Merge branch '40743-bug-accepting-new-group-members-when-permission-level-developer' into 'master'
Bugfix: User can't change the access level of an access requester Closes #40743 See merge request gitlab-org/gitlab-ce!15832
This commit is contained in:
commit
0cc6eb8b09
5 changed files with 46 additions and 2 deletions
|
@ -22,7 +22,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
@group_member = @group.group_members.find(params[:id])
|
||||
@group_member = @group.members_and_requesters.find(params[:id])
|
||||
|
||||
return render_403 unless can?(current_user, :update_group_member, @group_member)
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
@project_member = @project.project_members.find(params[:id])
|
||||
@project_member = @project.members_and_requesters.find(params[:id])
|
||||
|
||||
return render_403 unless can?(current_user, :update_project_member, @project_member)
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix error that was preventing users to change the access level of access requests for Groups or Projects
|
||||
merge_request: 15832
|
||||
author:
|
||||
type: fixed
|
|
@ -62,6 +62,25 @@ describe Groups::GroupMembersController do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'PUT update' do
|
||||
let(:requester) { create(:group_member, :access_request, group: group) }
|
||||
|
||||
before do
|
||||
group.add_owner(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
Gitlab::Access.options.each do |label, value|
|
||||
it "can change the access level to #{label}" do
|
||||
xhr :put, :update, group_member: { access_level: value },
|
||||
group_id: group,
|
||||
id: requester
|
||||
|
||||
expect(requester.reload.human_access).to eq(label)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE destroy' do
|
||||
let(:member) { create(:group_member, :developer, group: group) }
|
||||
|
||||
|
|
|
@ -66,6 +66,26 @@ describe Projects::ProjectMembersController do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'PUT update' do
|
||||
let(:requester) { create(:project_member, :access_request, project: project) }
|
||||
|
||||
before do
|
||||
project.add_master(user)
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
Gitlab::Access.options.each do |label, value|
|
||||
it "can change the access level to #{label}" do
|
||||
xhr :put, :update, project_member: { access_level: value },
|
||||
namespace_id: project.namespace,
|
||||
project_id: project,
|
||||
id: requester
|
||||
|
||||
expect(requester.reload.human_access).to eq(label)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE destroy' do
|
||||
let(:member) { create(:project_member, :developer, project: project) }
|
||||
|
||||
|
|
Loading…
Reference in a new issue