Merge branch 'fix-admin-should-be-able-to-add-himself-to-group' into 'master'
Signed in Admin can add/remove himself to a group/project Fixes #3640 /cc @JobV Could you have a look as well? See merge request !1942
This commit is contained in:
Dmitriy Zaporozhets
commit
1954bd6ee0
7 changed files with 107 additions and 8 deletions
|
|
@ -40,6 +40,7 @@ v 8.2.2
|
|||
- Fix Error 500 when viewing user's personal projects from admin page (Stan Hu)
|
||||
- Fix: Raw private snippets access workflow
|
||||
- Prevent "413 Request entity too large" errors when pushing large files with LFS
|
||||
- Fix: As an admin, cannot add oneself as a member to a group/project
|
||||
- Fix invalid links within projects dashboard header
|
||||
- Make current user the first user in assignee dropdown in issues detail page (Stan Hu)
|
||||
- Fix: duplicate email notifications on issue comments
|
||||
|
|
|
|||
|
|
@ -346,12 +346,10 @@ class Ability
|
|||
unless group.last_owner?(target_user)
|
||||
can_manage = group_abilities(user, group).include?(:admin_group_member)
|
||||
|
||||
if can_manage && user != target_user
|
||||
if can_manage
|
||||
rules << :update_group_member
|
||||
rules << :destroy_group_member
|
||||
end
|
||||
|
||||
if user == target_user
|
||||
elsif user == target_user
|
||||
rules << :destroy_group_member
|
||||
end
|
||||
end
|
||||
|
|
@ -367,12 +365,10 @@ class Ability
|
|||
unless target_user == project.owner
|
||||
can_manage = project_abilities(user, project).include?(:admin_project_member)
|
||||
|
||||
if can_manage && user != target_user
|
||||
if can_manage
|
||||
rules << :update_project_member
|
||||
rules << :destroy_project_member
|
||||
end
|
||||
|
||||
if user == target_user
|
||||
elsif user == target_user
|
||||
rules << :destroy_project_member
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -33,3 +33,19 @@ Feature: Admin Groups
|
|||
When I visit admin group page
|
||||
When I select user "johndoe@gitlab.com" from user list as "Reporter"
|
||||
Then I should see "johndoe@gitlab.com" in team list in every project as "Reporter"
|
||||
|
||||
@javascript
|
||||
Scenario: Signed in admin should be able to add himself to a group
|
||||
Given "John Doe" is owner of group "Owned"
|
||||
When I visit group "Owned" members page
|
||||
When I select current user as "Developer"
|
||||
Then I should see current user as "Developer"
|
||||
|
||||
@javascript
|
||||
Scenario: Signed in admin should be able to remove himself from group
|
||||
Given current user is developer of group "Owned"
|
||||
When I visit group "Owned" members page
|
||||
Then I should see current user as "Developer"
|
||||
When I click on the "Remove User From Group" button for current user
|
||||
When I visit group "Owned" members page
|
||||
Then I should not see current user as "Developer"
|
||||
|
|
|
|||
|
|
@ -27,3 +27,19 @@ Feature: Admin Projects
|
|||
And I visit admin project page
|
||||
When I transfer project to group 'Web'
|
||||
Then I should see project transfered
|
||||
|
||||
@javascript
|
||||
Scenario: Signed in admin should be able to add himself to a project
|
||||
Given "John Doe" owns private project "Enterprise"
|
||||
When I visit project "Enterprise" members page
|
||||
When I select current user as "Developer"
|
||||
Then I should see current user as "Developer"
|
||||
|
||||
@javascript
|
||||
Scenario: Signed in admin should be able to remove himself from a project
|
||||
Given "John Doe" owns private project "Enterprise"
|
||||
And current user is developer of project "Enterprise"
|
||||
When I visit project "Enterprise" members page
|
||||
Then I should see current user as "Developer"
|
||||
When I click on the "Remove User From Project" button for current user
|
||||
Then I should not see current user as "Developer"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
class Spinach::Features::AdminGroups < Spinach::FeatureSteps
|
||||
include SharedAuthentication
|
||||
include SharedGroup
|
||||
include SharedPaths
|
||||
include SharedUser
|
||||
include SharedActiveTab
|
||||
|
|
@ -88,6 +89,34 @@ class Spinach::Features::AdminGroups < Spinach::FeatureSteps
|
|||
end
|
||||
end
|
||||
|
||||
step 'I select current user as "Developer"' do
|
||||
page.within ".users-group-form" do
|
||||
select2(current_user.id, from: "#user_ids", multiple: true)
|
||||
select "Developer", from: "access_level"
|
||||
end
|
||||
|
||||
click_button "Add users to group"
|
||||
end
|
||||
|
||||
step 'I should see current user as "Developer"' do
|
||||
page.within '.content-list' do
|
||||
expect(page).to have_content(current_user.name)
|
||||
expect(page).to have_content('Developer')
|
||||
end
|
||||
end
|
||||
|
||||
step 'I click on the "Remove User From Group" button for current user' do
|
||||
find(:css, 'li', text: current_user.name).find(:css, 'a.btn-remove').click
|
||||
# poltergeist always confirms popups.
|
||||
end
|
||||
|
||||
step 'I should not see current user as "Developer"' do
|
||||
page.within '.content-list' do
|
||||
expect(page).not_to have_content(current_user.name)
|
||||
expect(page).not_to have_content('Developer')
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def current_group
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ class Spinach::Features::AdminProjects < Spinach::FeatureSteps
|
|||
include SharedPaths
|
||||
include SharedAdmin
|
||||
include SharedProject
|
||||
include SharedUser
|
||||
include Select2Helper
|
||||
|
||||
step 'I should see all non-archived projects' do
|
||||
Project.non_archived.each do |p|
|
||||
|
|
@ -56,6 +58,41 @@ class Spinach::Features::AdminProjects < Spinach::FeatureSteps
|
|||
expect(page).to have_content 'Namespace: Web'
|
||||
end
|
||||
|
||||
step 'I visit project "Enterprise" members page' do
|
||||
project = Project.find_by!(name: "Enterprise")
|
||||
visit namespace_project_project_members_path(project.namespace, project)
|
||||
end
|
||||
|
||||
step 'I select current user as "Developer"' do
|
||||
page.within ".users-project-form" do
|
||||
select2(current_user.id, from: "#user_ids", multiple: true)
|
||||
select "Developer", from: "access_level"
|
||||
end
|
||||
|
||||
click_button "Add users to project"
|
||||
end
|
||||
|
||||
step 'I should see current user as "Developer"' do
|
||||
page.within '.content-list' do
|
||||
expect(page).to have_content(current_user.name)
|
||||
expect(page).to have_content('Developer')
|
||||
end
|
||||
end
|
||||
|
||||
step 'current user is developer of project "Enterprise"' do
|
||||
project = Project.find_by!(name: "Enterprise")
|
||||
project.team << [current_user, :developer]
|
||||
end
|
||||
|
||||
step 'I click on the "Remove User From Project" button for current user' do
|
||||
find(:css, 'li', text: current_user.name).find(:css, 'a.btn-remove').click
|
||||
# poltergeist always confirms popups.
|
||||
end
|
||||
|
||||
step 'I should not see current_user as "Developer"' do
|
||||
expect(page).not_to have_selector(:css, '.content-list')
|
||||
end
|
||||
|
||||
def project
|
||||
@project ||= Project.first
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,6 +1,10 @@
|
|||
module SharedGroup
|
||||
include Spinach::DSL
|
||||
|
||||
step 'current user is developer of group "Owned"' do
|
||||
is_member_of(current_user.name, "Owned", Gitlab::Access::DEVELOPER)
|
||||
end
|
||||
|
||||
step '"John Doe" is owner of group "Owned"' do
|
||||
is_member_of("John Doe", "Owned", Gitlab::Access::OWNER)
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue