Add methods to transfer service

11092340 · Małgorzata Ksionek · e1f09138 · 11092340 · 11092340 · 11092340
Commit 11092340 authored Oct 14, 2020 by Małgorzata Ksionek
3 changed files
--- a/app/services/groups/transfer_service.rb
+++ b/app/services/groups/transfer_service.rb
@@ -38,6 +38,7 @@ module Groups
    # Overridden in EE
    def post_update_hooks(updated_project_ids)
      refresh_project_authorizations
+      refresh_descendant_groups if @new_parent_group
    end
    def ensure_allowed_transfer
@@ -101,6 +102,8 @@ module Groups
        @group.visibility_level = @new_parent_group.visibility_level
      end
+      update_two_factor_authentication if @new_parent_group
      @group.parent = @new_parent_group
      @group.clear_memoization(:self_and_ancestors_ids)
@@ -129,8 +132,26 @@ module Groups
      projects_to_update
        .update_all(visibility_level: @new_parent_group.visibility_level)
    end
+    def update_two_factor_authentication
+      return if namespace_parent_allows_two_factor_auth
+      @group.require_two_factor_authentication = false
+    end
+    def refresh_descendant_groups
+      return if namespace_parent_allows_two_factor_auth
+      if @group.descendants.where(require_two_factor_authentication: true).any?
+        DisallowTwoFactorForSubgroupsWorker.perform_async(@group.id)
+      end
+    end
    # rubocop: enable CodeReuse/ActiveRecord
+    def namespace_parent_allows_two_factor_auth
+      @new_parent_group.namespace_settings.allow_mfa_for_subgroups
+    end
    def ensure_ownership
      return if @new_parent_group
      return unless @group.owners.empty?

--- a/app/services/groups/update_service.rb
+++ b/app/services/groups/update_service.rb
@@ -101,7 +101,7 @@ module Groups
      settings = group.namespace_settings
      return if settings.allow_mfa_for_subgroups
-      binding.pry
      if settings.previous_changes.include?(:allow_mfa_for_subgroups)
        # enque in batches members update
        DisallowTwoFactorForSubgroupsWorker.perform_async(group.id)

--- a/spec/services/groups/transfer_service_spec.rb
+++ b/spec/services/groups/transfer_service_spec.rb
@@ -567,6 +567,39 @@ RSpec.describe Groups::TransferService do
        end
      end
+      context 'when transferring a group with two factor authentication switched on' do
+        before do
+          TestEnv.clean_test_path
+          create(:group_member, :owner, group: new_parent_group, user: user)
+          create(:group, :private, parent: group, require_two_factor_authentication: true)
+          group.update!(require_two_factor_authentication: true)
+        end
+        it 'does not update group two factor authentication setting' do
+          transfer_service.execute(new_parent_group)
+          expect(group.require_two_factor_authentication).to eq(true)
+        end
+        context 'when new parent disallows two factor authentication switched on for descendants' do
+          before do
+            new_parent_group.namespace_settings.update!(allow_mfa_for_subgroups: false)
+          end
+          it 'updates group two factor authentication setting' do
+            transfer_service.execute(new_parent_group)
+            expect(group.require_two_factor_authentication).to eq(false)
+          end
+          it 'schedules update of group two factor authentication setting for descendants' do
+            expect(DisallowTwoFactorForSubgroupsWorker).to receive(:perform_async).with(group.id)
+            transfer_service.execute(new_parent_group)
+          end
+        end
+      end
      context 'when updating the group goes wrong' do
        let!(:subgroup1) { create(:group, :public, parent: group) }
        let!(:subgroup2) { create(:group, :public, parent: group) }