Commit bea8f1f0 authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch...

Merge branch 'delete-personal-access-tokens-when-transfering-project-to-a-free-namespace' into 'master'

Delete PATs when transfering project to a free group  [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!65803
parents 381ce090 6e311075
......@@ -89,6 +89,8 @@ module Projects
update_integrations
remove_paid_features
project.old_path_with_namespace = @old_path
update_repository_configuration(@new_path)
......@@ -109,6 +111,10 @@ module Projects
move_pages(project)
end
# Overridden in EE
def remove_paid_features
end
def transfer_missing_group_resources(group)
Labels::TransferService.new(current_user, group, project).execute
......
......@@ -45,6 +45,20 @@ module EE
::Elastic::ProcessInitialBookkeepingService.backfill_projects!(project) if project.maintaining_elasticsearch?
end
end
override :remove_paid_features
def remove_paid_features
revoke_project_access_tokens
end
def revoke_project_access_tokens
return if new_namespace.feature_available_non_trial?(:resource_access_token)
PersonalAccessTokensFinder
.new(user: project.bots, impersonation: false)
.execute
.update_all(revoked: true)
end
end
end
end
......@@ -126,4 +126,52 @@ RSpec.describe Projects::TransferService do
end
end
end
describe 'project access tokens' do
let_it_be(:premium_group) { create(:group_with_plan, plan: :premium_plan) }
let_it_be(:free_group) { create(:group) }
before do
premium_group.add_owner(user)
free_group.add_owner(user)
ResourceAccessTokens::CreateService.new(user, project).execute
end
def revoked_tokens
PersonalAccessToken.without_impersonation.for_users(project.bots).revoked
end
context 'with a self managed instance' do
before do
stub_ee_application_setting(should_check_namespace_plan: false)
end
it 'does not revoke PATs' do
subject.execute(group)
expect { subject.execute(group) }.not_to change { revoked_tokens.count }
end
end
context 'with GL.com' do
before do
stub_ee_application_setting(should_check_namespace_plan: true)
end
context 'when target namespace has a premium plan' do
it 'does not revoke PATs' do
subject.execute(premium_group)
expect { subject.execute(group) }.not_to change { revoked_tokens.count }
end
end
context 'when target namespace has a free plan' do
it 'revoke PATs' do
expect { subject.execute(free_group) }.to change { revoked_tokens.count }.from(0).to(1)
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment