Merge branch...

Merge branch '352450-group-level-protected-environments-do-not-support-invited-groups' into 'master' Add Invited Groups Support to Protected Environments See merge request gitlab-org/gitlab!81029

Merge branch...
Merge branch '352450-group-level-protected-environments-do-not-support-invited-groups' into 'master' Add Invited Groups Support to Protected Environments See merge request gitlab-org/gitlab!81029
7f5f4509 · Shinya Maeda · 325d8e8b · 6f73dec2 · 7f5f4509 · 7f5f4509
Commit 7f5f4509 authored Mar 08, 2022 by Shinya Maeda
3 changed files
--- a/ee/app/services/protected_environments/base_service.rb
+++ b/ee/app/services/protected_environments/base_service.rb
@@ -43,7 +43,8 @@ module ProtectedEnvironments
        if project_container?
          container.invited_groups
        elsif group_container?
-          container.self_and_descendants
+          Group.from_union([container.self_and_descendants,
+                            container.shared_with_groups])
        end.pluck_primary_key.to_set
      end
    end

--- a/ee/spec/requests/api/protected_environments_spec.rb
+++ b/ee/spec/requests/api/protected_environments_spec.rb
@@ -256,6 +256,18 @@ RSpec.describe API::ProtectedEnvironments do
        expect(json_response['deploy_access_levels'].first['group_id']).to eq(subgroup.id)
      end

+      it 'protects the environment with shared group allowed to deploy' do
+        shared_group = create(:group)
+        create(:group_group_link, shared_group: group, shared_with_group: shared_group)
+
+        post api_url, params: { name: 'staging', deploy_access_levels: [{ group_id: shared_group.id }] }
+
+        expect(response).to have_gitlab_http_status(:created)
+        expect(response).to match_response_schema('public_api/v4/protected_environment', dir: 'ee')
+        expect(json_response['name']).to eq('staging')
+        expect(json_response['deploy_access_levels'].first['group_id']).to eq(shared_group.id)
+      end
+
      it 'protects the environment with maintainers allowed to deploy' do
        post api_url, params: { name: 'staging', deploy_access_levels: [{ access_level: Gitlab::Access::MAINTAINER }] }


--- a/ee/spec/services/protected_environments/base_service_spec.rb
+++ b/ee/spec/services/protected_environments/base_service_spec.rb
@@ -39,6 +39,29 @@ RSpec.describe ProtectedEnvironments::BaseService, '#execute' do
          )
        end

+        context 'with invited groups' do
+          let_it_be(:linked_group) { create(:group) }
+          let_it_be(:group_link) { create(:group_group_link, shared_group: group, shared_with_group: linked_group) }
+
+          let(:params) do
+            {
+              deploy_access_levels_attributes: [
+                { group_id: group.id },
+                { group_id: linked_group.id }
+              ]
+            }
+          end
+
+          it 'includes invited groups' do
+            is_expected.to eq(
+              deploy_access_levels_attributes: [
+               { group_id: group.id },
+               { group_id: linked_group.id }
+              ]
+            )
+          end
+        end
+
        context 'with delete flag' do
          let(:params) do
            {
@@ -94,7 +117,7 @@ RSpec.describe ProtectedEnvironments::BaseService, '#execute' do
          )
        end

-        context 'with delte flag' do
+        context 'with delete flag' do
          let(:params) do
            {
              deploy_access_levels_attributes: [