Merge branch '332590-user-cap-in-update-service' into 'master'

Added new_user_signups_cap to setting update service See merge request gitlab-org/gitlab!65542

Merge branch '332590-user-cap-in-update-service' into 'master'
Added new_user_signups_cap to setting update service See merge request gitlab-org/gitlab!65542
3d1a575b · Alex Kalderimis · 0afb5421 · f88b2f61 · 3d1a575b · 3d1a575b
Commit 3d1a575b authored Jul 14, 2021 by Alex Kalderimis
4 changed files
--- a/app/models/namespace_setting.rb
+++ b/app/models/namespace_setting.rb
@@ -15,7 +15,7 @@ class NamespaceSetting < ApplicationRecord

  NAMESPACE_SETTINGS_PARAMS = [:default_branch_name, :delayed_project_removal,
                               :lock_delayed_project_removal, :resource_access_token_creation_allowed,
-                               :prevent_sharing_groups_outside_hierarchy].freeze
+                               :prevent_sharing_groups_outside_hierarchy, :new_user_signups_cap].freeze

  self.primary_key = :namespace_id


--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -156,6 +156,7 @@ class GroupPolicy < BasePolicy
    enable :set_note_created_at
    enable :set_emails_disabled
    enable :change_prevent_sharing_groups_outside_hierarchy
+    enable :change_new_user_signups_cap
    enable :update_default_branch_protection
    enable :create_deploy_token
    enable :destroy_deploy_token

--- a/app/services/namespace_settings/update_service.rb
+++ b/app/services/namespace_settings/update_service.rb
@@ -14,7 +14,15 @@ module NamespaceSettings

    def execute
      validate_resource_access_token_creation_allowed_param
-      validate_prevent_sharing_groups_outside_hierarchy_param
+
+      validate_settings_param_for_root_group(
+        param_key: :prevent_sharing_groups_outside_hierarchy,
+        user_policy: :change_prevent_sharing_groups_outside_hierarchy
+      )
+      validate_settings_param_for_root_group(
+        param_key: :new_user_signups_cap,
+        user_policy: :change_new_user_signups_cap
+      )

      if group.namespace_settings
        group.namespace_settings.attributes = settings_params
@@ -34,17 +42,17 @@ module NamespaceSettings
      end
    end

-    def validate_prevent_sharing_groups_outside_hierarchy_param
-      return if settings_params[:prevent_sharing_groups_outside_hierarchy].nil?
+    def validate_settings_param_for_root_group(param_key:, user_policy:)
+      return if settings_params[param_key].nil?

-      unless can?(current_user, :change_prevent_sharing_groups_outside_hierarchy, group)
-        settings_params.delete(:prevent_sharing_groups_outside_hierarchy)
-        group.namespace_settings.errors.add(:prevent_sharing_groups_outside_hierarchy, _('can only be changed by a group admin.'))
+      unless can?(current_user, user_policy, group)
+        settings_params.delete(param_key)
+        group.namespace_settings.errors.add(param_key, _('can only be changed by a group admin.'))
      end

      unless group.root?
-        settings_params.delete(:prevent_sharing_groups_outside_hierarchy)
-        group.namespace_settings.errors.add(:prevent_sharing_groups_outside_hierarchy, _('only available on top-level groups.'))
+        settings_params.delete(param_key)
+        group.namespace_settings.errors.add(param_key, _('only available on top-level groups.'))
      end
    end
  end

--- a/spec/services/namespace_settings/update_service_spec.rb
+++ b/spec/services/namespace_settings/update_service_spec.rb
@@ -76,50 +76,61 @@ RSpec.describe NamespaceSettings::UpdateService do
      end
    end

-    context "updating :prevent_sharing_groups_outside_hierarchy" do
-      let(:settings) { { prevent_sharing_groups_outside_hierarchy: true } }
+    describe 'validating settings param for root group' do
+      using RSpec::Parameterized::TableSyntax

-      context 'when user is a group owner' do
-        before do
-          group.add_owner(user)
-        end
-
-        it 'changes settings' do
-          expect { service.execute }
-            .to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy }
-            .from(false).to(true)
-        end
+      where(:setting_key, :setting_changes_from, :setting_changes_to) do
+        :prevent_sharing_groups_outside_hierarchy  | false | true
+        :new_user_signups_cap                      | nil   | 100
      end

-      context 'when user is not a group owner' do
-        before do
-          group.add_maintainer(user)
+      with_them do
+        let(:settings) do
+          { setting_key => setting_changes_to }
        end

-        it 'does not change settings' do
-          expect { service.execute }.not_to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy }
-        end
+        context 'when user is not a group owner' do
+          before do
+            group.add_maintainer(user)
+          end

-        it 'returns the group owner error' do
-          service.execute
+          it 'does not change settings' do
+            expect { service.execute }.not_to change { group.namespace_settings.public_send(setting_key) }
+          end
+
+          it 'returns the group owner error' do
+            service.execute

-          expect(group.namespace_settings.errors.messages[:prevent_sharing_groups_outside_hierarchy]).to include('can only be changed by a group admin.')
+            expect(group.namespace_settings.errors.messages[setting_key]).to include('can only be changed by a group admin.')
+          end
        end
-      end

-      context 'with a subgroup' do
-        let(:subgroup) { create(:group, parent: group) }
+        context 'with a subgroup' do
+          let(:subgroup) { create(:group, parent: group) }

-        before do
-          group.add_owner(user)
-        end
+          before do
+            group.add_owner(user)
+          end
+
+          it 'does not change settings' do
+            service = described_class.new(user, subgroup, settings)

-        it 'does not change settings' do
-          service = described_class.new(user, subgroup, settings)
+            expect { service.execute }.not_to change { group.namespace_settings.public_send(setting_key) }
+
+            expect(subgroup.namespace_settings.errors.messages[setting_key]).to include('only available on top-level groups.')
+          end
+        end

-          expect { service.execute }.not_to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy }
+        context 'when user is a group owner' do
+          before do
+            group.add_owner(user)
+          end

-          expect(subgroup.namespace_settings.errors.messages[:prevent_sharing_groups_outside_hierarchy]).to include('only available on top-level groups.')
+          it 'changes settings' do
+            expect { service.execute }
+              .to change { group.namespace_settings.public_send(setting_key) }
+              .from(setting_changes_from).to(setting_changes_to)
+          end
        end
      end
    end