kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix permission issue with highest access level for group 

If user was a member of both group and project and group access level
was higher it was not respected and user got lowest project access
level. Now it is fixed and user get highest access level

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
Dmitriy Zaporozhets 2014-06-20 12:54:03 +03:00
parent 995d193d32
commit 0771109bb8
No known key found for this signature in database
GPG Key ID: 627C5F589F467F17
2 changed files with 66 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/models/project_team.rb
View File

@ -118,19 +118,30 @@ class ProjectTeam
end end
def guest?(user) def guest?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::GUEST max_tm_access(user.id) == Gitlab::Access::GUEST
end end
def reporter?(user) def reporter?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::REPORTER max_tm_access(user.id) == Gitlab::Access::REPORTER
end end
def developer?(user) def developer?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::DEVELOPER max_tm_access(user.id) == Gitlab::Access::DEVELOPER
end end
def master?(user) def master?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::MASTER max_tm_access(user.id) == Gitlab::Access::MASTER
end
def max_tm_access(user_id)
access = []
access << project.users_projects.find_by(user_id: user_id).try(:access_field)
if group
access << group.users_groups.find_by(user_id: user_id).try(:access_field)
end
access.compact.max
end end
private private

72
spec/models/project_team_spec.rb
View File

@ -1,36 +1,66 @@
require "spec_helper" require "spec_helper"
describe ProjectTeam do describe ProjectTeam do
let(:group) { create(:group) }
let(:project) { create(:empty_project, group: group) }
let(:master) { create(:user) } let(:master) { create(:user) }
let(:reporter) { create(:user) } let(:reporter) { create(:user) }
let(:guest) { create(:user) } let(:guest) { create(:user) }
let(:nonmember) { create(:user) } let(:nonmember) { create(:user) }
before do context 'personal project' do
group.add_user(master, Gitlab::Access::MASTER) let(:project) { create(:empty_project) }
group.add_user(reporter, Gitlab::Access::REPORTER)
group.add_user(guest, Gitlab::Access::GUEST)
# Add group guest as master to this project before do
# to test project access priority over group members project.team << [master, :master]
project.team << [guest, :master] project.team << [reporter, :reporter]
project.team << [guest, :guest]
end
describe 'members collection' do
it { project.team.masters.should include(master) }
it { project.team.masters.should_not include(guest) }
it { project.team.masters.should_not include(reporter) }
it { project.team.masters.should_not include(nonmember) }
end
describe 'access methods' do
it { project.team.master?(master).should be_true }
it { project.team.master?(guest).should be_false }
it { project.team.master?(reporter).should be_false }
it { project.team.master?(nonmember).should be_false }
end
end end
describe 'members collection' do context 'group project' do
it { project.team.masters.should include(master) } let(:group) { create(:group) }
it { project.team.masters.should include(guest) } let(:project) { create(:empty_project, group: group) }
it { project.team.masters.should_not include(reporter) }
it { project.team.masters.should_not include(nonmember) }
end
describe 'access methods' do before do
it { project.team.master?(master).should be_true } group.add_user(master, Gitlab::Access::MASTER)
it { project.team.master?(guest).should be_true } group.add_user(reporter, Gitlab::Access::REPORTER)
it { project.team.master?(reporter).should be_false } group.add_user(guest, Gitlab::Access::GUEST)
it { project.team.master?(nonmember).should be_false }
# If user is a group and a project member - GitLab uses highest permission
# So we add group guest as master and add group master as guest
# to this project to test highest access
project.team << [guest, :master]
project.team << [master, :guest]
end
describe 'members collection' do
it { project.team.reporters.should include(reporter) }
it { project.team.masters.should include(master) }
it { project.team.masters.should include(guest) }
it { project.team.masters.should_not include(reporter) }
it { project.team.masters.should_not include(nonmember) }
end
describe 'access methods' do
it { project.team.reporter?(reporter).should be_true }
it { project.team.master?(master).should be_true }
it { project.team.master?(guest).should be_true }
it { project.team.master?(reporter).should be_false }
it { project.team.master?(nonmember).should be_false }
end
end end
end end