Skip to content

G
gitlab-ce
Commit 693081cc authored by Douwe Maan's avatar Douwe Maan Committed by Rémy Coutable
Browse files
Options

Merge branch 'rs-issue-19878' into 'master' 

Ensure Owners are included in the scope for authorized_projects

Prior, when providing a `min_access_level` parameter to this method, we
called `Gitlab::Access.values` instead of `all_values`, mistakenly
omitting the `OWNER` level.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19878

See merge request !5353
parent 94ebe0f8
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 8 deletions
app/models/user.rb
View file @ 693081cc
......@@ -854,7 +854,7 @@ class User < ActiveRecord::Base
groups.joins(:shared_projects).select(:project_id)]
if min_access_level
scope = { access_level: Gitlab::Access.values.select { |access| access >= min_access_level } }
scope = { access_level: Gitlab::Access.all_values.select { |access| access >= min_access_level } }
relations = [relations.shift] + relations.map { |relation| relation.where(members: scope) }
end
......
spec/models/user_spec.rb
View file @ 693081cc
......@@ -887,16 +887,25 @@ describe User, models: true do
end
describe '#authorized_projects' do
let!(:user) { create(:user) }
let!(:private_project) { create(:project, :private) }
context 'with a minimum access level' do
it 'includes projects for which the user is an owner' do
user = create(:user)
project = create(:empty_project, :private, namespace: user.namespace)
before do
private_project.team << [user, Gitlab::Access::MASTER]
end
expect(user.authorized_projects(Gitlab::Access::REPORTER))
.to contain_exactly(project)
end
subject { user.authorized_projects }
it 'includes projects for which the user is a master' do
user = create(:user)
project = create(:empty_project, :private)
project.team << [user, Gitlab::Access::MASTER]
it { is_expected.to eq([private_project]) }
expect(user.authorized_projects(Gitlab::Access::REPORTER))
.to contain_exactly(project)
end
end
end
describe '#ci_authorized_runners' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7