From 9410f215eab0ba49051d2a00f0b4174f5dc13a6f Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 26 Dec 2016 11:56:19 +0200
Subject: [PATCH] Add nested groups support to the Groups::CreateService

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/services/groups/create_service.rb       | 13 +++++++++
 spec/services/groups/create_service_spec.rb | 31 ++++++++++++++++++---
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index 2bccd584dde..9a630aee626 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -12,6 +12,19 @@ module Groups
         return @group
       end
 
+      parent_id = params[:parent_id]
+
+      if parent_id
+        parent = Group.find(parent_id)
+
+        unless can?(current_user, :admin_group, parent)
+          @group.parent_id = nil
+          @group.errors.add(:parent_id, 'manage access required to create subgroup')
+
+          return @group
+        end
+      end
+
       @group.name ||= @group.path.dup
       @group.save
       @group.add_owner(current_user)
diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb
index 71a0b8e2a12..14717a7455d 100644
--- a/spec/services/groups/create_service_spec.rb
+++ b/spec/services/groups/create_service_spec.rb
@@ -1,11 +1,12 @@
 require 'spec_helper'
 
-describe Groups::CreateService, services: true do
-  let!(:user)         { create(:user) }
+describe Groups::CreateService, '#execute', services: true do
+  let!(:user) { create(:user) }
   let!(:group_params) { { path: "group_path", visibility_level: Gitlab::VisibilityLevel::PUBLIC } }
 
-  describe "execute" do
-    let!(:service) { described_class.new(user, group_params ) }
+  describe 'visibility level restrictions' do
+    let!(:service) { described_class.new(user, group_params) }
+
     subject { service.execute }
 
     context "create groups without restricted visibility level" do
@@ -14,7 +15,29 @@ describe Groups::CreateService, services: true do
 
     context "cannot create group with restricted visibility level" do
       before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC]) }
+
       it { is_expected.not_to be_persisted }
     end
   end
+
+  describe 'creating subgroup' do
+    let!(:group) { create(:group) }
+    let!(:service) { described_class.new(user, group_params.merge(parent_id: group.id)) }
+
+    subject { service.execute }
+
+    context 'as group owner' do
+      before { group.add_owner(user) }
+
+      it { is_expected.to be_persisted }
+    end
+
+    context 'as guest' do
+      it 'does not save group and returns an error' do
+        is_expected.not_to be_persisted
+        expect(subject.errors[:parent_id].first).to eq('manage access required to create subgroup')
+        expect(subject.parent_id).to be_nil
+      end
+    end
+  end
 end