Skip to content

Commit

Permalink
Merge branch 'api-nested-group-permission' into 'master'
Browse files Browse the repository at this point in the history 
Return the maximum group access level in the projects API

Closes #43684

See merge request gitlab-org/gitlab-ce!24403
  • Loading branch information
Nick Thomas committed Jan 18, 2019
2 parents 5e01cf7 + ab94a5a commit 41ae26d
Show file tree
Hide file tree
Showing 5 changed files with 80 additions and 1 deletion.
4 changes: 4 additions & 0 deletions app/models/group.rb
View file
Expand Up @@ -382,6 +382,10 @@ def group_member(user)
end
end

def highest_group_member(user)
GroupMember.where(source_id: self_and_ancestors_ids, user_id: user.id).order(:access_level).last
end

def hashed_storage?(_feature)
false
end
Expand Down
5 changes: 5 additions & 0 deletions changelogs/unreleased/api-nested-group-permission.yml
View file
@@ -0,0 +1,5 @@
---
title: Return the maximum group access level in the projects API
merge_request: 24403
author:
type: changed
2 changes: 1 addition & 1 deletion lib/api/entities.rb
View file
Expand Up @@ -964,7 +964,7 @@ class ProjectWithAccess < Project
if options[:group_members]
options[:group_members].find { |member| member.source_id == project.namespace_id }
else
project.group.group_member(options[:current_user])
project.group.highest_group_member(options[:current_user])
end
end
end
Expand Down
36 changes: 36 additions & 0 deletions spec/models/group_spec.rb
View file
Expand Up @@ -722,6 +722,42 @@ def setup_group_members(group)
end
end

describe '#highest_group_member', :nested_groups do
let(:nested_group) { create(:group, parent: group) }
let(:nested_group_2) { create(:group, parent: nested_group) }
let(:user) { create(:user) }

subject(:highest_group_member) { nested_group_2.highest_group_member(user) }

context 'when the user is not a member of any group in the hierarchy' do
it 'returns nil' do
expect(highest_group_member).to be_nil
end
end

context 'when the user is only a member of one group in the hierarchy' do
before do
nested_group.add_developer(user)
end

it 'returns that group member' do
expect(highest_group_member.access_level).to eq(Gitlab::Access::DEVELOPER)
end
end

context 'when the user is a member of several groups in the hierarchy' do
before do
group.add_owner(user)
nested_group.add_developer(user)
nested_group_2.add_maintainer(user)
end

it 'returns the group member with the highest access level' do
expect(highest_group_member.access_level).to eq(Gitlab::Access::OWNER)
end
end
end

describe '#has_parent?' do
context 'when the group has a parent' do
it 'should be truthy' do
Expand Down
34 changes: 34 additions & 0 deletions spec/requests/api/projects_spec.rb
View file
Expand Up @@ -1147,6 +1147,40 @@
.to eq(Gitlab::Access::OWNER)
end
end

context 'nested group project', :nested_groups do
let(:group) { create(:group) }
let(:nested_group) { create(:group, parent: group) }
let(:project2) { create(:project, group: nested_group) }

before do
project2.group.parent.add_owner(user)
end

it 'sets group access and return 200' do
get api("/projects/#{project2.id}", user)

expect(response).to have_gitlab_http_status(200)
expect(json_response['permissions']['project_access']).to be_nil
expect(json_response['permissions']['group_access']['access_level'])
.to eq(Gitlab::Access::OWNER)
end

context 'with various access levels across nested groups' do
before do
project2.group.add_maintainer(user)
end

it 'sets the maximum group access and return 200' do
get api("/projects/#{project2.id}", user)

expect(response).to have_gitlab_http_status(200)
expect(json_response['permissions']['project_access']).to be_nil
expect(json_response['permissions']['group_access']['access_level'])
.to eq(Gitlab::Access::OWNER)
end
end
end
end
end
end
Expand Down

0 comments on commit 41ae26d

Please sign in to comment.