Fix permission issue with highest access level for group
If user was a member of both group and project and group access level was higher it was not respected and user got lowest project access level. Now it is fixed and user get highest access level Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
This commit is contained in:
parent
995d193d32
commit
0771109bb8
|
@ -118,19 +118,30 @@ class ProjectTeam
|
||||||
end
|
end
|
||||||
|
|
||||||
def guest?(user)
|
def guest?(user)
|
||||||
find_tm(user.id).try(:access_field) == Gitlab::Access::GUEST
|
max_tm_access(user.id) == Gitlab::Access::GUEST
|
||||||
end
|
end
|
||||||
|
|
||||||
def reporter?(user)
|
def reporter?(user)
|
||||||
find_tm(user.id).try(:access_field) == Gitlab::Access::REPORTER
|
max_tm_access(user.id) == Gitlab::Access::REPORTER
|
||||||
end
|
end
|
||||||
|
|
||||||
def developer?(user)
|
def developer?(user)
|
||||||
find_tm(user.id).try(:access_field) == Gitlab::Access::DEVELOPER
|
max_tm_access(user.id) == Gitlab::Access::DEVELOPER
|
||||||
end
|
end
|
||||||
|
|
||||||
def master?(user)
|
def master?(user)
|
||||||
find_tm(user.id).try(:access_field) == Gitlab::Access::MASTER
|
max_tm_access(user.id) == Gitlab::Access::MASTER
|
||||||
|
end
|
||||||
|
|
||||||
|
def max_tm_access(user_id)
|
||||||
|
access = []
|
||||||
|
access << project.users_projects.find_by(user_id: user_id).try(:access_field)
|
||||||
|
|
||||||
|
if group
|
||||||
|
access << group.users_groups.find_by(user_id: user_id).try(:access_field)
|
||||||
|
end
|
||||||
|
|
||||||
|
access.compact.max
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -1,36 +1,66 @@
|
||||||
require "spec_helper"
|
require "spec_helper"
|
||||||
|
|
||||||
describe ProjectTeam do
|
describe ProjectTeam do
|
||||||
let(:group) { create(:group) }
|
|
||||||
let(:project) { create(:empty_project, group: group) }
|
|
||||||
|
|
||||||
let(:master) { create(:user) }
|
let(:master) { create(:user) }
|
||||||
let(:reporter) { create(:user) }
|
let(:reporter) { create(:user) }
|
||||||
let(:guest) { create(:user) }
|
let(:guest) { create(:user) }
|
||||||
let(:nonmember) { create(:user) }
|
let(:nonmember) { create(:user) }
|
||||||
|
|
||||||
before do
|
context 'personal project' do
|
||||||
group.add_user(master, Gitlab::Access::MASTER)
|
let(:project) { create(:empty_project) }
|
||||||
group.add_user(reporter, Gitlab::Access::REPORTER)
|
|
||||||
group.add_user(guest, Gitlab::Access::GUEST)
|
|
||||||
|
|
||||||
# Add group guest as master to this project
|
before do
|
||||||
# to test project access priority over group members
|
project.team << [master, :master]
|
||||||
project.team << [guest, :master]
|
project.team << [reporter, :reporter]
|
||||||
|
project.team << [guest, :guest]
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'members collection' do
|
||||||
|
it { project.team.masters.should include(master) }
|
||||||
|
it { project.team.masters.should_not include(guest) }
|
||||||
|
it { project.team.masters.should_not include(reporter) }
|
||||||
|
it { project.team.masters.should_not include(nonmember) }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'access methods' do
|
||||||
|
it { project.team.master?(master).should be_true }
|
||||||
|
it { project.team.master?(guest).should be_false }
|
||||||
|
it { project.team.master?(reporter).should be_false }
|
||||||
|
it { project.team.master?(nonmember).should be_false }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'members collection' do
|
context 'group project' do
|
||||||
it { project.team.masters.should include(master) }
|
let(:group) { create(:group) }
|
||||||
it { project.team.masters.should include(guest) }
|
let(:project) { create(:empty_project, group: group) }
|
||||||
it { project.team.masters.should_not include(reporter) }
|
|
||||||
it { project.team.masters.should_not include(nonmember) }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe 'access methods' do
|
before do
|
||||||
it { project.team.master?(master).should be_true }
|
group.add_user(master, Gitlab::Access::MASTER)
|
||||||
it { project.team.master?(guest).should be_true }
|
group.add_user(reporter, Gitlab::Access::REPORTER)
|
||||||
it { project.team.master?(reporter).should be_false }
|
group.add_user(guest, Gitlab::Access::GUEST)
|
||||||
it { project.team.master?(nonmember).should be_false }
|
|
||||||
|
# If user is a group and a project member - GitLab uses highest permission
|
||||||
|
# So we add group guest as master and add group master as guest
|
||||||
|
# to this project to test highest access
|
||||||
|
project.team << [guest, :master]
|
||||||
|
project.team << [master, :guest]
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'members collection' do
|
||||||
|
it { project.team.reporters.should include(reporter) }
|
||||||
|
it { project.team.masters.should include(master) }
|
||||||
|
it { project.team.masters.should include(guest) }
|
||||||
|
it { project.team.masters.should_not include(reporter) }
|
||||||
|
it { project.team.masters.should_not include(nonmember) }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'access methods' do
|
||||||
|
it { project.team.reporter?(reporter).should be_true }
|
||||||
|
it { project.team.master?(master).should be_true }
|
||||||
|
it { project.team.master?(guest).should be_true }
|
||||||
|
it { project.team.master?(reporter).should be_false }
|
||||||
|
it { project.team.master?(nonmember).should be_false }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue