
access_level:
Gitlab
::
Access
::
GUEST
}
result
=
described_class
.
new
(
project
,
user
,
params
).
execute
expect
(
result
[
:status
]).
to
eq
(
:error
)
expect
(
result
[
:message
]).
to
be_present
expect
(
project
.
users
).
not_to
include
project_user
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment