2020-05-12 12:09:47 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 06:09:01 +00:00
|
|
|
RSpec.describe AuthorizedProjectUpdate::ProjectCreateService do
|
2020-05-12 12:09:47 +00:00
|
|
|
let_it_be(:group_parent) { create(:group, :private) }
|
|
|
|
let_it_be(:group) { create(:group, :private, parent: group_parent) }
|
|
|
|
let_it_be(:group_child) { create(:group, :private, parent: group) }
|
|
|
|
|
|
|
|
let_it_be(:group_project) { create(:project, group: group) }
|
|
|
|
|
|
|
|
let_it_be(:parent_group_user) { create(:user) }
|
|
|
|
let_it_be(:group_user) { create(:user) }
|
|
|
|
let_it_be(:child_group_user) { create(:user) }
|
|
|
|
|
|
|
|
let(:access_level) { Gitlab::Access::MAINTAINER }
|
|
|
|
|
|
|
|
subject(:service) { described_class.new(group_project) }
|
|
|
|
|
|
|
|
describe '#perform' do
|
|
|
|
context 'direct group members' do
|
|
|
|
before do
|
|
|
|
create(:group_member, access_level: access_level, group: group, user: group_user)
|
|
|
|
ProjectAuthorization.delete_all
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates project authorization' do
|
|
|
|
expect { service.execute }.to(
|
|
|
|
change { ProjectAuthorization.count }.from(0).to(1))
|
|
|
|
|
|
|
|
project_authorization = ProjectAuthorization.where(
|
|
|
|
project_id: group_project.id,
|
|
|
|
user_id: group_user.id,
|
|
|
|
access_level: access_level)
|
|
|
|
|
|
|
|
expect(project_authorization).to exist
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'inherited group members' do
|
|
|
|
before do
|
|
|
|
create(:group_member, access_level: access_level, group: group_parent, user: parent_group_user)
|
|
|
|
ProjectAuthorization.delete_all
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates project authorization' do
|
|
|
|
expect { service.execute }.to(
|
|
|
|
change { ProjectAuthorization.count }.from(0).to(1))
|
|
|
|
|
|
|
|
project_authorization = ProjectAuthorization.where(
|
|
|
|
project_id: group_project.id,
|
|
|
|
user_id: parent_group_user.id,
|
|
|
|
access_level: access_level)
|
|
|
|
expect(project_authorization).to exist
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'membership overrides' do
|
2020-06-04 15:08:21 +00:00
|
|
|
context 'group hierarchy' do
|
|
|
|
before do
|
|
|
|
create(:group_member, access_level: Gitlab::Access::REPORTER, group: group_parent, user: group_user)
|
|
|
|
create(:group_member, access_level: Gitlab::Access::DEVELOPER, group: group, user: group_user)
|
|
|
|
ProjectAuthorization.delete_all
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates project authorization' do
|
|
|
|
expect { service.execute }.to(
|
|
|
|
change { ProjectAuthorization.count }.from(0).to(1))
|
|
|
|
|
|
|
|
project_authorization = ProjectAuthorization.where(
|
|
|
|
project_id: group_project.id,
|
|
|
|
user_id: group_user.id,
|
|
|
|
access_level: Gitlab::Access::DEVELOPER)
|
|
|
|
expect(project_authorization).to exist
|
|
|
|
end
|
2020-05-12 12:09:47 +00:00
|
|
|
end
|
|
|
|
|
2020-06-04 15:08:21 +00:00
|
|
|
context 'group sharing' do
|
|
|
|
let!(:shared_with_group) { create(:group) }
|
2020-05-12 12:09:47 +00:00
|
|
|
|
2020-06-04 15:08:21 +00:00
|
|
|
before do
|
|
|
|
create(:group_member, access_level: Gitlab::Access::REPORTER, group: group, user: group_user)
|
|
|
|
create(:group_member, access_level: Gitlab::Access::MAINTAINER, group: shared_with_group, user: group_user)
|
2020-09-10 18:08:54 +00:00
|
|
|
create(:group_member, :minimal_access, source: shared_with_group, user: create(:user))
|
2020-06-04 15:08:21 +00:00
|
|
|
|
|
|
|
create(:group_group_link, shared_group: group, shared_with_group: shared_with_group, group_access: Gitlab::Access::DEVELOPER)
|
|
|
|
|
|
|
|
ProjectAuthorization.delete_all
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates project authorization' do
|
|
|
|
expect { service.execute }.to(
|
|
|
|
change { ProjectAuthorization.count }.from(0).to(1))
|
|
|
|
|
|
|
|
project_authorization = ProjectAuthorization.where(
|
|
|
|
project_id: group_project.id,
|
|
|
|
user_id: group_user.id,
|
|
|
|
access_level: Gitlab::Access::DEVELOPER)
|
|
|
|
expect(project_authorization).to exist
|
|
|
|
end
|
2020-09-10 18:08:54 +00:00
|
|
|
|
|
|
|
it 'does not create project authorization for user with minimal access' do
|
|
|
|
expect { service.execute }.to(
|
|
|
|
change { ProjectAuthorization.count }.from(0).to(1))
|
|
|
|
end
|
2020-05-12 12:09:47 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'no group member' do
|
|
|
|
it 'does not create project authorization' do
|
|
|
|
expect { service.execute }.not_to(
|
|
|
|
change { ProjectAuthorization.count }.from(0))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'unapproved access requests' do
|
|
|
|
before do
|
|
|
|
create(:group_member, :guest, :access_request, user: group_user, group: group)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create project authorization' do
|
|
|
|
expect { service.execute }.not_to(
|
|
|
|
change { ProjectAuthorization.count }.from(0))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-09-10 18:08:54 +00:00
|
|
|
context 'member with minimal access' do
|
|
|
|
before do
|
|
|
|
create(:group_member, :minimal_access, user: group_user, source: group)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create project authorization' do
|
|
|
|
expect { service.execute }.not_to(
|
|
|
|
change { ProjectAuthorization.count }.from(0))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-05-12 12:09:47 +00:00
|
|
|
context 'project has more user than BATCH_SIZE' do
|
|
|
|
let(:batch_size) { 2 }
|
|
|
|
let(:users) { create_list(:user, batch_size + 1 ) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_const("#{described_class.name}::BATCH_SIZE", batch_size)
|
|
|
|
|
|
|
|
users.each do |user|
|
|
|
|
create(:group_member, access_level: access_level, group: group_parent, user: user)
|
|
|
|
end
|
|
|
|
|
|
|
|
ProjectAuthorization.delete_all
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'bulk creates project authorizations in batches' do
|
|
|
|
users.each_slice(batch_size) do |batch|
|
|
|
|
attributes = batch.map do |user|
|
|
|
|
{ user_id: user.id, project_id: group_project.id, access_level: access_level }
|
|
|
|
end
|
|
|
|
|
|
|
|
expect(ProjectAuthorization).to(
|
|
|
|
receive(:insert_all).with(array_including(attributes)).and_call_original)
|
|
|
|
end
|
|
|
|
|
|
|
|
expect { service.execute }.to(
|
|
|
|
change { ProjectAuthorization.count }.from(0).to(batch_size + 1))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'ignores existing project authorizations' do
|
|
|
|
before do
|
|
|
|
# ProjectAuthorizations is also created because of an after_commit
|
|
|
|
# callback on Member model
|
|
|
|
create(:group_member, access_level: access_level, group: group, user: group_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create project authorization' do
|
|
|
|
project_authorization = ProjectAuthorization.where(
|
|
|
|
project_id: group_project.id,
|
|
|
|
user_id: group_user.id,
|
|
|
|
access_level: access_level)
|
|
|
|
|
|
|
|
expect { service.execute }.not_to(
|
|
|
|
change { project_authorization.reload.exists? }.from(true))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|