Merge branch 'if-198480-share_groups_with_groups_fix_owner_access' into 'master'

Allow Owner access level when sharing groups with groups Closes #198480 See merge request gitlab-org/gitlab!23868

Merge branch 'if-198480-share_groups_with_groups_fix_owner_access' into 'master'
Allow Owner access level when sharing groups with groups Closes #198480 See merge request gitlab-org/gitlab!23868
d9803754 · Thong Kuah · 147f7dee · 75ed9e7e · d9803754 · d9803754
Commit d9803754 authored Feb 02, 2020 by Thong Kuah
4 changed files
--- a/app/models/group_group_link.rb
+++ b/app/models/group_group_link.rb
@@ -10,11 +10,11 @@ class GroupGroupLink < ApplicationRecord
  validates :shared_group_id, uniqueness: { scope: [:shared_with_group_id],
                                            message: _('The group has already been shared with this group') }
  validates :shared_with_group, presence: true
-  validates :group_access, inclusion: { in: Gitlab::Access.values },
+  validates :group_access, inclusion: { in: Gitlab::Access.all_values },
                           presence: true

  def self.access_options
-    Gitlab::Access.options
+    Gitlab::Access.options_with_owner
  end

  def self.default_access

--- a/app/views/shared/members/_group.html.haml
+++ b/app/views/shared/members/_group.html.haml
@@ -31,7 +31,7 @@
          = dropdown_title(_("Change permissions"))
          .dropdown-content
            %ul
-              - Gitlab::Access.options.each do |role, role_id|
+              - Gitlab::Access.options_with_owner.each do |role, role_id|
                %li
                  = link_to role, '#',
                    class: ("is-active" if group_link.group_access == role_id),

--- a/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml
+++ b/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml
+---
+title: Allow Owner access level for sharing groups with groups
+merge_request: 23868
+author:
+type: fixed
--- a/spec/controllers/groups/group_links_controller_spec.rb
+++ b/spec/controllers/groups/group_links_controller_spec.rb
@@ -13,12 +13,30 @@ describe Groups::GroupLinksController do

  describe '#create' do
    let(:shared_with_group_id) { shared_with_group.id }
+    let(:shared_group_access) { GroupGroupLink.default_access }

    subject do
      post(:create,
           params: { group_id: shared_group,
                     shared_with_group_id: shared_with_group_id,
-                     shared_group_access: GroupGroupLink.default_access })
+                     shared_group_access: shared_group_access })
+    end
+
+    shared_examples 'creates group group link' do
+      it 'links group with selected group' do
+        expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
+      end
+
+      it 'redirects to group links page' do
+        subject
+
+        expect(response).to(redirect_to(group_group_members_path(shared_group)))
+      end
+
+      it 'allows access for group member' do
+        expect { subject }.to(
+          change { group_member.can?(:read_group, shared_group) }.from(false).to(true))
+      end
    end

    context 'when user has correct access to both groups' do
@@ -31,18 +49,19 @@ describe Groups::GroupLinksController do
        shared_with_group.add_developer(group_member)
      end

-      it 'links group with selected group' do
-        expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
+      context 'when default access level is requested' do
+        include_examples 'creates group group link'
      end

-      it 'redirects to group links page' do
-        subject
+      context 'when owner access is requested' do
+        let(:shared_group_access) { Gitlab::Access::OWNER }

-        expect(response).to(redirect_to(group_group_members_path(shared_group)))
-      end
+        include_examples 'creates group group link'

-      it 'allows access for group member' do
-        expect { subject }.to change { group_member.can?(:read_group, shared_group) }.from(false).to(true)
+        it 'allows admin access for group member' do
+          expect { subject }.to(
+            change { group_member.can?(:admin_group, shared_group) }.from(false).to(true))
+        end
      end

      context 'when shared with group id is not present' do