Commit 8a726a08 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'issue_45463' into 'master'

Fix users not seeing labels from private groups when being a member of a child project

Closes #45463

See merge request gitlab-org/gitlab-ce!18544
parents d3db21b4 2b5ac115
...@@ -22,7 +22,7 @@ class GroupPolicy < BasePolicy ...@@ -22,7 +22,7 @@ class GroupPolicy < BasePolicy
condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) } condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) }
condition(:has_projects) do condition(:has_projects) do
GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any? GroupProjectsFinder.new(group: @subject, current_user: @user, options: { include_subgroups: true }).execute.any?
end end
with_options scope: :subject, score: 0 with_options scope: :subject, score: 0
...@@ -43,7 +43,11 @@ class GroupPolicy < BasePolicy ...@@ -43,7 +43,11 @@ class GroupPolicy < BasePolicy
end end
rule { admin } .enable :read_group rule { admin } .enable :read_group
rule { has_projects } .enable :read_group
rule { has_projects }.policy do
enable :read_group
enable :read_label
end
rule { has_access }.enable :read_namespace rule { has_access }.enable :read_namespace
......
---
title: Fix users not seeing labels from private groups when being a member of a child project
merge_request:
author:
type: fixed
...@@ -170,6 +170,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -170,6 +170,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do
context 'on issue sidebar' do context 'on issue sidebar' do
before do before do
project_1.add_developer(user)
visit project_issue_path(project_1, issue) visit project_issue_path(project_1, issue)
end end
...@@ -180,6 +182,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -180,6 +182,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do
let(:board) { create(:board, project: project_1) } let(:board) { create(:board, project: project_1) }
before do before do
project_1.add_developer(user)
visit project_board_path(project_1, board) visit project_board_path(project_1, board)
wait_for_requests wait_for_requests
...@@ -194,6 +198,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -194,6 +198,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do
let(:board) { create(:board, group: parent) } let(:board) { create(:board, group: parent) }
before do before do
parent.add_developer(user)
visit group_board_path(parent, board) visit group_board_path(parent, board)
wait_for_requests wait_for_requests
...@@ -211,6 +217,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -211,6 +217,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do
context 'on project issuable list' do context 'on project issuable list' do
before do before do
project_1.add_developer(user)
visit project_issues_path(project_1) visit project_issues_path(project_1)
end end
...@@ -237,6 +245,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -237,6 +245,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do
let(:board) { create(:board, project: project_1) } let(:board) { create(:board, project: project_1) }
before do before do
project_1.add_developer(user)
visit project_board_path(project_1, board) visit project_board_path(project_1, board)
end end
...@@ -247,6 +257,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -247,6 +257,8 @@ feature 'Labels Hierarchy', :js, :nested_groups do
let(:board) { create(:board, group: parent) } let(:board) { create(:board, group: parent) }
before do before do
parent.add_developer(user)
visit group_board_path(parent, board) visit group_board_path(parent, board)
end end
...@@ -259,6 +271,7 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -259,6 +271,7 @@ feature 'Labels Hierarchy', :js, :nested_groups do
let(:board) { create(:board, project: project_1) } let(:board) { create(:board, project: project_1) }
before do before do
project_1.add_developer(user)
visit project_board_path(project_1, board) visit project_board_path(project_1, board)
find('.js-new-board-list').click find('.js-new-board-list').click
wait_for_requests wait_for_requests
...@@ -281,6 +294,7 @@ feature 'Labels Hierarchy', :js, :nested_groups do ...@@ -281,6 +294,7 @@ feature 'Labels Hierarchy', :js, :nested_groups do
let(:board) { create(:board, group: parent) } let(:board) { create(:board, group: parent) }
before do before do
parent.add_developer(user)
visit group_board_path(parent, board) visit group_board_path(parent, board)
find('.js-new-board-list').click find('.js-new-board-list').click
wait_for_requests wait_for_requests
......
...@@ -7,9 +7,9 @@ describe GroupPolicy do ...@@ -7,9 +7,9 @@ describe GroupPolicy do
let(:master) { create(:user) } let(:master) { create(:user) }
let(:owner) { create(:user) } let(:owner) { create(:user) }
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
let(:group) { create(:group) } let(:group) { create(:group, :private) }
let(:guest_permissions) { [:read_group, :upload_file, :read_namespace] } let(:guest_permissions) { [:read_label, :read_group, :upload_file, :read_namespace] }
let(:reporter_permissions) { [:admin_label] } let(:reporter_permissions) { [:admin_label] }
...@@ -50,6 +50,7 @@ describe GroupPolicy do ...@@ -50,6 +50,7 @@ describe GroupPolicy do
end end
context 'with no user' do context 'with no user' do
let(:group) { create(:group, :public) }
let(:current_user) { nil } let(:current_user) { nil }
it do it do
...@@ -63,6 +64,28 @@ describe GroupPolicy do ...@@ -63,6 +64,28 @@ describe GroupPolicy do
end end
end end
context 'has projects' do
let(:current_user) { create(:user) }
let(:project) { create(:project, namespace: group) }
before do
project.add_developer(current_user)
end
it do
expect_allowed(:read_group, :read_label)
end
context 'in subgroups', :nested_groups do
let(:subgroup) { create(:group, :private, parent: group) }
let(:project) { create(:project, namespace: subgroup) }
it do
expect_allowed(:read_group, :read_label)
end
end
end
context 'guests' do context 'guests' do
let(:current_user) { guest } let(:current_user) { guest }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment