Prepare for backport

632ee618 · Douwe Maan · 61a1d1fc · 632ee618 · 632ee618 · 632ee618
Commit 632ee618 authored Feb 06, 2017 by Douwe Maan
6 changed files
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -175,7 +175,7 @@ class Admin::UsersController < Admin::ApplicationController
  def user_params_ce
    [
-      :admin,
+      :access_level,
      :avatar,
      :bio,
      :can_create_group,
@@ -203,8 +203,7 @@ class Admin::UsersController < Admin::ApplicationController
  def user_params_ee
    [
-      :note,
+      :note
-      :access_level
    ]
  end
 end
--- a/app/models/ee/user.rb
+++ b/app/models/ee/user.rb
@@ -36,23 +36,5 @@ module EE
    def admin_or_auditor?
      admin? || auditor?
    end
-    def access_level
-      if admin?
-        :admin
-      elsif auditor?
-        :auditor
-      else
-        :regular
-      end
-    end
-    def access_level=(new_level)
-      new_level = new_level.to_s
-      return unless %w(admin auditor regular).include?(new_level)
-      self.admin = (new_level == 'admin')
-      self.auditor = (new_level == 'auditor')
-    end
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -934,6 +934,24 @@ class User < ActiveRecord::Base
    Gitlab::UserActivities::ActivitySet.record(self)
  end
+  def access_level
+    if admin?
+      :admin
+    elsif auditor?
+      :auditor
+    else
+      :regular
+    end
+  end
+  def access_level=(new_level)
+    new_level = new_level.to_s
+    return unless %w(admin auditor regular).include?(new_level)
+    self.admin = (new_level == 'admin')
+    self.auditor = (new_level == 'auditor')
+  end
  private
  def ci_projects_union

--- a/app/views/admin/users/_access_levels_ee.html.haml
+++ b/app/views/admin/users/_access_levels_ee.html.haml
@@ -11,22 +11,29 @@
  .form-group
    = f.label :access_level, class: 'control-label'
    .col-sm-10
-      = f.radio_button :access_level, :regular, disabled: (current_user == @user && @user.is_admin?)
+      - editing_current_user = (current_user == @user)
+      = f.radio_button :access_level, :regular, disabled: editing_current_user
      = label_tag :regular do
        Regular
      %p.light
        Regular users have access to their groups and projects
      - if license_allows_auditor_user?
-        = f.radio_button :access_level, :auditor, disabled: (current_user == @user && @user.is_admin?)
+        = f.radio_button :access_level, :auditor, disabled: editing_current_user
        = label_tag :auditor do
          Auditor
        %p.light
          Auditors have read-only access to all groups, projects and users
-      = f.radio_button :access_level, :admin
+      = f.radio_button :access_level, :admin, disabled: editing_current_user
      = label_tag :admin do
        Admin
      %p.light
        Administrators have access to all groups, projects and users and can manage all features in this installation
+      - if editing_current_user
+        %p.light
+          You cannot remove your own admin rights.
  .form-group
    = f.label :external, class: 'control-label'

--- a/app/views/admin/users/_form.html.haml
+++ b/app/views/admin/users/_form.html.haml
@@ -40,7 +40,7 @@
          = f.label :password_confirmation, class: 'control-label'
          .col-sm-10= f.password_field :password_confirmation, disabled: f.object.force_random_password, class: 'form-control'
-    = render partial: 'access_levels_ee', locals: { f: f }
+    = render partial: 'access_levels', locals: { f: f }
    %fieldset
      %legend Profile

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1493,6 +1493,83 @@ describe User, models: true do
    end
  end
+  describe '#access_level=' do
+    let(:user) { build(:user) }
+    before do
+      # `auditor?` returns true only when the user is an auditor _and_ the auditor license
+      # add-on is present. We aren't testing this here, so we can assume that the add-on exists.
+      allow_any_instance_of(License).to receive(:add_on?).with('GitLab_Auditor_User') { true }
+    end
+    it 'does nothing for an invalid access level' do
+      user.access_level = :invalid_access_level
+      expect(user.access_level).to eq(:regular)
+      expect(user.admin).to be false
+      expect(user.auditor).to be false
+    end
+    it "assigns the 'admin' access level" do
+      user.access_level = :admin
+      expect(user.access_level).to eq(:admin)
+      expect(user.admin).to be true
+      expect(user.auditor).to be false
+    end
+    it "assigns the 'auditor' access level" do
+      user.access_level = :auditor
+      expect(user.access_level).to eq(:auditor)
+      expect(user.admin).to be false
+      expect(user.auditor).to be true
+    end
+    it "assigns the 'auditor' access level" do
+      user.access_level = :regular
+      expect(user.access_level).to eq(:regular)
+      expect(user.admin).to be false
+      expect(user.auditor).to be false
+    end
+    it "clears the 'admin' access level when a user is made an auditor" do
+      user.access_level = :admin
+      user.access_level = :auditor
+      expect(user.access_level).to eq(:auditor)
+      expect(user.admin).to be false
+      expect(user.auditor).to be true
+    end
+    it "clears the 'auditor' access level when a user is made an admin" do
+      user.access_level = :auditor
+      user.access_level = :admin
+      expect(user.access_level).to eq(:admin)
+      expect(user.admin).to be true
+      expect(user.auditor).to be false
+    end
+    it "doesn't clear existing access levels when an invalid access level is passed in" do
+      user.access_level = :admin
+      user.access_level = :invalid_access_level
+      expect(user.access_level).to eq(:admin)
+      expect(user.admin).to be true
+      expect(user.auditor).to be false
+    end
+    it "accepts string values in addition to symbols" do
+      user.access_level = 'admin'
+      expect(user.access_level).to eq(:admin)
+      expect(user.admin).to be true
+      expect(user.auditor).to be false
+    end
+  end
  describe 'the GitLab_Auditor_User add-on' do
    let(:license) { build(:license) }
@@ -1551,82 +1628,5 @@ describe User, models: true do
        expect(build(:user)).not_to be_auditor
      end
    end
-    context 'access_level=' do
-      let(:user) { build(:user) }
-      before do
-        # `auditor?` returns true only when the user is an auditor _and_ the auditor license
-        # add-on is present. We aren't testing this here, so we can assume that the add-on exists.
-        allow_any_instance_of(License).to receive(:add_on?).with('GitLab_Auditor_User') { true }
-      end
-      it 'does nothing for an invalid access level' do
-        user.access_level = :invalid_access_level
-        expect(user.access_level).to eq(:regular)
-        expect(user.admin).to be false
-        expect(user.auditor).to be false
-      end
-      it "assigns the 'admin' access level" do
-        user.access_level = :admin
-        expect(user.access_level).to eq(:admin)
-        expect(user.admin).to be true
-        expect(user.auditor).to be false
-      end
-      it "assigns the 'auditor' access level" do
-        user.access_level = :auditor
-        expect(user.access_level).to eq(:auditor)
-        expect(user.admin).to be false
-        expect(user.auditor).to be true
-      end
-      it "assigns the 'auditor' access level" do
-        user.access_level = :regular
-        expect(user.access_level).to eq(:regular)
-        expect(user.admin).to be false
-        expect(user.auditor).to be false
-      end
-      it "clears the 'admin' access level when a user is made an auditor" do
-        user.access_level = :admin
-        user.access_level = :auditor
-        expect(user.access_level).to eq(:auditor)
-        expect(user.admin).to be false
-        expect(user.auditor).to be true
-      end
-      it "clears the 'auditor' access level when a user is made an admin" do
-        user.access_level = :auditor
-        user.access_level = :admin
-        expect(user.access_level).to eq(:admin)
-        expect(user.admin).to be true
-        expect(user.auditor).to be false
-      end
-      it "doesn't clear existing access levels when an invalid access level is passed in" do
-        user.access_level = :admin
-        user.access_level = :invalid_access_level
-        expect(user.access_level).to eq(:admin)
-        expect(user.admin).to be true
-        expect(user.auditor).to be false
-      end
-      it "accepts string values in addition to symbols" do
-        user.access_level = 'admin'
-        expect(user.access_level).to eq(:admin)
-        expect(user.admin).to be true
-        expect(user.auditor).to be false
-      end
-    end
  end
 end