BigW Consortium Gitlab

Commit 4830a8b5 by Dmitriy Zaporozhets

Merge branch 'dm-nested-group-shared-projects' into 'master'

Fix access to projects shared with a nested group Closes #28787 See merge request !9565
parents 49ebd810 05f331f3
...@@ -474,7 +474,7 @@ class User < ActiveRecord::Base ...@@ -474,7 +474,7 @@ class User < ActiveRecord::Base
Group.member_descendants(id) Group.member_descendants(id)
end end
def nested_projects def nested_groups_projects
Project.joins(:namespace).where('namespaces.parent_id IS NOT NULL'). Project.joins(:namespace).where('namespaces.parent_id IS NOT NULL').
member_descendants(id) member_descendants(id)
end end
......
...@@ -115,11 +115,23 @@ module Users ...@@ -115,11 +115,23 @@ module Users
# Returns a union query of projects that the user is authorized to access # Returns a union query of projects that the user is authorized to access
def project_authorizations_union def project_authorizations_union
relations = [ relations = [
# Personal projects
user.personal_projects.select("#{user.id} AS user_id, projects.id AS project_id, #{Gitlab::Access::MASTER} AS access_level"), user.personal_projects.select("#{user.id} AS user_id, projects.id AS project_id, #{Gitlab::Access::MASTER} AS access_level"),
user.groups_projects.select_for_project_authorization,
# Projects the user is a member of
user.projects.select_for_project_authorization, user.projects.select_for_project_authorization,
# Projects of groups the user is a member of
user.groups_projects.select_for_project_authorization,
# Projects of subgroups of groups the user is a member of
user.nested_groups_projects.select_for_project_authorization,
# Projects shared with groups the user is a member of
user.groups.joins(:shared_projects).select_for_project_authorization, user.groups.joins(:shared_projects).select_for_project_authorization,
user.nested_projects.select_for_project_authorization
# Projects shared with subgroups of groups the user is a member of
user.nested_groups.joins(:shared_projects).select_for_project_authorization
] ]
Gitlab::SQL::Union.new(relations) Gitlab::SQL::Union.new(relations)
......
...@@ -1429,7 +1429,7 @@ describe User, models: true do ...@@ -1429,7 +1429,7 @@ describe User, models: true do
it { expect(user.nested_groups).to eq([nested_group]) } it { expect(user.nested_groups).to eq([nested_group]) }
end end
describe '#nested_projects' do describe '#nested_groups_projects' do
let!(:user) { create(:user) } let!(:user) { create(:user) }
let!(:group) { create(:group) } let!(:group) { create(:group) }
let!(:nested_group) { create(:group, parent: group) } let!(:nested_group) { create(:group, parent: group) }
...@@ -1444,7 +1444,7 @@ describe User, models: true do ...@@ -1444,7 +1444,7 @@ describe User, models: true do
other_project.add_developer(create(:user)) other_project.add_developer(create(:user))
end end
it { expect(user.nested_projects).to eq([nested_project]) } it { expect(user.nested_groups_projects).to eq([nested_project]) }
end end
describe '#refresh_authorized_projects', redis: true do describe '#refresh_authorized_projects', redis: true do
......
...@@ -131,6 +131,80 @@ describe Users::RefreshAuthorizedProjectsService do ...@@ -131,6 +131,80 @@ describe Users::RefreshAuthorizedProjectsService do
it 'sets the values to the access levels' do it 'sets the values to the access levels' do
expect(hash.values).to eq([Gitlab::Access::MASTER]) expect(hash.values).to eq([Gitlab::Access::MASTER])
end end
context 'personal projects' do
it 'includes the project with the right access level' do
expect(hash[project.id]).to eq(Gitlab::Access::MASTER)
end
end
context 'projects the user is a member of' do
let!(:other_project) { create(:empty_project) }
before do
other_project.team.add_reporter(user)
end
it 'includes the project with the right access level' do
expect(hash[other_project.id]).to eq(Gitlab::Access::REPORTER)
end
end
context 'projects of groups the user is a member of' do
let(:group) { create(:group) }
let!(:other_project) { create(:project, group: group) }
before do
group.add_owner(user)
end
it 'includes the project with the right access level' do
expect(hash[other_project.id]).to eq(Gitlab::Access::OWNER)
end
end
context 'projects of subgroups of groups the user is a member of' do
let(:group) { create(:group) }
let(:nested_group) { create(:group, parent: group) }
let!(:other_project) { create(:project, group: nested_group) }
before do
group.add_master(user)
end
it 'includes the project with the right access level' do
expect(hash[other_project.id]).to eq(Gitlab::Access::MASTER)
end
end
context 'projects shared with groups the user is a member of' do
let(:group) { create(:group) }
let(:other_project) { create(:empty_project) }
let!(:project_group_link) { create(:project_group_link, project: other_project, group: group, group_access: Gitlab::Access::GUEST) }
before do
group.add_master(user)
end
it 'includes the project with the right access level' do
expect(hash[other_project.id]).to eq(Gitlab::Access::GUEST)
end
end
context 'projects shared with subgroups of groups the user is a member of' do
let(:group) { create(:group) }
let(:nested_group) { create(:group, parent: group) }
let(:other_project) { create(:empty_project) }
let!(:project_group_link) { create(:project_group_link, project: other_project, group: nested_group, group_access: Gitlab::Access::DEVELOPER) }
before do
group.add_master(user)
end
it 'includes the project with the right access level' do
expect(hash[other_project.id]).to eq(Gitlab::Access::DEVELOPER)
end
end
end end
describe '#current_authorizations_per_project' do describe '#current_authorizations_per_project' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment