BigW Consortium Gitlab

Add nested groups support to the Groups::CreateService

parent 7b4b3d5f
...@@ -12,6 +12,19 @@ module Groups ...@@ -12,6 +12,19 @@ module Groups
return @group return @group
end end
parent_id = params[:parent_id]
if parent_id
parent = Group.find(parent_id)
unless can?(current_user, :admin_group, parent)
@group.parent_id = nil
@group.errors.add(:parent_id, 'manage access required to create subgroup')
return @group
end
end
@group.name ||= @group.path.dup @group.name ||= @group.path.dup
@group.save @group.save
@group.add_owner(current_user) @group.add_owner(current_user)
......
require 'spec_helper' require 'spec_helper'
describe Groups::CreateService, services: true do describe Groups::CreateService, '#execute', services: true do
let!(:user) { create(:user) } let!(:user) { create(:user) }
let!(:group_params) { { path: "group_path", visibility_level: Gitlab::VisibilityLevel::PUBLIC } } let!(:group_params) { { path: "group_path", visibility_level: Gitlab::VisibilityLevel::PUBLIC } }
describe "execute" do describe 'visibility level restrictions' do
let!(:service) { described_class.new(user, group_params ) } let!(:service) { described_class.new(user, group_params) }
subject { service.execute } subject { service.execute }
context "create groups without restricted visibility level" do context "create groups without restricted visibility level" do
...@@ -14,7 +15,29 @@ describe Groups::CreateService, services: true do ...@@ -14,7 +15,29 @@ describe Groups::CreateService, services: true do
context "cannot create group with restricted visibility level" do context "cannot create group with restricted visibility level" do
before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC]) } before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC]) }
it { is_expected.not_to be_persisted } it { is_expected.not_to be_persisted }
end end
end end
describe 'creating subgroup' do
let!(:group) { create(:group) }
let!(:service) { described_class.new(user, group_params.merge(parent_id: group.id)) }
subject { service.execute }
context 'as group owner' do
before { group.add_owner(user) }
it { is_expected.to be_persisted }
end
context 'as guest' do
it 'does not save group and returns an error' do
is_expected.not_to be_persisted
expect(subject.errors[:parent_id].first).to eq('manage access required to create subgroup')
expect(subject.parent_id).to be_nil
end
end
end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment