Merge branch '41981-allow-group-owner-to-enable-runners-from-subgroups' into 'master'

Resolve "Group owner cannot enable/disable specific-runners which was registered in a project under a subgroup" Closes #41981 See merge request gitlab-org/gitlab-ce!18009

Merge branch '41981-allow-group-owner-to-enable-runners-from-subgroups' into 'master'
f22df3e9 · Yorick Peterse · 52440755 · f45b8888 · f22df3e9 · f22df3e9
Commit f22df3e9 authored Apr 09, 2018 by Yorick Peterse
Showing with 21 additions and 10 deletions

user.rb app/models/user.rb +1 -10

41981-allow-group-owner-to-enable-runners-from-subgroups.yml ...81-allow-group-owner-to-enable-runners-from-subgroups.yml +5 -0

user_spec.rb spec/models/user_spec.rb +15 -0

No files found.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -993,7 +993,7 @@ class User < ActiveRecord::Base
  def ci_authorized_runners
    @ci_authorized_runners ||= begin
      runner_ids = Ci::RunnerProject
-        .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
+        .where(project: authorized_projects(Gitlab::Access::MASTER))
        .select(:runner_id)
      Ci::Runner.specific.where(id: runner_ids)
    end
@@ -1204,15 +1204,6 @@ class User < ActiveRecord::Base
    ], remove_duplicates: false)
  end

-  def ci_projects_union
-    scope  = { access_level: [Gitlab::Access::MASTER, Gitlab::Access::OWNER] }
-    groups = groups_projects.where(members: scope)
-    other  = projects.where(members: scope)
-
-    Gitlab::SQL::Union.new([personal_projects.select(:id), groups.select(:id),
-                            other.select(:id)])
-  end
-
  # Added according to https://github.com/plataformatec/devise/blob/7df57d5081f9884849ca15e4fde179ef164a575f/README.md#activejob-integration
  def send_devise_notification(notification, *args)
    return true unless can?(:receive_notifications)

--- a/changelogs/unreleased/41981-allow-group-owner-to-enable-runners-from-subgroups.yml
+++ b/changelogs/unreleased/41981-allow-group-owner-to-enable-runners-from-subgroups.yml
+---
+title: 'Allow group owner to enable runners from subgroups (#41981)'
+merge_request: 18009
+author:
+type: fixed
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1850,6 +1850,21 @@ describe User do

      it_behaves_like :member
    end
+
+    context 'with subgroup with different owner for project runner', :nested_groups do
+      let(:group) { create(:group) }
+      let(:another_user) { create(:user) }
+      let(:subgroup) { create(:group, parent: group) }
+      let(:project) { create(:project, group: subgroup) }
+
+      def add_user(access)
+        group.add_user(user, access)
+        group.add_user(another_user, :owner)
+        subgroup.add_user(another_user, :owner)
+      end
+
+      it_behaves_like :member
+    end
  end

  describe '#projects_with_reporter_access_limited_to' do