Commit graph

20 commits

Author SHA1 Message Date
Nick Thomas
d211011698 Make access request specs explicitly enable or disable access requests as required 2016-11-11 15:45:47 +00:00
Rémy Coutable
72da67485f
Members::RequestAccessService is tricter on permissions
Fortunately, only specs needed to be fixed, so that's good!

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-10-03 10:06:40 +02:00
Robert Speicher
e64594ac44 Merge branch '21983-member-add_user-doesn-t-detect-existing-members-that-have-requested-access' into 'master'
Resolve "`Member.add_user`doesn't detect existing members that have requested access"

## What does this MR do?

This merge request handle the case when an access requester is added to a group or project (via the members page or the API).

In `Member.add_user`, if an access requester already exists, we simply accept their request (and set the `created_by`, `access_level` and `expires_at` attributes if given).

## Are there points in the code the reviewer needs to double check?

I've taken the opportunity to cleanup the whole `{Group,Project}Member.add_user*` methods since it was quite a mess.

## What are the relevant issue numbers?

Closes #21983

See merge request !6393
2016-10-02 11:42:57 +00:00
Rémy Coutable
ec0061a95c Allow Member.add_user to handle access requesters
Changes include:

- Ensure Member.add_user is not called directly when not necessary
- New GroupMember.add_users_to_group to have the same abstraction level as for Project
- Refactor Member.add_user to take a source instead of an array of members
- Fix Rubocop offenses
- Always use Project#add_user instead of project.team.add_user
- Factorize users addition as members in Member.add_users_to_source
- Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects
- Destroy any requester before adding them as a member
- Improve the way we handle access requesters in Member.add_user
  Instead of removing the requester and creating a new member,
  we now simply accepts their access request. This way, they will
  receive a "access request granted" email.
- Fix error that was previously silently ignored
- Stop raising when access level is invalid in Member, let Rails validation do their work

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-28 09:43:00 +02:00
Rémy Coutable
178e2758f6 Fix specs that requires an access request
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-09-22 11:12:17 +02:00
Nick Thomas
9521edb4f4 Exclude some pending or inactivated rows in Member scopes
An unapproved access request should not give access rights, and blocked users
should not be considered members of anything.

One visible outcome of this behaviour is that owners and masters of a group or
project may be blocked, yet still receive notification emails for access
requests. This commit prevents this from happening.
2016-09-08 12:25:52 +01:00
Sean McGivern
8b1656282b Merge branch 'master' into expiration-date-on-memberships 2016-08-18 15:54:07 +01:00
Rémy Coutable
29850364ec New AccessRequests API endpoints for Group & Project
Also, mutualize AccessRequests and Members endpoints for Group &
Project.
New API documentation for the AccessRequests endpoints.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-08-10 19:07:05 +02:00
Adam Niedzielski
b2c8dc6f35 Replace optional parameters with keyword arguments. 2016-08-02 20:37:22 +02:00
Stan Hu
277e9e4ee8 Add a spec for access_for_user_ids 2016-07-26 17:20:19 -07:00
Rémy Coutable
bd78f5733c Exclude requesters from Project#members, Group#members and User#members
And create new Project#requesters, Group#requesters scopes.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-07-01 17:44:46 +02:00
Rémy Coutable
4652489f40 New Members::DestroyService
This is to ensure we don't send unwanted notifications when deleting a
project. In other words, stop abusing AR callbacks and use services.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-18 05:46:45 +02:00
Rémy Coutable
515205d3c1 UI and copywriting improvements
+ Move 'Edit Project/Group' out of membership-related partial
+ Show the access request buttons only to logged-in users
+ Put the request access buttons out of in a more visible button
+ Improve the copy in the #remove_member_message helper

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-14 13:18:14 +02:00
Rémy Coutable
d26f81239a Add request access for groups
Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-06-14 13:07:26 +02:00
Jeroen van Baarsen
f1479b56b7
Remove the annotate gem and delete old annotations
In 8278b763d9 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.

Fixes: #17382
2016-05-09 18:00:28 +02:00
Rémy Coutable
b34963bc12 Validate email addresses using Devise.email_regexp
Also:
- Get rid of legacy :strict_mode
- Get rid of custom :email validator
- Add some shared examples to spec emails validation
2016-02-09 18:15:35 +01:00
Douwe Maan
1e8d703a85 Tag model specs 2015-12-09 10:50:51 +01:00
Stan Hu
a3157626f1 Re-annotate models 2015-05-03 13:38:27 -07:00
Douwe Maan
cb5362e7ce Follow newline guidelines. 2015-04-14 15:16:00 +02:00
Douwe Maan
0013ea5130 Remove duplication between Group and ProjectMember. 2015-04-14 12:41:19 +02:00
Renamed from spec/models/members_spec.rb (Browse further)