Merge branch 'georgekoltsov/run-project-authorizations-refresh-after-import' into 'master'

Do not run refresh_member_authorized_projects callback when importing

See merge request gitlab-org/gitlab!67975

app/models/member.rb

@@ -179,7 +179,7 @@ class Member < ApplicationRecord
   after_destroy :post_destroy_hook, unless: :pending?, if: :hook_prerequisites_met?
   after_save :log_invitation_token_cleanup
 
-  after_commit :refresh_member_authorized_projects
+  after_commit :refresh_member_authorized_projects, unless: :importing?
 
   default_value_for :notification_level, NotificationSetting.levels[:global]
 

app/models/project.rb

@@ -1901,6 +1901,7 @@ class Project < ApplicationRecord
 
     DetectRepositoryLanguagesWorker.perform_async(id)
     ProjectCacheWorker.perform_async(self.id, [], [:repository_size])
+    AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(id)
 
     # The import assigns iid values on its own, e.g. by re-using GitHub ids.
     # Flush existing InternalId records for this project for consistency reasons.

spec/lib/gitlab/import_export/members_mapper_spec.rb

@@ -165,11 +165,10 @@ RSpec.describe Gitlab::ImportExport::MembersMapper do
         let(:member_class) { ProjectMember }
         let(:importable) { create(:project, :public, name: 'searchable_project') }
 
-        it 'authorizes the users to the project' do
+        it 'adds users to project members' do
           members_mapper.map
 
-          expect(user.authorized_project?(importable)).to be true
-          expect(user2.authorized_project?(importable)).to be true
+          expect(importable.reload.members.map(&:user)).to include(user, user2)
         end
 
         it 'maps an owner as a maintainer' do

spec/models/members/group_member_spec.rb

@@ -136,4 +136,16 @@ RSpec.describe GroupMember do
       group_member.update!(expires_at: 5.days.from_now)
     end
   end
+
+  describe 'refresh_member_authorized_projects' do
+    context 'when importing' do
+      it 'does not refresh' do
+        expect(UserProjectAccessChangedService).not_to receive(:new)
+
+        member = build(:group_member)
+        member.importing = true
+        member.save!
+      end
+    end
+  end
 end

spec/models/members/project_member_spec.rb

@@ -172,6 +172,16 @@ RSpec.describe ProjectMember do
         user.destroy!
       end
     end
+
+    context 'when importing' do
+      it 'does not refresh' do
+        expect(AuthorizedProjectUpdate::ProjectRecalculatePerUserService).not_to receive(:new)
+
+        member = build(:project_member)
+        member.importing = true
+        member.save!
+      end
+    end
   end
 
   context 'authorization refresh on addition/updation/deletion' do

spec/models/project_spec.rb

@@ -5204,11 +5204,26 @@ RSpec.describe Project, factory_default: :keep do
       expect(InternalId).to receive(:flush_records!).with(project: project)
       expect(ProjectCacheWorker).to receive(:perform_async).with(project.id, [], [:repository_size])
       expect(DetectRepositoryLanguagesWorker).to receive(:perform_async).with(project.id)
+      expect(AuthorizedProjectUpdate::ProjectRecalculateWorker).to receive(:perform_async).with(project.id)
       expect(project).to receive(:set_full_path)
 
       project.after_import
     end
 
+    context 'project authorizations refresh' do
+      it 'updates user authorizations' do
+        create(:import_state, :started, project: project)
+
+        member = build(:project_member, project: project)
+        member.importing = true
+        member.save!
+
+        Sidekiq::Testing.inline! { project.after_import }
+
+        expect(member.user.authorized_project?(project)).to be true
+      end
+    end
+
     context 'branch protection' do
       let_it_be(:namespace) { create(:namespace) }