Update auth spec

ce789a64 · Serena Fang · a33ec9fe · ce789a64 · ce789a64
Commit ce789a64 authored Jul 09, 2021 by Serena Fang
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 23 deletions

lib/gitlab/auth.rb lib/gitlab/auth.rb +3 -3

spec/lib/gitlab/auth_spec.rb spec/lib/gitlab/auth_spec.rb +21 -20

No files found.
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -203,10 +203,10 @@ module Gitlab
        if project && token.user.project_bot? && !project.bots.include?(token.user)
          return unless project.group

-          group_ids = project.group.self_and_ancestors.pluck(:id)
-          user_groups = token.user.groups.pluck(:id)
+          group_ancestor_ids = project.group.self_and_ancestors.pluck(:id)
+          user_group_ids = token.user.groups.pluck(:id)

-          return if (group_ids & user_groups).empty?
+          return if (group_ancestor_ids & user_group_ids).empty?
        end

        if can_user_login_with_non_expired_password?(token.user) || token.user.project_bot?

--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -406,38 +406,39 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
          it_behaves_like 'with an invalid access token'
        end

-        context 'when using a group namespace project access token' do
+        context 'when in a group namespace' do
          let_it_be(:group) { create(:group) }
          let_it_be(:project) { create(:project, group: group) }
-          let_it_be(:project_bot_user) { create(:user, :project_bot) }
-          let_it_be(:access_token) { create(:personal_access_token, user: project_bot_user) }

-          context 'when the token belongs to the project' do
-            before do
-              project.add_maintainer(project_bot_user)
+          context 'when using a project access token' do
+            let_it_be(:project_bot_user) { create(:user, :project_bot) }
+            let_it_be(:access_token) { create(:personal_access_token, user: project_bot_user) }
+
+            context 'when token user belongs to the project' do
+              before do
+                project.add_maintainer(project_bot_user)
+              end
+
+              it_behaves_like 'with a valid access token'
            end

-            it_behaves_like 'with a valid access token'
+            it_behaves_like 'with an invalid access token'
          end

-          it_behaves_like 'with an invalid access token'
-        end
+          context 'when using a group access token' do
+            let_it_be(:project_bot_user) { create(:user, name: 'Group token bot', email: "group_#{group.id}_bot@example.com", username: "group_#{group.id}_bot", user_type: :project_bot) }
+            let_it_be(:access_token) { create(:personal_access_token, user: project_bot_user) }

-        context 'when using a group access token' do
-          let_it_be(:group) { create(:group) }
-          let_it_be(:project) { create(:project, group: group) }
-          let_it_be(:project_bot_user) { create(:user, name: 'Group token bot', email: "group_#{group.id}_bot@example.com", username: "group_#{group.id}_bot", user_type: 'project_bot'.to_sym) }
-          let_it_be(:access_token) { create(:personal_access_token, user: project_bot_user) }
+            context 'when the token belongs to the group' do
+              before do
+                group.add_maintainer(project_bot_user)
+              end

-          context 'when the token belongs to the group' do
-            before do
-              group.add_maintainer(project_bot_user)
+              it_behaves_like 'with a valid access token'
            end

-            it_behaves_like 'with a valid access token'
+            it_behaves_like 'with an invalid access token'
          end
-
-          it_behaves_like 'with an invalid access token'
        end
      end
    end