Merge branch '12921-bulk-editing-group-issues-only-works-with-owner-access-level' into 'master'

Resolve "Bulk editing group issues only works with owner access level" See merge request gitlab-org/gitlab-ee!14744

Merge branch '12921-bulk-editing-group-issues-only-works-with-owner-access-level' into 'master'
Resolve "Bulk editing group issues only works with owner access level" See merge request gitlab-org/gitlab-ee!14744
22682dd1 · Robert Speicher · 90f21b8a · aaef6e25 · 22682dd1 · 22682dd1
Commit 22682dd1 authored Jul 23, 2019 by Robert Speicher
3 changed files
--- a/ee/app/controllers/groups/bulk_update_controller.rb
+++ b/ee/app/controllers/groups/bulk_update_controller.rb
@@ -3,7 +3,6 @@
 class Groups::BulkUpdateController < Groups::ApplicationController
  include IssuableActions
-  before_action :authorize_admin_group!
  before_action :verify_group_bulk_edit_enabled!, only: [:bulk_update]
  private

--- a/ee/changelogs/unreleased/12921-bulk-editing-group-issues-only-works-with-owner-access-level.yml
+++ b/ee/changelogs/unreleased/12921-bulk-editing-group-issues-only-works-with-owner-access-level.yml
+---
+title: Allow bulk editing group issues for reporter access level and higher
+merge_request: 14744
+author:
+type: fixed
--- a/ee/spec/controllers/groups/issues_controller_spec.rb
+++ b/ee/spec/controllers/groups/issues_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Groups::IssuesController do
+  let(:user)      { create(:user) }
+  let(:group)     { create(:group, :public) }
+  let(:project)   { create(:project_empty_repo, :public, namespace: group) }
+  let(:milestone) { create(:milestone, group: group) }
+  let(:issue1)    { create(:issue, project: project) }
+  let(:issue2)    { create(:issue, project: project) }
+  describe 'POST #bulk_update' do
+    subject { post :bulk_update, params: params, format: :json }
+    let(:params) do
+      {
+        update: {
+          milestone_id: milestone.id,
+          issuable_ids: "#{issue1.id}, #{issue2.id}"
+          },
+          group_id: group
+        }
+    end
+    context 'when group bulk edit feature is not enabled' do
+      before do
+        sign_in(user)
+        stub_licensed_features(group_bulk_edit: false)
+      end
+      it 'returns 404 status' do
+        subject
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+    context 'when group bulk edit feature is enabled' do
+      before do
+        sign_in(user)
+        stub_licensed_features(group_bulk_edit: true)
+      end
+      context 'when user has permissions to bulk update issues' do
+        before do
+          group.add_reporter(user)
+        end
+        it 'returns status 200' do
+          subject
+          expect(response.status).to eq(200)
+        end
+        it 'updates issues milestone' do
+          expect { subject }
+            .to change { issue1.reload.milestone }.from(nil).to(milestone)
+            .and change { issue2.reload.milestone }.from(nil).to(milestone)
+        end
+      end
+      context 'when user does not have permissions to bulk update issues' do
+        before do
+          group.add_guest(user)
+        end
+        it 'returns status 404' do
+          subject
+          expect(response.status).to eq(404)
+        end
+        it 'does not update issues milestone' do
+          expect { subject }
+            .to not_change { issue1.reload.milestone }
+            .and not_change { issue2.reload.milestone }
+        end
+      end
+    end
+  end
+end