Ensure group/project owners can see their members' access_level

When you are the last owner of a group or the owner of a project, you don't have the :update_<source>_member / :destroy_<source>_member abilities, but you do have the :admin_<source>_member so you should be able to see your members access levels. Signed-off-by: Rémy Coutable <remy@rymai.me>

Ensure group/project owners can see their members' access_level
When you are the last owner of a group or the owner of a project, you don't have the :update_<source>_member / :destroy_<source>_member abilities, but you do have the :admin_<source>_member so you should be able to see your members access levels. Signed-off-by: Rémy Coutable <remy@rymai.me>
e71ce77e · Rémy Coutable · b2dc9176 · e71ce77e · e71ce77e · e71ce77e
Commit e71ce77e authored Jun 17, 2016 by Rémy Coutable
3 changed files
--- a/app/helpers/members_helper.rb
+++ b/app/helpers/members_helper.rb
@@ -6,6 +6,12 @@ module MembersHelper
    "#{action}_#{member.type.underscore}".to_sym
  end

+  def default_show_roles(member)
+    can?(current_user, action_member_permission(:update, member), member) ||
+    can?(current_user, action_member_permission(:destroy, member), member) ||
+    can?(current_user, action_member_permission(:admin, member), member.source)
+  end
+
  def remove_member_message(member, user: nil)
    user = current_user if defined?(current_user)


--- a/app/views/shared/members/_member.html.haml
+++ b/app/views/shared/members/_member.html.haml
- default_show_roles = can?(current_user, action_member_permission(:update, member), member) || can?(current_user, action_member_permission(:destroy, member), member)
- show_roles = local_assigns.fetch(:show_roles, default_show_roles)
+- show_roles = local_assigns.fetch(:show_roles, default_show_roles(member))
 - show_controls = local_assigns.fetch(:show_controls, true)
 - user = member.user


--- a/spec/helpers/members_helper_spec.rb
+++ b/spec/helpers/members_helper_spec.rb
@@ -9,6 +9,54 @@ describe MembersHelper do
    it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member }
  end

+  describe '#default_show_roles' do
+    let(:user) { double }
+    let(:member) { build(:project_member) }
+
+    before do
+      allow(helper).to receive(:current_user).and_return(user)
+      allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(false)
+      allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(false)
+      allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(false)
+    end
+
+    context 'when the current cannot update, destroy or admin the passed member' do
+      it 'returns false' do
+        expect(helper.default_show_roles(member)).to be_falsy
+      end
+    end
+
+    context 'when the current can update the passed member' do
+      before do
+        allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(true)
+      end
+
+      it 'returns true' do
+        expect(helper.default_show_roles(member)).to be_truthy
+      end
+    end
+
+    context 'when the current can destroy the passed member' do
+      before do
+        allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(true)
+      end
+
+      it 'returns true' do
+        expect(helper.default_show_roles(member)).to be_truthy
+      end
+    end
+
+    context 'when the current can admin the passed member source' do
+      before do
+        allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(true)
+      end
+
+      it 'returns true' do
+        expect(helper.default_show_roles(member)).to be_truthy
+      end
+    end
+  end
+
  describe '#remove_member_message' do
    let(:requester) { build(:user) }
    let(:project) { create(:project) }