Commit de8b4f0b authored by Stan Hu's avatar Stan Hu

Merge branch 'dblessing_saml_group_sync_ultimate' into 'master'

Create Group SAML Group Sync as a Gold subscription feature

See merge request gitlab-org/gitlab!46490
parents 41a06e7f 756c0a0a
......@@ -139,6 +139,7 @@ class License < ApplicationRecord
personal_access_token_api_management
personal_access_token_expiration_policy
enforce_pat_expiration
group_saml_group_sync
prometheus_alerts
pseudonymizer
release_evidence_test_artifacts
......
......@@ -81,6 +81,10 @@ module EE
@subject.saml_enabled?
end
condition(:group_saml_group_sync_available, scope: :subject) do
@subject.feature_available?(:group_saml_group_sync)
end
condition(:group_timelogs_available) do
@subject.feature_available?(:group_timelogs)
end
......@@ -208,7 +212,9 @@ module EE
rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml
rule { group_saml_enabled & can?(:admin_group_saml) }.enable :admin_saml_group_links
rule { group_saml_group_sync_available & group_saml_enabled & can?(:admin_group_saml) }.policy do
enable :admin_saml_group_links
end
rule { admin | (can_owners_manage_ldap & owner) }.policy do
enable :admin_ldap_group_links
......
......@@ -11,7 +11,7 @@ RSpec.describe Groups::SamlGroupLinksController do
end
before do
stub_licensed_features(group_saml: true)
stub_licensed_features(group_saml: true, group_saml_group_sync: true)
stub_feature_flags(saml_group_links: true)
sign_in(user)
......
......@@ -13,7 +13,7 @@ RSpec.describe 'SAML group links' do
context 'when SAML group links is available' do
before do
stub_licensed_features(group_saml: true)
stub_licensed_features(group_saml: true, group_saml_group_sync: true)
stub_feature_flags(saml_group_links: true)
create(:saml_provider, group: group, enabled: true)
......
......@@ -327,48 +327,77 @@ RSpec.describe GroupPolicy do
stub_licensed_features(group_saml: true)
end
context 'without an enabled SAML provider' do
context 'maintainer' do
let(:current_user) { maintainer }
context 'when group_saml_group_sync is not licensed' do
context 'with an enabled SAML provider' do
let_it_be(:saml_provider) { create(:saml_provider, group: group, enabled: true) }
it { is_expected.to be_disallowed(:admin_group_saml) }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
context 'owner' do
let(:current_user) { owner }
context 'owner' do
let(:current_user) { owner }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
it { is_expected.to be_allowed(:admin_group_saml) }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
context 'admin' do
let(:current_user) { admin }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
end
end
context 'admin' do
let(:current_user) { admin }
context 'when group_saml_group_sync is licensed' do
before do
stub_application_setting(check_namespace_plan: true)
end
it { is_expected.to be_allowed(:admin_group_saml) }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
before_all do
create(:license, plan: License::ULTIMATE_PLAN)
create(:gitlab_subscription, :gold, namespace: group)
end
end
context 'with an enabled SAML provider' do
let_it_be(:saml_provider) { create(:saml_provider, group: group, enabled: true) }
context 'without an enabled SAML provider' do
context 'maintainer' do
let(:current_user) { maintainer }
context 'maintainer' do
let(:current_user) { maintainer }
it { is_expected.to be_disallowed(:admin_group_saml) }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
context 'owner' do
let(:current_user) { owner }
context 'owner' do
let(:current_user) { owner }
it { is_expected.to be_allowed(:admin_group_saml) }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
context 'admin' do
let(:current_user) { admin }
it { is_expected.to be_allowed(:admin_saml_group_links) }
it { is_expected.to be_allowed(:admin_group_saml) }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
end
context 'admin' do
let(:current_user) { admin }
context 'with an enabled SAML provider' do
let_it_be(:saml_provider) { create(:saml_provider, group: group, enabled: true) }
context 'maintainer' do
let(:current_user) { maintainer }
it { is_expected.to be_disallowed(:admin_saml_group_links) }
end
it { is_expected.to be_allowed(:admin_saml_group_links) }
context 'owner' do
let(:current_user) { owner }
it { is_expected.to be_allowed(:admin_saml_group_links) }
end
context 'admin' do
let(:current_user) { admin }
it { is_expected.to be_allowed(:admin_saml_group_links) }
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment