Merge branch '18792-allow-update-by-internal-api' into 'master'

Allow internal projects API to modify container_registry_access_level

See merge request gitlab-org/gitlab!67208

app/controllers/projects_controller.rb

@@ -388,6 +388,7 @@ class ProjectsController < Projects::ApplicationController
       analytics_access_level
       operations_access_level
       security_and_compliance_access_level
+      container_registry_access_level
     ]
   end
 

app/helpers/projects_helper.rb

@@ -354,6 +354,29 @@ module ProjectsHelper
     project.repository_languages.with_programming_language('HCL').exists? && project.terraform_states.empty?
   end
 
+  def project_permissions_panel_data(project)
+    {
+      packagesAvailable: ::Gitlab.config.packages.enabled,
+      packagesHelpPath: help_page_path('user/packages/index'),
+      currentSettings: project_permissions_settings(project),
+      canDisableEmails: can_disable_emails?(project, current_user),
+      canChangeVisibilityLevel: can_change_visibility_level?(project, current_user),
+      allowedVisibilityOptions: project_allowed_visibility_levels(project),
+      visibilityHelpPath: help_page_path('public_access/public_access'),
+      registryAvailable: Gitlab.config.registry.enabled,
+      registryHelpPath: help_page_path('user/packages/container_registry/index'),
+      lfsAvailable: Gitlab.config.lfs.enabled,
+      lfsHelpPath: help_page_path('topics/git/lfs/index'),
+      lfsObjectsExist: project.lfs_objects.exists?,
+      lfsObjectsRemovalHelpPath: help_page_path('topics/git/lfs/index', anchor: 'removing-objects-from-lfs'),
+      pagesAvailable: Gitlab.config.pages.enabled,
+      pagesAccessControlEnabled: Gitlab.config.pages.access_control,
+      pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?,
+      pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control'),
+      issuesHelpPath: help_page_path('user/project/issues/index')
+    }
+  end
+
   private
 
   def tab_ability_map
@@ -510,37 +533,11 @@ module ProjectsHelper
       metricsDashboardAccessLevel: feature.metrics_dashboard_access_level,
       operationsAccessLevel: feature.operations_access_level,
       showDefaultAwardEmojis: project.show_default_award_emojis?,
-      securityAndComplianceAccessLevel: project.security_and_compliance_access_level
-    }
-  end
-
-  def project_permissions_panel_data(project)
-    {
-      packagesAvailable: ::Gitlab.config.packages.enabled,
-      packagesHelpPath: help_page_path('user/packages/index'),
-      currentSettings: project_permissions_settings(project),
-      canDisableEmails: can_disable_emails?(project, current_user),
-      canChangeVisibilityLevel: can_change_visibility_level?(project, current_user),
-      allowedVisibilityOptions: project_allowed_visibility_levels(project),
-      visibilityHelpPath: help_page_path('public_access/public_access'),
-      registryAvailable: Gitlab.config.registry.enabled,
-      registryHelpPath: help_page_path('user/packages/container_registry/index'),
-      lfsAvailable: Gitlab.config.lfs.enabled,
-      lfsHelpPath: help_page_path('topics/git/lfs/index'),
-      lfsObjectsExist: project.lfs_objects.exists?,
-      lfsObjectsRemovalHelpPath: help_page_path('topics/git/lfs/index', anchor: 'removing-objects-from-lfs'),
-      pagesAvailable: Gitlab.config.pages.enabled,
-      pagesAccessControlEnabled: Gitlab.config.pages.access_control,
-      pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?,
-      pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control'),
-      issuesHelpPath: help_page_path('user/project/issues/index')
+      securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
+      containerRegistryAccessLevel: feature.container_registry_access_level
     }
   end
 
-  def project_permissions_panel_data_json(project)
-    project_permissions_panel_data(project).to_json.html_safe
-  end
-
   def project_allowed_visibility_levels(project)
     Gitlab::VisibilityLevel.values.select do |level|
       project.visibility_level_allowed?(level) && !restricted_levels.include?(level)

app/views/projects/edit.html.haml

@@ -19,7 +19,7 @@
   .settings-content
     = form_for @project, html: { multipart: true, class: "sharing-permissions-form" }, authenticity_token: true do |f|
       %input{ name: 'update_section', type: 'hidden', value: 'js-shared-permissions' }
-      %template.js-project-permissions-form-data{ type: "application/json" }= project_permissions_panel_data_json(@project)
+      %template.js-project-permissions-form-data{ type: "application/json" }= project_permissions_panel_data(@project).to_json.html_safe
       .js-project-permissions-form
       - if show_visibility_confirm_modal?(@project)
         = render "visibility_modal"

spec/controllers/projects_controller_spec.rb

@@ -778,6 +778,33 @@ RSpec.describe ProjectsController do
         end
       end
     end
+
+    context 'with project feature attributes' do
+      using RSpec::Parameterized::TableSyntax
+
+      where(:feature, :initial_value, :update_to) do
+        :metrics_dashboard_access_level  | ProjectFeature::PRIVATE | ProjectFeature::ENABLED
+        :container_registry_access_level | ProjectFeature::ENABLED | ProjectFeature::PRIVATE
+      end
+
+      with_them do
+        it "updates the project_feature new" do
+          params = {
+            namespace_id: project.namespace,
+            id: project.path,
+            project: {
+              project_feature_attributes: {
+                "#{feature}": update_to
+              }
+            }
+          }
+
+          expect { put :update, params: params }.to change {
+            project.reload.project_feature.public_send(feature)
+          }.from(initial_value).to(update_to)
+        end
+      end
+    end
   end
 
   describe '#transfer', :enable_admin_mode do

spec/helpers/projects_helper_spec.rb

@@ -917,4 +917,40 @@ RSpec.describe ProjectsHelper do
       subject
     end
   end
+
+  describe '#project_permissions_panel_data' do
+    subject { helper.project_permissions_panel_data(project) }
+
+    before do
+      allow(helper).to receive(:can?) { true }
+      allow(helper).to receive(:current_user).and_return(user)
+    end
+
+    it 'includes project_permissions_settings' do
+      settings = subject.dig(:currentSettings)
+
+      expect(settings).to include(
+        packagesEnabled: !!project.packages_enabled,
+        visibilityLevel: project.visibility_level,
+        requestAccessEnabled: !!project.request_access_enabled,
+        issuesAccessLevel: project.project_feature.issues_access_level,
+        repositoryAccessLevel: project.project_feature.repository_access_level,
+        forkingAccessLevel: project.project_feature.forking_access_level,
+        mergeRequestsAccessLevel: project.project_feature.merge_requests_access_level,
+        buildsAccessLevel: project.project_feature.builds_access_level,
+        wikiAccessLevel: project.project_feature.wiki_access_level,
+        snippetsAccessLevel: project.project_feature.snippets_access_level,
+        pagesAccessLevel: project.project_feature.pages_access_level,
+        analyticsAccessLevel: project.project_feature.analytics_access_level,
+        containerRegistryEnabled: !!project.container_registry_enabled,
+        lfsEnabled: !!project.lfs_enabled,
+        emailsDisabled: project.emails_disabled?,
+        metricsDashboardAccessLevel: project.project_feature.metrics_dashboard_access_level,
+        operationsAccessLevel: project.project_feature.operations_access_level,
+        showDefaultAwardEmojis: project.show_default_award_emojis?,
+        securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
+        containerRegistryAccessLevel: project.project_feature.container_registry_access_level
+      )
+    end
+  end
 end