2019-04-15 06:17:05 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-03-30 16:14:21 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-03 23:08:05 -04:00
|
|
|
RSpec.describe Groups::GroupMembersController do
|
2019-04-09 11:38:58 -04:00
|
|
|
include ExternalAuthorizationServiceHelpers
|
|
|
|
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:user) { create(:user) }
|
|
|
|
let_it_be(:group, reload: true) { create(:group, :public) }
|
2016-03-30 16:14:21 -04:00
|
|
|
|
2021-04-12 14:12:15 -04:00
|
|
|
before do
|
|
|
|
travel_to DateTime.new(2019, 4, 1)
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
travel_back
|
2021-01-31 04:09:05 -05:00
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'GET index' do
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'renders index with 200 status code', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
get :index, params: { group_id: group }
|
2016-04-07 15:36:26 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2016-04-07 15:36:26 -04:00
|
|
|
expect(response).to render_template(:index)
|
2016-03-30 16:14:21 -04:00
|
|
|
end
|
2019-05-18 11:06:20 -04:00
|
|
|
|
2021-05-11 11:10:20 -04:00
|
|
|
context 'when user can manage members' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:invited) { create_list(:group_member, 3, :invited, group: group) }
|
2019-05-18 11:06:20 -04:00
|
|
|
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'assigns invited members' do
|
|
|
|
get :index, params: { group_id: group }
|
|
|
|
|
|
|
|
expect(assigns(:invited_members).map(&:invite_email)).to match_array(invited.map(&:invite_email))
|
|
|
|
end
|
|
|
|
|
2020-01-13 10:07:53 -05:00
|
|
|
it 'assigns skip groups' do
|
|
|
|
get :index, params: { group_id: group }
|
|
|
|
|
|
|
|
expect(assigns(:skip_groups)).to match_array(group.related_group_ids)
|
|
|
|
end
|
|
|
|
|
2019-05-18 11:06:20 -04:00
|
|
|
it 'restricts search to one email' do
|
|
|
|
get :index, params: { group_id: group, search_invited: invited.first.invite_email }
|
|
|
|
|
|
|
|
expect(assigns(:invited_members).map(&:invite_email)).to match_array(invited.first.invite_email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'paginates invited list' do
|
|
|
|
stub_const('Groups::GroupMembersController::MEMBER_PER_PAGE_LIMIT', 2)
|
|
|
|
|
|
|
|
get :index, params: { group_id: group, invited_members_page: 1 }
|
|
|
|
|
|
|
|
expect(assigns(:invited_members).count).to eq(2)
|
|
|
|
|
|
|
|
get :index, params: { group_id: group, invited_members_page: 2 }
|
|
|
|
|
|
|
|
expect(assigns(:invited_members).count).to eq(1)
|
|
|
|
end
|
|
|
|
end
|
2019-12-13 10:08:02 -05:00
|
|
|
|
2021-05-11 11:10:20 -04:00
|
|
|
context 'when user cannot manage members' do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not assign invited members or skip_groups', :aggregate_failures do
|
|
|
|
get :index, params: { group_id: group }
|
|
|
|
|
|
|
|
expect(assigns(:invited_members)).to be_nil
|
|
|
|
expect(assigns(:skip_groups)).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-12-13 10:08:02 -05:00
|
|
|
context 'when user has owner access to subgroup' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:nested_group) { create(:group, parent: group) }
|
|
|
|
let_it_be(:nested_group_user) { create(:user) }
|
2019-12-13 10:08:02 -05:00
|
|
|
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
nested_group.add_owner(nested_group_user)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'lists inherited group members by default' do
|
|
|
|
get :index, params: { group_id: nested_group }
|
|
|
|
|
|
|
|
expect(assigns(:members).map(&:user_id)).to contain_exactly(user.id, nested_group_user.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'lists direct group members only' do
|
|
|
|
get :index, params: { group_id: nested_group, with_inherited_permissions: 'exclude' }
|
|
|
|
|
|
|
|
expect(assigns(:members).map(&:user_id)).to contain_exactly(nested_group_user.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'lists inherited group members only' do
|
|
|
|
get :index, params: { group_id: nested_group, with_inherited_permissions: 'only' }
|
|
|
|
|
|
|
|
expect(assigns(:members).map(&:user_id)).to contain_exactly(user.id)
|
|
|
|
end
|
|
|
|
end
|
2016-03-30 16:14:21 -04:00
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
describe 'POST create' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:group_user) { create(:user) }
|
2016-10-19 10:50:41 -04:00
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-10-19 10:50:41 -04:00
|
|
|
|
|
|
|
context 'when user does not have enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-10-19 10:50:41 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'returns 403', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: group_user.id,
|
|
|
|
access_level: Gitlab::Access::GUEST
|
|
|
|
}
|
2016-10-19 10:50:41 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
2016-10-19 10:50:41 -04:00
|
|
|
expect(group.users).not_to include group_user
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
2016-10-19 10:50:41 -04:00
|
|
|
end
|
2016-10-05 15:58:34 -04:00
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
context 'when user has enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-10-05 15:58:34 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'adds user to members', :aggregate_failures, :snowplow do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: group_user.id,
|
|
|
|
access_level: Gitlab::Access::GUEST
|
|
|
|
}
|
2016-10-05 15:58:34 -04:00
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'Users were successfully added.'
|
2016-10-19 10:50:41 -04:00
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.users).to include group_user
|
2021-06-09 23:10:01 -04:00
|
|
|
expect_snowplow_event(
|
|
|
|
category: 'Members::CreateService',
|
|
|
|
action: 'create_member',
|
|
|
|
label: 'group-members-page',
|
|
|
|
property: 'existing_user',
|
|
|
|
user: user
|
|
|
|
)
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'adds no user to members', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: '',
|
|
|
|
access_level: Gitlab::Access::GUEST
|
|
|
|
}
|
2016-10-19 10:50:41 -04:00
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'No users specified.'
|
2016-10-19 10:50:41 -04:00
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.users).not_to include group_user
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
|
|
|
end
|
2020-10-01 14:10:20 -04:00
|
|
|
|
|
|
|
context 'access expiry date' do
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
subject do
|
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: group_user.id,
|
|
|
|
access_level: Gitlab::Access::GUEST,
|
|
|
|
expires_at: expires_at
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when set to a date in the past' do
|
|
|
|
let(:expires_at) { 2.days.ago }
|
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'does not add user to members', :aggregate_failures do
|
2020-10-01 14:10:20 -04:00
|
|
|
subject
|
|
|
|
|
|
|
|
expect(flash[:alert]).to include('Expires at cannot be a date in the past')
|
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.users).not_to include group_user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when set to a date in the future' do
|
|
|
|
let(:expires_at) { 5.days.from_now }
|
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'adds user to members', :aggregate_failures do
|
2020-10-01 14:10:20 -04:00
|
|
|
subject
|
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'Users were successfully added.'
|
2020-10-01 14:10:20 -04:00
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.users).to include group_user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
|
|
|
|
2017-12-11 09:53:31 -05:00
|
|
|
describe 'PUT update' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:requester) { create(:group_member, :access_request, group: group) }
|
2017-12-11 09:53:31 -05:00
|
|
|
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
2020-10-01 14:10:20 -04:00
|
|
|
context 'access level' do
|
|
|
|
Gitlab::Access.options.each do |label, value|
|
|
|
|
it "can change the access level to #{label}" do
|
|
|
|
put :update, params: {
|
|
|
|
group_member: { access_level: value },
|
|
|
|
group_id: group,
|
|
|
|
id: requester
|
|
|
|
}, xhr: true
|
|
|
|
|
|
|
|
expect(requester.reload.human_access).to eq(label)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'access expiry date' do
|
|
|
|
subject do
|
|
|
|
put :update, xhr: true, params: {
|
|
|
|
group_member: {
|
|
|
|
expires_at: expires_at
|
|
|
|
},
|
|
|
|
group_id: group,
|
|
|
|
id: requester
|
|
|
|
}
|
|
|
|
end
|
2017-12-11 09:53:31 -05:00
|
|
|
|
2020-10-01 14:10:20 -04:00
|
|
|
context 'when set to a date in the past' do
|
|
|
|
let(:expires_at) { 2.days.ago }
|
|
|
|
|
|
|
|
it 'does not update the member' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(requester.reload.expires_at).not_to eq(expires_at.to_date)
|
|
|
|
end
|
2021-01-28 16:09:04 -05:00
|
|
|
|
|
|
|
it 'returns error status' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns error message' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(json_response).to eq({ 'message' => 'Expires at cannot be a date in the past' })
|
|
|
|
end
|
2020-10-01 14:10:20 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when set to a date in the future' do
|
|
|
|
let(:expires_at) { 5.days.from_now }
|
|
|
|
|
|
|
|
it 'updates the member' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(requester.reload.expires_at).to eq(expires_at.to_date)
|
|
|
|
end
|
2017-12-11 09:53:31 -05:00
|
|
|
end
|
|
|
|
end
|
2020-10-06 14:08:49 -04:00
|
|
|
|
|
|
|
context 'expiration date' do
|
|
|
|
let(:expiry_date) { 1.month.from_now.to_date }
|
|
|
|
|
|
|
|
before do
|
|
|
|
travel_to Time.now.utc.beginning_of_day
|
|
|
|
|
|
|
|
put(
|
|
|
|
:update,
|
|
|
|
params: {
|
|
|
|
group_member: { expires_at: expiry_date },
|
|
|
|
group_id: group,
|
|
|
|
id: requester
|
|
|
|
},
|
|
|
|
format: :json
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when `expires_at` is set' do
|
|
|
|
it 'returns correct json response' do
|
|
|
|
expect(json_response).to eq({
|
|
|
|
"expires_soon" => false,
|
|
|
|
"expires_at_formatted" => expiry_date.to_time.in_time_zone.to_s(:medium)
|
|
|
|
})
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when `expires_at` is not set' do
|
|
|
|
let(:expiry_date) { nil }
|
|
|
|
|
|
|
|
it 'returns empty json response' do
|
|
|
|
expect(json_response).to be_empty
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2017-12-11 09:53:31 -05:00
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'DELETE destroy' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:sub_group) { create(:group, parent: group) }
|
|
|
|
let_it_be(:member) { create(:group_member, :developer, group: group) }
|
|
|
|
let_it_be(:sub_member) { create(:group_member, :developer, group: sub_group, user: member.user) }
|
2016-10-19 07:13:44 -04:00
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
context 'when member is not found' do
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: 42 }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when member is found' do
|
|
|
|
context 'when user does not have enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'returns 403', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it '[HTML] removes user from members', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'User was successfully removed from group.'
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).not_to include member
|
2021-03-23 08:09:33 -04:00
|
|
|
expect(sub_group.members).to include sub_member
|
|
|
|
end
|
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it '[HTML] removes user from members including subgroups and projects', :aggregate_failures do
|
2021-03-23 08:09:33 -04:00
|
|
|
delete :destroy, params: { group_id: group, id: member, remove_sub_memberships: true }
|
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'User was successfully removed from group and any subgroups and projects.'
|
2021-03-23 08:09:33 -04:00
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.members).not_to include member
|
|
|
|
expect(sub_group.members).not_to include sub_member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it '[JS] removes user from members', :aggregate_failures do
|
2018-12-19 16:57:41 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: member }, xhr: true
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2019-08-19 05:55:20 -04:00
|
|
|
expect(response).to be_successful
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).not_to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'DELETE leave' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
context 'when member is not found' do
|
2016-09-09 12:51:31 -04:00
|
|
|
it 'returns 404' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when member is found' do
|
|
|
|
context 'and is not an owner' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'removes user from members', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to "You left the \"#{group.name}\" group."
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(response).to redirect_to(dashboard_groups_path)
|
|
|
|
expect(group.users).not_to include user
|
|
|
|
end
|
2017-06-06 06:35:22 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'supports json request', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }, format: :json
|
2017-06-06 06:35:22 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2017-06-07 08:01:38 -04:00
|
|
|
expect(json_response['notice']).to eq "You left the \"#{group.name}\" group."
|
2017-06-06 06:35:22 -04:00
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'and is an owner' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'cannot removes himself from the group' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'and is a requester' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let(:group) { create(:group, :public) }
|
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.request_access(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'removes user from members', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'Your access request to the group has been withdrawn.'
|
2016-06-17 10:33:10 -04:00
|
|
|
expect(response).to redirect_to(group_path(group))
|
2016-06-27 10:20:57 -04:00
|
|
|
expect(group.requesters).to be_empty
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(group.users).not_to include user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'POST request_access' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'creates a new GroupMember that is not a team member', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :request_access, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-04-22 17:09:53 -04:00
|
|
|
expect(controller).to set_flash.to 'Your request for access has been queued for review.'
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(response).to redirect_to(group_path(group))
|
2016-06-27 10:20:57 -04:00
|
|
|
expect(group.requesters.exists?(user_id: user)).to be_truthy
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(group.users).not_to include user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'POST approve_access_request' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:member) { create(:group_member, :access_request, group: group) }
|
2016-10-19 07:13:44 -04:00
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
context 'when member is not found' do
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :approve_access_request, params: { group_id: group, id: 42 }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when member is found' do
|
|
|
|
context 'when user does not have enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'returns 403', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :approve_access_request, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).not_to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2021-06-09 23:10:01 -04:00
|
|
|
it 'adds user to members', :aggregate_failures do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :approve_access_request, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2019-04-09 11:38:58 -04:00
|
|
|
|
|
|
|
context 'with external authorization enabled' do
|
2021-04-28 08:10:09 -04:00
|
|
|
let_it_be(:membership) { create(:group_member, group: group) }
|
|
|
|
|
2019-04-09 11:38:58 -04:00
|
|
|
before do
|
|
|
|
enable_external_authorization_service_check
|
|
|
|
group.add_owner(user)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET #index' do
|
|
|
|
it 'is successful' do
|
|
|
|
get :index, params: { group_id: group }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #create' do
|
|
|
|
it 'is successful' do
|
|
|
|
post :create, params: { group_id: group, users: user, access_level: Gitlab::Access::GUEST }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'PUT #update' do
|
|
|
|
it 'is successful' do
|
|
|
|
put :update,
|
|
|
|
params: {
|
|
|
|
group_member: { access_level: Gitlab::Access::GUEST },
|
|
|
|
group_id: group,
|
|
|
|
id: membership
|
|
|
|
},
|
2020-10-06 14:08:49 -04:00
|
|
|
format: :json
|
2019-04-09 11:38:58 -04:00
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE #destroy' do
|
|
|
|
it 'is successful' do
|
|
|
|
delete :destroy, params: { group_id: group, id: membership }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #destroy' do
|
|
|
|
it 'is successful' do
|
|
|
|
sign_in(create(:user))
|
|
|
|
|
|
|
|
post :request_access, params: { group_id: group }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #approve_request_access' do
|
|
|
|
it 'is successful' do
|
|
|
|
access_request = create(:group_member, :access_request, group: group)
|
|
|
|
post :approve_access_request, params: { group_id: group, id: access_request }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE #leave' do
|
|
|
|
it 'is successful' do
|
|
|
|
group.add_owner(create(:user))
|
|
|
|
|
|
|
|
delete :leave, params: { group_id: group }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #resend_invite' do
|
|
|
|
it 'is successful' do
|
|
|
|
post :resend_invite, params: { group_id: group, id: membership }
|
|
|
|
|
2020-02-06 04:09:06 -05:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
2019-04-09 11:38:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-03-30 16:14:21 -04:00
|
|
|
end
|