Commit 59f8e596 authored by Sean McGivern's avatar Sean McGivern Committed by Rémy Coutable

Merge branch 'fix_project_member_access_levels' into 'master'

Fix project member access levels

Migrate invalid project members (owner -> master)

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18616

See merge request !6957
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent c8859c68
......@@ -140,6 +140,7 @@ Please view this file on the master branch, on stable branches it's out of date.
- Fix buggy iOS tooltip layering behavior.
- Make guests unable to view MRs on private projects
- Fix broken Project API docs (Takuya Noguchi)
- Migrate invalid project members (owner -> master)
## 8.12.7
......
class MakeProjectOwnersMasters < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def up
update_column_in_batches(:members, :access_level, 40) do |table, query|
query.where(table[:access_level].eq(50).and(table[:source_type].eq('Project')))
end
end
def down
# do nothing
end
end
......@@ -843,7 +843,7 @@ ActiveRecord::Schema.define(version: 20161019213545) do
t.integer "builds_access_level"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "repository_access_level", default: 20, null: false
t.integer "repository_access_level", default: 20, null: false
end
add_index "project_features", ["project_id"], name: "index_project_features_on_project_id", using: :btree
......
......@@ -271,4 +271,40 @@ describe Projects::ProjectMembersController do
end
end
end
describe 'POST create' do
let(:stranger) { create(:user) }
context 'when creating owner' do
before do
project.team << [user, :master]
sign_in(user)
end
it 'does not create a member' do
expect do
post :create, user_ids: stranger.id,
namespace_id: project.namespace,
access_level: Member::OWNER,
project_id: project
end.to change { project.members.count }.by(0)
end
end
context 'when create master' do
before do
project.team << [user, :master]
sign_in(user)
end
it 'creates a member' do
expect do
post :create, user_ids: stranger.id,
namespace_id: project.namespace,
access_level: Member::MASTER,
project_id: project
end.to change { project.members.count }.by(1)
end
end
end
end
......@@ -328,4 +328,15 @@ describe API::Members, api: true do
it_behaves_like 'DELETE /:sources/:id/members/:user_id', 'group' do
let(:source) { group }
end
context 'Adding owner to project' do
it 'returns 403' do
expect do
post api("/projects/#{project.id}/members", master),
user_id: stranger.id, access_level: Member::OWNER
expect(response).to have_http_status(422)
end.to change { project.members.count }.by(0)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment