Merge branch 'fix-permissions' into 'master'

Fix permissions Fixes #1358

Merge branch 'fix-permissions' into 'master'
Fix permissions Fixes #1358
71feb757 · Dmitriy Zaporozhets · c83004a0 · 0771109b · 71feb757 · 71feb757
Commit 71feb757 authored Jun 20, 2014 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 66 additions and 25 deletions

app/models/project_team.rb app/models/project_team.rb +15 -4

spec/models/project_team_spec.rb spec/models/project_team_spec.rb +51 -21

No files found.
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -118,19 +118,30 @@ class ProjectTeam
  end

  def guest?(user)
-    find_tm(user.id).try(:access_field) == Gitlab::Access::GUEST
+    max_tm_access(user.id) == Gitlab::Access::GUEST
  end

  def reporter?(user)
-    find_tm(user.id).try(:access_field) == Gitlab::Access::REPORTER
+    max_tm_access(user.id) == Gitlab::Access::REPORTER
  end

  def developer?(user)
-    find_tm(user.id).try(:access_field) == Gitlab::Access::DEVELOPER
+    max_tm_access(user.id) == Gitlab::Access::DEVELOPER
  end

  def master?(user)
-    find_tm(user.id).try(:access_field) == Gitlab::Access::MASTER
+    max_tm_access(user.id) == Gitlab::Access::MASTER
+  end
+
+  def max_tm_access(user_id)
+    access = []
+    access << project.users_projects.find_by(user_id: user_id).try(:access_field)
+
+    if group
+      access << group.users_groups.find_by(user_id: user_id).try(:access_field)
+    end
+
+    access.compact.max
  end

  private

--- a/spec/models/project_team_spec.rb
+++ b/spec/models/project_team_spec.rb
 require "spec_helper"

 describe ProjectTeam do
-  let(:group) { create(:group) }
-  let(:project) { create(:empty_project, group: group) }
-
  let(:master) { create(:user) }
  let(:reporter) { create(:user) }
  let(:guest) { create(:user) }
  let(:nonmember) { create(:user) }

-  before do
-    group.add_user(master, Gitlab::Access::MASTER)
-    group.add_user(reporter, Gitlab::Access::REPORTER)
-    group.add_user(guest, Gitlab::Access::GUEST)
+  context 'personal project' do
+    let(:project) { create(:empty_project) }

-    # Add group guest as master to this project
-    # to test project access priority over group members
-    project.team << [guest, :master]
-  end
+    before do
+      project.team << [master, :master]
+      project.team << [reporter, :reporter]
+      project.team << [guest, :guest]
+    end

-  describe 'members collection' do
-    it { project.team.masters.should include(master) }
-    it { project.team.masters.should include(guest) }
-    it { project.team.masters.should_not include(reporter) }
-    it { project.team.masters.should_not include(nonmember) }
+    describe 'members collection' do
+      it { project.team.masters.should include(master) }
+      it { project.team.masters.should_not include(guest) }
+      it { project.team.masters.should_not include(reporter) }
+      it { project.team.masters.should_not include(nonmember) }
+    end
+
+    describe 'access methods' do
+      it { project.team.master?(master).should be_true }
+      it { project.team.master?(guest).should be_false }
+      it { project.team.master?(reporter).should be_false }
+      it { project.team.master?(nonmember).should be_false }
+    end
  end

-  describe 'access methods' do
-    it { project.team.master?(master).should be_true }
-    it { project.team.master?(guest).should be_true }
-    it { project.team.master?(reporter).should be_false }
-    it { project.team.master?(nonmember).should be_false }
+  context 'group project' do
+    let(:group) { create(:group) }
+    let(:project) { create(:empty_project, group: group) }
+
+    before do
+      group.add_user(master, Gitlab::Access::MASTER)
+      group.add_user(reporter, Gitlab::Access::REPORTER)
+      group.add_user(guest, Gitlab::Access::GUEST)
+
+      # If user is a group and a project member - GitLab uses highest permission
+      # So we add group guest as master and add group master as guest
+      # to this project to test highest access
+      project.team << [guest, :master]
+      project.team << [master, :guest]
+    end
+
+    describe 'members collection' do
+      it { project.team.reporters.should include(reporter) }
+      it { project.team.masters.should include(master) }
+      it { project.team.masters.should include(guest) }
+      it { project.team.masters.should_not include(reporter) }
+      it { project.team.masters.should_not include(nonmember) }
+    end
+
+    describe 'access methods' do
+      it { project.team.reporter?(reporter).should be_true }
+      it { project.team.master?(master).should be_true }
+      it { project.team.master?(guest).should be_true }
+      it { project.team.master?(reporter).should be_false }
+      it { project.team.master?(nonmember).should be_false }
+    end
  end
 end