Merge branch 'vij-add-minimal-access-to-highest-role' into 'master'

Allow minimal access value for UserHighestRole [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!71814

Merge branch 'vij-add-minimal-access-to-highest-role' into 'master'
Allow minimal access value for UserHighestRole [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!71814
50b832bb · Etienne Baqué · b4fa586b · a1165f69 · 50b832bb · 50b832bb
Commit 50b832bb authored Oct 07, 2021 by Etienne Baqué
4 changed files
--- a/app/models/user_highest_role.rb
+++ b/app/models/user_highest_role.rb
@@ -3,7 +3,13 @@
 class UserHighestRole < ApplicationRecord
  belongs_to :user, optional: false

-  validates :highest_access_level, allow_nil: true, inclusion: { in: Gitlab::Access.all_values }
+  validates :highest_access_level, allow_nil: true, inclusion: { in: ->(_) { self.allowed_values } }

  scope :with_highest_access_level, -> (highest_access_level) { where(highest_access_level: highest_access_level) }
+
+  def self.allowed_values
+    Gitlab::Access.all_values
+  end
 end
+
+UserHighestRole.prepend_mod
--- a/ee/app/models/ee/user_highest_role.rb
+++ b/ee/app/models/ee/user_highest_role.rb
+# frozen_string_literal: true
+
+module EE
+  module UserHighestRole
+    extend ActiveSupport::Concern
+
+    class_methods do
+      extend ::Gitlab::Utils::Override
+
+      override :allowed_values
+      def allowed_values
+        ::Gitlab::Access.values_with_minimal_access
+      end
+    end
+  end
+end
--- a/ee/spec/models/ee/user_highest_role_spec.rb
+++ b/ee/spec/models/ee/user_highest_role_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe UserHighestRole do
+  describe 'validations' do
+    it { is_expected.to validate_inclusion_of(:highest_access_level).in_array([nil, *Gitlab::Access.values_with_minimal_access]) }
+  end
+end
--- a/ee/spec/services/users/update_highest_member_role_service_spec.rb
+++ b/ee/spec/services/users/update_highest_member_role_service_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Users::UpdateHighestMemberRoleService do
+  let_it_be(:user) { create(:user) }
+
+  subject(:execute_service) { described_class.new(user).execute }
+
+  describe '#execute' do
+    context 'with an EE-only access level' do
+      before do
+        allow(user).to receive(:current_highest_access_level).and_return(Gitlab::Access::MINIMAL_ACCESS)
+      end
+
+      it 'updates the highest access level' do
+        user_highest_role = create(:user_highest_role, :guest, user: user)
+
+        expect { execute_service }
+          .to change { user_highest_role.reload.highest_access_level }
+          .from(Gitlab::Access::GUEST)
+          .to(Gitlab::Access::MINIMAL_ACCESS)
+      end
+    end
+  end
+end