Commit 41ae26d9 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'api-nested-group-permission' into 'master'

Return the maximum group access level in the projects API

Closes #43684

See merge request gitlab-org/gitlab-ce!24403
parents 5e01cf72 ab94a5a5
...@@ -382,6 +382,10 @@ class Group < Namespace ...@@ -382,6 +382,10 @@ class Group < Namespace
end end
end end
def highest_group_member(user)
GroupMember.where(source_id: self_and_ancestors_ids, user_id: user.id).order(:access_level).last
end
def hashed_storage?(_feature) def hashed_storage?(_feature)
false false
end end
......
---
title: Return the maximum group access level in the projects API
merge_request: 24403
author:
type: changed
...@@ -964,7 +964,7 @@ module API ...@@ -964,7 +964,7 @@ module API
if options[:group_members] if options[:group_members]
options[:group_members].find { |member| member.source_id == project.namespace_id } options[:group_members].find { |member| member.source_id == project.namespace_id }
else else
project.group.group_member(options[:current_user]) project.group.highest_group_member(options[:current_user])
end end
end end
end end
......
...@@ -722,6 +722,42 @@ describe Group do ...@@ -722,6 +722,42 @@ describe Group do
end end
end end
describe '#highest_group_member', :nested_groups do
let(:nested_group) { create(:group, parent: group) }
let(:nested_group_2) { create(:group, parent: nested_group) }
let(:user) { create(:user) }
subject(:highest_group_member) { nested_group_2.highest_group_member(user) }
context 'when the user is not a member of any group in the hierarchy' do
it 'returns nil' do
expect(highest_group_member).to be_nil
end
end
context 'when the user is only a member of one group in the hierarchy' do
before do
nested_group.add_developer(user)
end
it 'returns that group member' do
expect(highest_group_member.access_level).to eq(Gitlab::Access::DEVELOPER)
end
end
context 'when the user is a member of several groups in the hierarchy' do
before do
group.add_owner(user)
nested_group.add_developer(user)
nested_group_2.add_maintainer(user)
end
it 'returns the group member with the highest access level' do
expect(highest_group_member.access_level).to eq(Gitlab::Access::OWNER)
end
end
end
describe '#has_parent?' do describe '#has_parent?' do
context 'when the group has a parent' do context 'when the group has a parent' do
it 'should be truthy' do it 'should be truthy' do
......
...@@ -1147,6 +1147,40 @@ describe API::Projects do ...@@ -1147,6 +1147,40 @@ describe API::Projects do
.to eq(Gitlab::Access::OWNER) .to eq(Gitlab::Access::OWNER)
end end
end end
context 'nested group project', :nested_groups do
let(:group) { create(:group) }
let(:nested_group) { create(:group, parent: group) }
let(:project2) { create(:project, group: nested_group) }
before do
project2.group.parent.add_owner(user)
end
it 'sets group access and return 200' do
get api("/projects/#{project2.id}", user)
expect(response).to have_gitlab_http_status(200)
expect(json_response['permissions']['project_access']).to be_nil
expect(json_response['permissions']['group_access']['access_level'])
.to eq(Gitlab::Access::OWNER)
end
context 'with various access levels across nested groups' do
before do
project2.group.add_maintainer(user)
end
it 'sets the maximum group access and return 200' do
get api("/projects/#{project2.id}", user)
expect(response).to have_gitlab_http_status(200)
expect(json_response['permissions']['project_access']).to be_nil
expect(json_response['permissions']['group_access']['access_level'])
.to eq(Gitlab::Access::OWNER)
end
end
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment