Signed in admin should be able to add/remove himself to a group

parent 1ad8b731
......@@ -346,12 +346,10 @@ class Ability
unless group.last_owner?(target_user)
can_manage = group_abilities(user, group).include?(:admin_group_member)
if can_manage && user != target_user
if can_manage
rules << :update_group_member
rules << :destroy_group_member
end
if user == target_user
elsif user == target_user
rules << :destroy_group_member
end
end
......
......@@ -33,3 +33,19 @@ Feature: Admin Groups
When I visit admin group page
When I select user "johndoe@gitlab.com" from user list as "Reporter"
Then I should see "johndoe@gitlab.com" in team list in every project as "Reporter"
@javascript
Scenario: Signed in admin should be able to add himself to a group
Given "John Doe" is owner of group "Owned"
When I visit group "Owned" members page
When I select current user as "Developer"
Then I should see current user as "Developer"
@javascript
Scenario: Signed in admin should be able to remove himself from group
Given current user is developer of group "Owned"
When I visit group "Owned" members page
Then I should see current user as "Developer"
When I click on the "Remove User From Group" button for current user
When I visit group "Owned" members page
Then I should not see current user as "Developer"
class Spinach::Features::AdminGroups < Spinach::FeatureSteps
include SharedAuthentication
include SharedGroup
include SharedPaths
include SharedUser
include SharedActiveTab
......@@ -88,6 +89,34 @@ class Spinach::Features::AdminGroups < Spinach::FeatureSteps
end
end
step 'I select current user as "Developer"' do
page.within ".users-group-form" do
select2(current_user.id, from: "#user_ids", multiple: true)
select "Developer", from: "access_level"
end
click_button "Add users to group"
end
step 'I should see current user as "Developer"' do
page.within '.content-list' do
expect(page).to have_content(current_user.name)
expect(page).to have_content('Developer')
end
end
step 'I click on the "Remove User From Group" button for current user' do
find(:css, 'li', text: current_user.name).find(:css, 'a.btn-remove').click
# poltergeist always confirms popups.
end
step 'I should not see current user as "Developer"' do
page.within '.content-list' do
expect(page).not_to have_content(current_user.name)
expect(page).not_to have_content('Developer')
end
end
protected
def current_group
......
module SharedGroup
include Spinach::DSL
step 'current user is developer of group "Owned"' do
is_member_of(current_user.name, "Owned", Gitlab::Access::DEVELOPER)
end
step '"John Doe" is owner of group "Owned"' do
is_member_of("John Doe", "Owned", Gitlab::Access::OWNER)
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment