Commit 9764c123 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'tpresa-add-highest-role-to-user' into 'master'

Add highest_role method to User

See merge request gitlab-org/gitlab-ce!25462
parents e14b4b05 538741f2
......@@ -917,6 +917,10 @@ class User < ApplicationRecord
DeployKey.unscoped.in_projects(authorized_projects.pluck(:id)).distinct(:id)
end
def highest_role
members.maximum(:access_level) || Gitlab::Access::NO_ACCESS
end
def accessible_deploy_keys
@accessible_deploy_keys ||= begin
key_ids = project_deploy_keys.pluck(:id)
......
......@@ -117,6 +117,11 @@
%strong
= @user.sign_in_count
%li
%span.light= _("Highest role:")
%strong
= Gitlab::Access.human_access_with_none(@user.highest_role)
- if @user.ldap_user?
%li
%span.light LDAP uid:
......
---
title: Adding highest role property to admin's user details page
merge_request:
author:
type: added
......@@ -140,7 +140,8 @@ GET /users
"can_create_project": true,
"two_factor_enabled": true,
"external": false,
"private_profile": false
"private_profile": false,
"highest_role":10
}
]
```
......
......@@ -86,6 +86,10 @@ module API
expose :admin?, as: :is_admin
end
class UserDetailsWithAdmin < UserWithAdmin
expose :highest_role
end
class UserStatus < Grape::Entity
expose :emoji
expose :message
......
......@@ -124,7 +124,7 @@ module API
user = User.find_by(id: params[:id])
not_found!('User') unless user && can?(current_user, :read_user, user)
opts = { with: current_user&.admin? ? Entities::UserWithAdmin : Entities::User, current_user: current_user }
opts = { with: current_user&.admin? ? Entities::UserDetailsWithAdmin : Entities::User, current_user: current_user }
user, opts = with_custom_attributes(user, opts)
present user, opts
......
......@@ -46,6 +46,12 @@ module Gitlab
)
end
def options_with_none
options_with_owner.merge(
"None" => NO_ACCESS
)
end
def sym_options
{
guest: GUEST,
......@@ -75,12 +81,20 @@ module Gitlab
def human_access(access)
options_with_owner.key(access)
end
def human_access_with_none(access)
options_with_none.key(access)
end
end
def human_access
Gitlab::Access.human_access(access_field)
end
def human_access_with_none
Gitlab::Access.human_access_with_none(access_field)
end
def owner?
access_field == OWNER
end
......
......@@ -4121,6 +4121,9 @@ msgstr[1] ""
msgid "Hide values"
msgstr ""
msgid "Highest role:"
msgstr ""
msgid "History"
msgstr ""
......
......@@ -660,6 +660,68 @@ describe User do
end
end
describe '#highest_role' do
let(:user) { create(:user) }
let(:group) { create(:group) }
it 'returns NO_ACCESS if none has been set' do
expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
end
it 'returns MAINTAINER if user is maintainer of a project' do
create(:project, group: group) do |project|
project.add_maintainer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple projects' do
create(:project, group: group) do |project|
project.add_maintainer(user)
end
create(:project, group: group) do |project|
project.add_developer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns MAINTAINER if user is maintainer of a group' do
create(:group) do |group|
group.add_user(user, GroupMember::MAINTAINER)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple groups' do
create(:group) do |group|
group.add_user(user, GroupMember::MAINTAINER)
end
create(:group) do |group|
group.add_user(user, GroupMember::DEVELOPER)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple groups and projects' do
create(:group) do |group|
group.add_user(user, GroupMember::DEVELOPER)
end
create(:project, group: group) do |project|
project.add_maintainer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
end
describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do
let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") }
let(:user) { create(:user) }
......
......@@ -68,6 +68,13 @@ describe API::Users do
expect(json_response.size).to eq(0)
end
it "does not return the highest role" do
get api("/users"), params: { username: user.username }
expect(response).to match_response_schema('public_api/v4/user/basics')
expect(json_response.first.keys).not_to include 'highest_role'
end
context "when public level is restricted" do
before do
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
......@@ -286,6 +293,13 @@ describe API::Users do
expect(json_response.keys).not_to include 'is_admin'
end
it "does not return the user's `highest_role`" do
get api("/users/#{user.id}", user)
expect(response).to match_response_schema('public_api/v4/user/basic')
expect(json_response.keys).not_to include 'highest_role'
end
context 'when authenticated as admin' do
it 'includes the `is_admin` field' do
get api("/users/#{user.id}", admin)
......@@ -300,6 +314,12 @@ describe API::Users do
expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response.keys).to include 'created_at'
end
it 'includes the `highest_role` field' do
get api("/users/#{user.id}", admin)
expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response['highest_role']).to be(0)
end
end
context 'for an anonymous user' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment