Make subgroup_creation_level default to maintainer at SQL level
- Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples
This commit is contained in:
parent
e962ffbc90
commit
81662f7b9f
|
@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1]
|
|||
:subgroup_creation_level,
|
||||
:integer,
|
||||
default: 0)
|
||||
change_column_default(:namespaces, :subgroup_creation_level, 1)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -70,14 +70,13 @@ describe Admin::GroupsController do
|
|||
end
|
||||
|
||||
it 'updates the subgroup_creation_level successfully' do
|
||||
MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS
|
||||
OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
|
||||
|
||||
expect do
|
||||
post :update,
|
||||
params: { id: group.to_param,
|
||||
group: { subgroup_creation_level: MAINTAINER } }
|
||||
end.to change { group.reload.subgroup_creation_level }
|
||||
.to(MAINTAINER)
|
||||
group: { subgroup_creation_level: OWNER } }
|
||||
end.to change { group.reload.subgroup_creation_level }.to(OWNER)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -5,7 +5,6 @@ FactoryBot.define do
|
|||
type 'Group'
|
||||
owner nil
|
||||
project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS
|
||||
subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
|
||||
|
||||
after(:create) do |group|
|
||||
if group.owner
|
||||
|
@ -46,5 +45,9 @@ FactoryBot.define do
|
|||
trait :auto_devops_disabled do
|
||||
auto_devops_enabled false
|
||||
end
|
||||
|
||||
trait :owner_subgroup_creation_only do
|
||||
subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -72,10 +72,11 @@ describe 'Group show page' do
|
|||
context 'when subgroups are supported', :js, :nested_groups do
|
||||
before do
|
||||
allow(Group).to receive(:supports_nested_objects?) { true }
|
||||
visit path
|
||||
end
|
||||
|
||||
it 'allows creating subgroups' do
|
||||
visit path
|
||||
|
||||
expect(page)
|
||||
.to have_css("li[data-text='New subgroup']", visible: false)
|
||||
end
|
||||
|
@ -84,10 +85,11 @@ describe 'Group show page' do
|
|||
context 'when subgroups are not supported' do
|
||||
before do
|
||||
allow(Group).to receive(:supports_nested_objects?) { false }
|
||||
visit path
|
||||
end
|
||||
|
||||
it 'does not allow creating subgroups' do
|
||||
visit path
|
||||
|
||||
expect(page)
|
||||
.not_to have_selector("li[data-text='New subgroup']", visible: false)
|
||||
end
|
||||
|
@ -102,10 +104,9 @@ describe 'Group show page' do
|
|||
context 'when subgroups are supported', :js, :nested_groups do
|
||||
before do
|
||||
allow(Group).to receive(:supports_nested_objects?) { true }
|
||||
visit path
|
||||
end
|
||||
|
||||
context 'when subgroup_creation_level is set to maintainer' do
|
||||
context 'when subgroup_creation_level is set to maintainers' do
|
||||
let(:group) do
|
||||
create(:group,
|
||||
subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
|
||||
|
@ -113,7 +114,9 @@ describe 'Group show page' do
|
|||
|
||||
it 'allows creating subgroups' do
|
||||
visit path
|
||||
expect(page).to have_css("li[data-text='New subgroup']", visible: false)
|
||||
|
||||
expect(page)
|
||||
.to have_css("li[data-text='New subgroup']", visible: false)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -125,6 +128,7 @@ describe 'Group show page' do
|
|||
|
||||
it 'does not allow creating subgroups' do
|
||||
visit path
|
||||
|
||||
expect(page)
|
||||
.not_to have_css("li[data-text='New subgroup']", visible: false)
|
||||
end
|
||||
|
@ -134,10 +138,11 @@ describe 'Group show page' do
|
|||
context 'when subgroups are not supported' do
|
||||
before do
|
||||
allow(Group).to receive(:supports_nested_objects?) { false }
|
||||
visit path
|
||||
end
|
||||
|
||||
it 'does not allow creating subgroups' do
|
||||
visit path
|
||||
|
||||
expect(page)
|
||||
.not_to have_selector("li[data-text='New subgroup']", visible: false)
|
||||
end
|
||||
|
|
|
@ -997,9 +997,8 @@ describe Group do
|
|||
|
||||
describe 'subgroup_creation_level' do
|
||||
it 'defaults to maintainers' do
|
||||
group = create (:group)
|
||||
|
||||
expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
|
||||
expect(group.subgroup_creation_level)
|
||||
.to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -98,12 +98,38 @@ describe GroupPolicy do
|
|||
context 'maintainer' do
|
||||
let(:current_user) { maintainer }
|
||||
|
||||
it do
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_allowed(*maintainer_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
context 'with subgroup_creation level set to maintainer' do
|
||||
let(:group) { create(:group,
|
||||
:private,
|
||||
subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) }
|
||||
|
||||
it do
|
||||
allow(Group).to receive(:supports_nested_objects?).and_return(true)
|
||||
|
||||
create_subgroup_permission = [:create_subgroup]
|
||||
updated_maintainer_permissions =
|
||||
maintainer_permissions + create_subgroup_permission
|
||||
updated_owner_permissions =
|
||||
owner_permissions - create_subgroup_permission
|
||||
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_allowed(*updated_maintainer_permissions)
|
||||
expect_disallowed(*updated_owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with subgroup_creation_level set to owner' do
|
||||
it do
|
||||
allow(Group).to receive(:supports_nested_objects?).and_return(true)
|
||||
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_allowed(*maintainer_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -181,7 +207,10 @@ describe GroupPolicy do
|
|||
end
|
||||
|
||||
describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do
|
||||
let(:nested_group) { create(:group, :private, parent: group) }
|
||||
let(:nested_group) { create(:group,
|
||||
:private,
|
||||
:owner_subgroup_creation_only,
|
||||
parent: group) }
|
||||
|
||||
before do
|
||||
nested_group.add_guest(guest)
|
||||
|
|
|
@ -803,10 +803,10 @@ describe API::Groups do
|
|||
group2.add_maintainer(user1)
|
||||
end
|
||||
|
||||
it 'cannot create subgroups' do
|
||||
it 'can create subgroups' do
|
||||
post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' }
|
||||
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
expect(response).to have_gitlab_http_status(201)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do
|
|||
let(:maintainer) { create(:user) }
|
||||
let(:owner) { create(:user) }
|
||||
let(:admin) { create(:admin) }
|
||||
let(:group) { create(:group, :private) }
|
||||
let(:group) { create(:group, :private, :owner_subgroup_creation_only) }
|
||||
|
||||
let(:guest_permissions) do
|
||||
%i[
|
||||
|
|
Loading…
Reference in New Issue