BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
4830a8b5
Commit
4830a8b5
authored
Feb 28, 2017
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'dm-nested-group-shared-projects' into 'master'
Fix access to projects shared with a nested group Closes #28787 See merge request !9565
parents
49ebd810
05f331f3
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
91 additions
and
5 deletions
+91
-5
user.rb
app/models/user.rb
+1
-1
refresh_authorized_projects_service.rb
app/services/users/refresh_authorized_projects_service.rb
+14
-2
user_spec.rb
spec/models/user_spec.rb
+2
-2
refresh_authorized_projects_service_spec.rb
...ervices/users/refresh_authorized_projects_service_spec.rb
+74
-0
No files found.
app/models/user.rb
View file @
4830a8b5
...
@@ -474,7 +474,7 @@ class User < ActiveRecord::Base
...
@@ -474,7 +474,7 @@ class User < ActiveRecord::Base
Group
.
member_descendants
(
id
)
Group
.
member_descendants
(
id
)
end
end
def
nested_projects
def
nested_
groups_
projects
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
member_descendants
(
id
)
member_descendants
(
id
)
end
end
...
...
app/services/users/refresh_authorized_projects_service.rb
View file @
4830a8b5
...
@@ -115,11 +115,23 @@ module Users
...
@@ -115,11 +115,23 @@ module Users
# Returns a union query of projects that the user is authorized to access
# Returns a union query of projects that the user is authorized to access
def
project_authorizations_union
def
project_authorizations_union
relations
=
[
relations
=
[
# Personal projects
user
.
personal_projects
.
select
(
"
#{
user
.
id
}
AS user_id, projects.id AS project_id,
#{
Gitlab
::
Access
::
MASTER
}
AS access_level"
),
user
.
personal_projects
.
select
(
"
#{
user
.
id
}
AS user_id, projects.id AS project_id,
#{
Gitlab
::
Access
::
MASTER
}
AS access_level"
),
user
.
groups_projects
.
select_for_project_authorization
,
# Projects the user is a member of
user
.
projects
.
select_for_project_authorization
,
user
.
projects
.
select_for_project_authorization
,
# Projects of groups the user is a member of
user
.
groups_projects
.
select_for_project_authorization
,
# Projects of subgroups of groups the user is a member of
user
.
nested_groups_projects
.
select_for_project_authorization
,
# Projects shared with groups the user is a member of
user
.
groups
.
joins
(
:shared_projects
).
select_for_project_authorization
,
user
.
groups
.
joins
(
:shared_projects
).
select_for_project_authorization
,
user
.
nested_projects
.
select_for_project_authorization
# Projects shared with subgroups of groups the user is a member of
user
.
nested_groups
.
joins
(
:shared_projects
).
select_for_project_authorization
]
]
Gitlab
::
SQL
::
Union
.
new
(
relations
)
Gitlab
::
SQL
::
Union
.
new
(
relations
)
...
...
spec/models/user_spec.rb
View file @
4830a8b5
...
@@ -1429,7 +1429,7 @@ describe User, models: true do
...
@@ -1429,7 +1429,7 @@ describe User, models: true do
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
end
end
describe
'#nested_projects'
do
describe
'#nested_
groups_
projects'
do
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
let!
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
...
@@ -1444,7 +1444,7 @@ describe User, models: true do
...
@@ -1444,7 +1444,7 @@ describe User, models: true do
other_project
.
add_developer
(
create
(
:user
))
other_project
.
add_developer
(
create
(
:user
))
end
end
it
{
expect
(
user
.
nested_projects
).
to
eq
([
nested_project
])
}
it
{
expect
(
user
.
nested_
groups_
projects
).
to
eq
([
nested_project
])
}
end
end
describe
'#refresh_authorized_projects'
,
redis:
true
do
describe
'#refresh_authorized_projects'
,
redis:
true
do
...
...
spec/services/users/refresh_authorized_projects_service_spec.rb
View file @
4830a8b5
...
@@ -131,6 +131,80 @@ describe Users::RefreshAuthorizedProjectsService do
...
@@ -131,6 +131,80 @@ describe Users::RefreshAuthorizedProjectsService do
it
'sets the values to the access levels'
do
it
'sets the values to the access levels'
do
expect
(
hash
.
values
).
to
eq
([
Gitlab
::
Access
::
MASTER
])
expect
(
hash
.
values
).
to
eq
([
Gitlab
::
Access
::
MASTER
])
end
end
context
'personal projects'
do
it
'includes the project with the right access level'
do
expect
(
hash
[
project
.
id
]).
to
eq
(
Gitlab
::
Access
::
MASTER
)
end
end
context
'projects the user is a member of'
do
let!
(
:other_project
)
{
create
(
:empty_project
)
}
before
do
other_project
.
team
.
add_reporter
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
REPORTER
)
end
end
context
'projects of groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let!
(
:other_project
)
{
create
(
:project
,
group:
group
)
}
before
do
group
.
add_owner
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
OWNER
)
end
end
context
'projects of subgroups of groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
let!
(
:other_project
)
{
create
(
:project
,
group:
nested_group
)
}
before
do
group
.
add_master
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
MASTER
)
end
end
context
'projects shared with groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:other_project
)
{
create
(
:empty_project
)
}
let!
(
:project_group_link
)
{
create
(
:project_group_link
,
project:
other_project
,
group:
group
,
group_access:
Gitlab
::
Access
::
GUEST
)
}
before
do
group
.
add_master
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
GUEST
)
end
end
context
'projects shared with subgroups of groups the user is a member of'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:nested_group
)
{
create
(
:group
,
parent:
group
)
}
let
(
:other_project
)
{
create
(
:empty_project
)
}
let!
(
:project_group_link
)
{
create
(
:project_group_link
,
project:
other_project
,
group:
nested_group
,
group_access:
Gitlab
::
Access
::
DEVELOPER
)
}
before
do
group
.
add_master
(
user
)
end
it
'includes the project with the right access level'
do
expect
(
hash
[
other_project
.
id
]).
to
eq
(
Gitlab
::
Access
::
DEVELOPER
)
end
end
end
end
describe
'#current_authorizations_per_project'
do
describe
'#current_authorizations_per_project'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment