Merge branch 'issue-331012' into 'master'

Add Additional Error Messages When Minimal Access Role is Not Available See merge request gitlab-org/gitlab!77646

Merge branch 'issue-331012' into 'master'
Add Additional Error Messages When Minimal Access Role is Not Available See merge request gitlab-org/gitlab!77646
05a6d361 · Douglas Barbosa Alexandre · 3d6e8dc5 · f93424e8 · 05a6d361 · 05a6d361
Commit 05a6d361 authored Jan 11, 2022 by Douglas Barbosa Alexandre
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 4 deletions

ee/app/models/ee/group_member.rb ee/app/models/ee/group_member.rb +5 -0

ee/spec/requests/api/members_spec.rb ee/spec/requests/api/members_spec.rb +18 -4

No files found.
--- a/ee/app/models/ee/group_member.rb
+++ b/ee/app/models/ee/group_member.rb
@@ -45,6 +45,11 @@ module EE
      return if access_level.in?(levels)

      errors.add(:access_level, "is not included in the list")
+
+      if access_level == ::Gitlab::Access::MINIMAL_ACCESS
+        errors.add(:access_level, "supported on top level groups only") if group.has_parent?
+        errors.add(:access_level, "not supported by license") unless group.feature_available?(:minimal_access_role)
+      end
    end

    override :post_create_hook

--- a/ee/spec/requests/api/members_spec.rb
+++ b/ee/spec/requests/api/members_spec.rb
@@ -7,11 +7,13 @@ RSpec.describe API::Members do

  context 'group members endpoints for group with minimal access feature' do
    let_it_be(:group) { create(:group) }
+    let_it_be(:subgroup) { create(:group, parent: group) }
    let_it_be(:minimal_access_member) { create(:group_member, :minimal_access, source: group) }
    let_it_be(:owner) { create(:user) }

    before do
      group.add_owner(owner)
+      subgroup.add_owner(owner)
    end

    describe "GET /groups/:id/members" do
@@ -41,21 +43,23 @@ RSpec.describe API::Members do
             params: { user_id: stranger.id, access_level: Member::MINIMAL_ACCESS }
      end

-      context 'when minimal access role is not available' do
+      context 'when minimal access license is not available' do
        it 'does not create a member' do
          expect do
            subject
          end.not_to change { group.all_group_members.count }

          expect(response).to have_gitlab_http_status(:bad_request)
-          expect(json_response['message']).to eq({ 'access_level' => ['is not included in the list'] })
+          expect(json_response['message']).to eq({ 'access_level' => ['is not included in the list', 'not supported by license'] })
        end
      end

-      context 'when minimal access role is available' do
-        it 'creates a member' do
+      context 'when minimal access license is available' do
+        before do
          stub_licensed_features(minimal_access_role: true)
+        end

+        it 'creates a member' do
          expect do
            subject
          end.to change { group.all_group_members.count }.by(1)
@@ -63,6 +67,16 @@ RSpec.describe API::Members do
          expect(response).to have_gitlab_http_status(:created)
          expect(json_response['id']).to eq(stranger.id)
        end
+
+        it 'cannot be assigned to subgroup' do
+          expect do
+            post api("/groups/#{subgroup.id}/members", owner),
+                 params: { user_id: stranger.id, access_level: Member::MINIMAL_ACCESS }
+          end.not_to change { subgroup.all_group_members.count }
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response['message']).to eq({ 'access_level' => ['is not included in the list', 'supported on top level groups only'] })
+        end
      end
    end