Commit b9f09018 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'fix_stale_owner2' into 'master'

Prevent stale data in LDAP group sync last owner check

Representing https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/529

Fixes gitlab-org/gitlab-ce#17764

Turns out that switching to an AR association has resolved the issue. However, a merge problem from CE to EE caused the owners method to not be removed so it took precedence over the association. This removes that method and adds a test to ensure we don't have stale owner data in the future. 

See merge request !531
parents cf341333 3bd3c93b
...@@ -104,10 +104,6 @@ class Group < Namespace ...@@ -104,10 +104,6 @@ class Group < Namespace
end end
end end
def owners
@owners ||= group_members.owners.includes(:user).map(&:user)
end
def add_users(user_ids, access_level, current_user = nil, skip_notification: false) def add_users(user_ids, access_level, current_user = nil, skip_notification: false)
user_ids.each do |user_id| user_ids.each do |user_id|
Member.add_user(self.group_members, user_id, access_level, current_user, skip_notification: skip_notification) Member.add_user(self.group_members, user_id, access_level, current_user, skip_notification: skip_notification)
......
...@@ -160,18 +160,17 @@ describe Gitlab::LDAP::GroupSync, lib: true do ...@@ -160,18 +160,17 @@ describe Gitlab::LDAP::GroupSync, lib: true do
group_access: Gitlab::Access::DEVELOPER, group_access: Gitlab::Access::DEVELOPER,
provider: 'ldapmain' provider: 'ldapmain'
) )
group1.add_users([user1.id],
group1.add_users([user1.id, user2.id],
Gitlab::Access::OWNER, skip_notification: true) Gitlab::Access::OWNER, skip_notification: true)
end end
it 'refuses to downgrade the last owner' do # Check two users in a loop to uncover any stale group owner data
expect { group_sync.sync_groups } it 'downgrades one user but not the other' do
.not_to change { group_sync.sync_groups
group1.members.where(
user_id: user1.id, expect(group1.members.pluck(:access_level).sort)
access_level: Gitlab::Access::OWNER .to eq([Gitlab::Access::DEVELOPER, Gitlab::Access::OWNER])
).any?
}
end end
context 'when user is a member of two groups from different providers' do context 'when user is a member of two groups from different providers' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment