diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index 9813d850baa93925d064f8ccf29ccf862943436d..453017e2f2b33f382ac13e804b0ef8645461313b 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -5,13 +5,12 @@ class Groups::GroupMembersController < Groups::ApplicationController
include MembersPresentation
include SortingHelper
- # Authorize
- before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access, :update, :override]
- before_action :authorize_update_group_member!, only: [:update, :override]
+ def self.admin_not_required_endpoints
+ %i[index leave request_access]
+ end
- skip_cross_project_access_check :index, :create, :update, :destroy, :request_access,
- :approve_access_request, :leave, :resend_invite,
- :override
+ # Authorize
+ before_action :authorize_admin_group_member!, except: admin_not_required_endpoints
skip_cross_project_access_check :index, :create, :update, :destroy, :request_access,
:approve_access_request, :leave, :resend_invite,
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index 720a1b9d48ee69454a79a5f2eb7bf366fe1511ce..31f6bbc14e2ef9e082df37da272f663061a3d700 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -1,4 +1,6 @@
class Groups::MilestonesController < Groups::ApplicationController
+ prepend EE::Groups::MilestonesController
+
include MilestoneActions
before_action :group_projects
@@ -77,17 +79,14 @@ def milestone_path
def milestones
milestones = MilestonesFinder.new(search_params).execute
- legacy_milestones =
- if params[:only_group_milestones]
- []
- else
- GroupMilestone.build_collection(group, group_projects, params)
- end
-
@sort = params[:sort] || 'due_date_asc'
MilestoneArray.sort(milestones + legacy_milestones, @sort)
end
+ def legacy_milestones
+ GroupMilestone.build_collection(group, group_projects, params)
+ end
+
def milestone
@milestone =
if params[:title]
diff --git a/ee/app/controllers/ee/groups/group_members_controller.rb b/ee/app/controllers/ee/groups/group_members_controller.rb
index 11028230550fde83cff3bf2b3ab778491d216eaf..77239b26f87527f7f4137ea0b48e839e2d08983d 100644
--- a/ee/app/controllers/ee/groups/group_members_controller.rb
+++ b/ee/app/controllers/ee/groups/group_members_controller.rb
@@ -3,6 +3,19 @@ module Groups
module GroupMembersController
extend ActiveSupport::Concern
+ class_methods do
+ extend ::Gitlab::Utils::Override
+
+ override :admin_not_required_endpoints
+ def admin_not_required_endpoints
+ super.concat(%i[update override])
+ end
+ end
+
+ included do
+ before_action :authorize_update_group_member!, only: [:update, :override]
+ end
+
# rubocop:disable Gitlab/ModuleWithInstanceVariables
def override
member = @group.members.find_by!(id: params[:id])
diff --git a/ee/app/controllers/ee/groups/milestones_controller.rb b/ee/app/controllers/ee/groups/milestones_controller.rb
new file mode 100644
index 0000000000000000000000000000000000000000..255c6e3ece5be928f2ffadd663643613916d1aef
--- /dev/null
+++ b/ee/app/controllers/ee/groups/milestones_controller.rb
@@ -0,0 +1,12 @@
+module EE
+ module Groups
+ module MilestonesController
+ extend ::Gitlab::Utils::Override
+
+ override :legacy_milestones
+ def legacy_milestones
+ params[:only_group_milestones] ? [] : super
+ end
+ end
+ end
+end