Allow project members who are owners permissions

Changelog: fixed

Allow project members who are owners permissions
Changelog: fixed
c35277ca · Sean Arnold · e3a22f2d · c35277ca · c35277ca · c35277ca
Commit c35277ca authored Apr 21, 2021 by Sean Arnold
3 changed files
--- a/app/policies/project_member_policy.rb
+++ b/app/policies/project_member_policy.rb
@@ -8,7 +8,11 @@ class ProjectMemberPolicy < BasePolicy
  condition(:project_bot) { @subject.user&.project_bot? }

  rule { anonymous }.prevent_all
-  rule { target_is_owner }.prevent_all
+
+  rule { target_is_owner }.policy do
+    prevent :update_project_member
+    prevent :destroy_project_member
+  end

  rule { ~project_bot & can?(:admin_project_member) }.policy do
    enable :update_project_member

--- a/changelogs/unreleased/327814-allow-project-owner-as-member.yml
+++ b/changelogs/unreleased/327814-allow-project-owner-as-member.yml
+---
+title: Fix restrictive permissions for ProjectMembers who are owners
+merge_request: 59844
+author:
+type: fixed
--- a/spec/policies/project_member_policy_spec.rb
+++ b/spec/policies/project_member_policy_spec.rb
@@ -16,12 +16,22 @@ RSpec.describe ProjectMemberPolicy do
  context 'with regular member' do
    let(:member_user) { create(:user) }

+    it { is_expected.to be_allowed(:read_project) }
    it { is_expected.to be_allowed(:update_project_member) }
    it { is_expected.to be_allowed(:destroy_project_member) }

    it { is_expected.not_to be_allowed(:destroy_project_bot_member) }
  end

+  context 'when user is project owner' do
+    let(:member_user) { project.owner }
+    let(:member) { project.members.find_by!(user: member_user) }
+
+    it { is_expected.to be_allowed(:read_project) }
+    it { is_expected.to be_disallowed(:update_project_member) }
+    it { is_expected.to be_disallowed(:destroy_project_member) }
+  end
+
  context 'with a bot member' do
    let(:member_user) { create(:user, :project_bot) }