Class: ResourceAccessTokens::CreateService

Inherits:
BaseService
  • Object
show all
Defined in:
app/services/resource_access_tokens/create_service.rb

Instance Attribute Summary

Attributes inherited from BaseService

#current_user, #params, #project

Instance Method Summary collapse

Methods included from BaseServiceUtility

#deny_visibility_level, #event_service, #log_error, #log_info, #notification_service, #system_hook_service, #todo_service, #visibility_level

Methods included from Gitlab::Allowable

#can?

Constructor Details

#initialize(current_user, resource, params = {}) ⇒ CreateService

Returns a new instance of CreateService.


5
6
7
8
9
10
# File 'app/services/resource_access_tokens/create_service.rb', line 5

def initialize(current_user, resource, params = {})
  @resource_type = resource.class.name.downcase
  @resource = resource
  @current_user = current_user
  @params = params.dup
end

Instance Method Details

#executeObject


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'app/services/resource_access_tokens/create_service.rb', line 12

def execute
  return error("User does not have permission to create #{resource_type} access token") unless has_permission_to_create?

  access_level = params[:access_level] || Gitlab::Access::MAINTAINER
  return error("Could not provision owner access to project access token") if do_not_allow_owner_access_level_for_project_bot?(access_level)

  user = create_user

  return error(user.errors.full_messages.to_sentence) unless user.persisted?

  user.update!(external: true) if current_user.external?

  member = create_membership(resource, user, access_level)

  unless member.persisted?
    delete_failed_user(user)
    return error("Could not provision #{Gitlab::Access.human_access(access_level).downcase} access to project access token")
  end

  token_response = create_personal_access_token(user)

  if token_response.success?
    log_event(token_response.payload[:personal_access_token])
    success(token_response.payload[:personal_access_token])
  else
    delete_failed_user(user)
    error(token_response.message)
  end
end