root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Make subgroup_creation_level default to maintainer at SQL level 

- Migration updates existing groups to "owner", then sets default to
  "maintainer" so that new groups will default to that
- Update spec examples
This commit is contained in:
Fabio Papa 2019-06-30 14:40:23 -07:00
parent 4601b2d179
commit 2497a1e1cf
9 changed files with 61 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb
View File

@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1]
:subgroup_creation_level, :subgroup_creation_level,
:integer, :integer,
default: 0) default: 0)
change_column_default(:namespaces, :subgroup_creation_level, 1)
end end
end end

2
db/schema.rb
View File

@ -2112,7 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do
t.integer "extra_shared_runners_minutes_limit" t.integer "extra_shared_runners_minutes_limit"
t.string "ldap_sync_status", default: "ready", null: false t.string "ldap_sync_status", default: "ready", null: false
t.boolean "membership_lock", default: false t.boolean "membership_lock", default: false
t.integer "subgroup_creation_level", default: 0, null: false t.integer "subgroup_creation_level", default: 1, null: false
t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree
t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree
t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree

7
spec/controllers/admin/groups_controller_spec.rb
View File

@ -70,14 +70,13 @@ describe Admin::GroupsController do
end end
it 'updates the subgroup_creation_level successfully' do it 'updates the subgroup_creation_level successfully' do
MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
expect do expect do
post :update, post :update,
params: { id: group.to_param, params: { id: group.to_param,
group: { subgroup_creation_level: MAINTAINER } } group: { subgroup_creation_level: OWNER } }
end.to change { group.reload.subgroup_creation_level } end.to change { group.reload.subgroup_creation_level }.to(OWNER)
.to(MAINTAINER)
end end
end end
end end

5
spec/factories/groups.rb
View File

@ -5,7 +5,6 @@ FactoryBot.define do
type 'Group' type 'Group'
owner nil owner nil
project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS
subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
after(:create) do |group| after(:create) do |group|
if group.owner if group.owner
@ -46,5 +45,9 @@ FactoryBot.define do
trait :auto_devops_disabled do trait :auto_devops_disabled do
auto_devops_enabled false auto_devops_enabled false
end end
trait :owner_subgroup_creation_only do
subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
end
end end
end end

17
spec/features/groups/show_spec.rb
View File

@ -72,10 +72,11 @@ describe 'Group show page' do
context 'when subgroups are supported', :js, :nested_groups do context 'when subgroups are supported', :js, :nested_groups do
before do before do
allow(Group).to receive(:supports_nested_objects?) { true } allow(Group).to receive(:supports_nested_objects?) { true }
visit path
end end
it 'allows creating subgroups' do it 'allows creating subgroups' do
visit path
expect(page) expect(page)
.to have_css("li[data-text='New subgroup']", visible: false) .to have_css("li[data-text='New subgroup']", visible: false)
end end
@ -84,10 +85,11 @@ describe 'Group show page' do
context 'when subgroups are not supported' do context 'when subgroups are not supported' do
before do before do
allow(Group).to receive(:supports_nested_objects?) { false } allow(Group).to receive(:supports_nested_objects?) { false }
visit path
end end
it 'does not allow creating subgroups' do it 'does not allow creating subgroups' do
visit path
expect(page) expect(page)
.not_to have_selector("li[data-text='New subgroup']", visible: false) .not_to have_selector("li[data-text='New subgroup']", visible: false)
end end
@ -102,10 +104,9 @@ describe 'Group show page' do
context 'when subgroups are supported', :js, :nested_groups do context 'when subgroups are supported', :js, :nested_groups do
before do before do
allow(Group).to receive(:supports_nested_objects?) { true } allow(Group).to receive(:supports_nested_objects?) { true }
visit path
end end
context 'when subgroup_creation_level is set to maintainer' do context 'when subgroup_creation_level is set to maintainers' do
let(:group) do let(:group) do
create(:group, create(:group,
subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
@ -113,7 +114,9 @@ describe 'Group show page' do
it 'allows creating subgroups' do it 'allows creating subgroups' do
visit path visit path
expect(page).to have_css("li[data-text='New subgroup']", visible: false)
expect(page)
.to have_css("li[data-text='New subgroup']", visible: false)
end end
end end
@ -125,6 +128,7 @@ describe 'Group show page' do
it 'does not allow creating subgroups' do it 'does not allow creating subgroups' do
visit path visit path
expect(page) expect(page)
.not_to have_css("li[data-text='New subgroup']", visible: false) .not_to have_css("li[data-text='New subgroup']", visible: false)
end end
@ -134,10 +138,11 @@ describe 'Group show page' do
context 'when subgroups are not supported' do context 'when subgroups are not supported' do
before do before do
allow(Group).to receive(:supports_nested_objects?) { false } allow(Group).to receive(:supports_nested_objects?) { false }
visit path
end end
it 'does not allow creating subgroups' do it 'does not allow creating subgroups' do
visit path
expect(page) expect(page)
.not_to have_selector("li[data-text='New subgroup']", visible: false) .not_to have_selector("li[data-text='New subgroup']", visible: false)
end end

5
spec/models/group_spec.rb
View File

@ -997,9 +997,8 @@ describe Group do
describe 'subgroup_creation_level' do describe 'subgroup_creation_level' do
it 'defaults to maintainers' do it 'defaults to maintainers' do
group = create (:group) expect(group.subgroup_creation_level)
.to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
end end
end end
end end

31
spec/policies/group_policy_spec.rb
View File

@ -98,7 +98,32 @@ describe GroupPolicy do
context 'maintainer' do context 'maintainer' do
let(:current_user) { maintainer } let(:current_user) { maintainer }
context 'with subgroup_creation level set to maintainer' do
let(:group) { create(:group,
:private,
subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) }
it do it do
allow(Group).to receive(:supports_nested_objects?).and_return(true)
create_subgroup_permission = [:create_subgroup]
updated_maintainer_permissions =
maintainer_permissions + create_subgroup_permission
updated_owner_permissions =
owner_permissions - create_subgroup_permission
expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_allowed(*updated_maintainer_permissions)
expect_disallowed(*updated_owner_permissions)
end
end
context 'with subgroup_creation_level set to owner' do
it do
allow(Group).to receive(:supports_nested_objects?).and_return(true)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
@ -106,6 +131,7 @@ describe GroupPolicy do
expect_disallowed(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
end
context 'owner' do context 'owner' do
let(:current_user) { owner } let(:current_user) { owner }
@ -181,7 +207,10 @@ describe GroupPolicy do
end end
describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do
let(:nested_group) { create(:group, :private, parent: group) } let(:nested_group) { create(:group,
:private,
:owner_subgroup_creation_only,
parent: group) }
before do before do
nested_group.add_guest(guest) nested_group.add_guest(guest)

4
spec/requests/api/groups_spec.rb
View File

@ -803,10 +803,10 @@ describe API::Groups do
group2.add_maintainer(user1) group2.add_maintainer(user1)
end end
it 'cannot create subgroups' do it 'can create subgroups' do
post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' }
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(201)
end end
end end
end end

2
spec/support/shared_contexts/policies/group_policy_shared_context.rb
View File

@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do
let(:maintainer) { create(:user) } let(:maintainer) { create(:user) }
let(:owner) { create(:user) } let(:owner) { create(:user) }
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
let(:group) { create(:group, :private) } let(:group) { create(:group, :private, :owner_subgroup_creation_only) }
let(:guest_permissions) do let(:guest_permissions) do
%i[ %i[