Merge branch 'api-nested-group-permission' into 'master'
Return the maximum group access level in the projects API Closes #43684 See merge request gitlab-org/gitlab-ce!24403
This commit is contained in:
commit
41ae26d9ea
|
@ -382,6 +382,10 @@ class Group < Namespace
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def highest_group_member(user)
|
||||||
|
GroupMember.where(source_id: self_and_ancestors_ids, user_id: user.id).order(:access_level).last
|
||||||
|
end
|
||||||
|
|
||||||
def hashed_storage?(_feature)
|
def hashed_storage?(_feature)
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Return the maximum group access level in the projects API
|
||||||
|
merge_request: 24403
|
||||||
|
author:
|
||||||
|
type: changed
|
|
@ -964,7 +964,7 @@ module API
|
||||||
if options[:group_members]
|
if options[:group_members]
|
||||||
options[:group_members].find { |member| member.source_id == project.namespace_id }
|
options[:group_members].find { |member| member.source_id == project.namespace_id }
|
||||||
else
|
else
|
||||||
project.group.group_member(options[:current_user])
|
project.group.highest_group_member(options[:current_user])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -722,6 +722,42 @@ describe Group do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#highest_group_member', :nested_groups do
|
||||||
|
let(:nested_group) { create(:group, parent: group) }
|
||||||
|
let(:nested_group_2) { create(:group, parent: nested_group) }
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
|
subject(:highest_group_member) { nested_group_2.highest_group_member(user) }
|
||||||
|
|
||||||
|
context 'when the user is not a member of any group in the hierarchy' do
|
||||||
|
it 'returns nil' do
|
||||||
|
expect(highest_group_member).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the user is only a member of one group in the hierarchy' do
|
||||||
|
before do
|
||||||
|
nested_group.add_developer(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns that group member' do
|
||||||
|
expect(highest_group_member.access_level).to eq(Gitlab::Access::DEVELOPER)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the user is a member of several groups in the hierarchy' do
|
||||||
|
before do
|
||||||
|
group.add_owner(user)
|
||||||
|
nested_group.add_developer(user)
|
||||||
|
nested_group_2.add_maintainer(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns the group member with the highest access level' do
|
||||||
|
expect(highest_group_member.access_level).to eq(Gitlab::Access::OWNER)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe '#has_parent?' do
|
describe '#has_parent?' do
|
||||||
context 'when the group has a parent' do
|
context 'when the group has a parent' do
|
||||||
it 'should be truthy' do
|
it 'should be truthy' do
|
||||||
|
|
|
@ -1147,6 +1147,40 @@ describe API::Projects do
|
||||||
.to eq(Gitlab::Access::OWNER)
|
.to eq(Gitlab::Access::OWNER)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'nested group project', :nested_groups do
|
||||||
|
let(:group) { create(:group) }
|
||||||
|
let(:nested_group) { create(:group, parent: group) }
|
||||||
|
let(:project2) { create(:project, group: nested_group) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
project2.group.parent.add_owner(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'sets group access and return 200' do
|
||||||
|
get api("/projects/#{project2.id}", user)
|
||||||
|
|
||||||
|
expect(response).to have_gitlab_http_status(200)
|
||||||
|
expect(json_response['permissions']['project_access']).to be_nil
|
||||||
|
expect(json_response['permissions']['group_access']['access_level'])
|
||||||
|
.to eq(Gitlab::Access::OWNER)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with various access levels across nested groups' do
|
||||||
|
before do
|
||||||
|
project2.group.add_maintainer(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'sets the maximum group access and return 200' do
|
||||||
|
get api("/projects/#{project2.id}", user)
|
||||||
|
|
||||||
|
expect(response).to have_gitlab_http_status(200)
|
||||||
|
expect(json_response['permissions']['project_access']).to be_nil
|
||||||
|
expect(json_response['permissions']['group_access']['access_level'])
|
||||||
|
.to eq(Gitlab::Access::OWNER)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue