Skip to content

G
gitlab-ce
Commit ec4c5d6d authored by Jason Goodman's avatar Jason Goodman Committed by Nikola Milojevic
Browse files
Options

Add prevent_sharing_groups_outside_hierarchy to GET and PUT API

parent 9df0d972
Hide whitespace changes
Inline Side-by-side
Showing with 93 additions and 25 deletions
app/services/namespace_settings/update_service.rb
View file @ ec4c5d6d
......@@ -41,6 +41,11 @@ module NamespaceSettings
settings_params.delete(:prevent_sharing_groups_outside_hierarchy)
group.namespace_settings.errors.add(:prevent_sharing_groups_outside_hierarchy, _('can only be changed by a group admin.'))
end
unless group.root?
settings_params.delete(:prevent_sharing_groups_outside_hierarchy)
group.namespace_settings.errors.add(:prevent_sharing_groups_outside_hierarchy, _('only available on top-level groups.'))
end
end
end
end
......
doc/api/groups.md
View file @ ec4c5d6d
......@@ -535,6 +535,7 @@ Example response:
"expires_at": null
}
],
"prevent_sharing_groups_outside_hierarchy": false,
"projects": [ // Deprecated and will be removed in API v5
{
"id": 7,
......@@ -673,6 +674,8 @@ Example response:
}
```
The `prevent_sharing_groups_outside_hierarchy` attribute is present only on top-level groups.
Users of [GitLab Premium or higher](https://about.gitlab.com/pricing/) also see
the `shared_runners_minutes_limit` and `extra_shared_runners_minutes_limit` parameters:
......@@ -851,31 +854,32 @@ Updates the project group. Only available to group owners and administrators.
PUT /groups/:id
```
| Attribute | Type | Required | Description |
| ------------------------------------ | ------- | -------- | ----------- |
| `id` | integer | yes | The ID of the group. |
| `name` | string | no | The name of the group. |
| `path` | string | no | The path of the group. |
| `description` | string | no | The description of the group. |
| `membership_lock` | boolean | no | **(PREMIUM)** Prevent adding new members to project membership within this group. |
| `share_with_group_lock` | boolean | no | Prevent sharing a project with another group within this group. |
| `visibility` | string | no | The visibility level of the group. Can be `private`, `internal`, or `public`. |
| `require_two_factor_authentication` | boolean | no | Require all users in this group to setup Two-factor authentication. |
| `two_factor_grace_period` | integer | no | Time before Two-factor authentication is enforced (in hours). |
| `project_creation_level` | string | no | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). |
| `auto_devops_enabled` | boolean | no | Default to Auto DevOps pipeline for all projects within this group. |
| `subgroup_creation_level` | string | no | Allowed to [create subgroups](../user/group/subgroups/index.md#creating-a-subgroup). Can be `owner` (Owners), or `maintainer` (Maintainers). |
| `emails_disabled` | boolean | no | Disable email notifications |
| `avatar` | mixed | no | Image file for avatar of the group. [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/-/issues/36681) |
| `mentions_disabled` | boolean | no | Disable the capability of a group from getting mentioned |
| `lfs_enabled` (optional) | boolean | no | Enable/disable Large File Storage (LFS) for the projects in this group. |
| `request_access_enabled` | boolean | no | Allow users to request member access. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). |
| `file_template_project_id` | integer | no | **(PREMIUM)** The ID of a project to load custom file templates from. |
| `shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `extra_shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
| `prevent_forking_outside_group` | boolean | no | **(PREMIUM)** When enabled, users can **not** fork projects from this group to external namespaces
| `shared_runners_setting` | string | no | See [Options for `shared_runners_setting`](#options-for-shared_runners_setting). Enable or disable shared runners for a group's subgroups and projects. |
| Attribute | Type | Required | Description |
| ------------------------------------------ | ------- | -------- | ----------- |
| `id` | integer | yes | The ID of the group. |
| `name` | string | no | The name of the group. |
| `path` | string | no | The path of the group. |
| `description` | string | no | The description of the group. |
| `membership_lock` | boolean | no | **(PREMIUM)** Prevent adding new members to project membership within this group. |
| `share_with_group_lock` | boolean | no | Prevent sharing a project with another group within this group. |
| `visibility` | string | no | The visibility level of the group. Can be `private`, `internal`, or `public`. |
| `require_two_factor_authentication` | boolean | no | Require all users in this group to setup Two-factor authentication. |
| `two_factor_grace_period` | integer | no | Time before Two-factor authentication is enforced (in hours). |
| `project_creation_level` | string | no | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). |
| `auto_devops_enabled` | boolean | no | Default to Auto DevOps pipeline for all projects within this group. |
| `subgroup_creation_level` | string | no | Allowed to [create subgroups](../user/group/subgroups/index.md#creating-a-subgroup). Can be `owner` (Owners), or `maintainer` (Maintainers). |
| `emails_disabled` | boolean | no | Disable email notifications |
| `avatar` | mixed | no | Image file for avatar of the group. [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/-/issues/36681) |
| `mentions_disabled` | boolean | no | Disable the capability of a group from getting mentioned |
| `lfs_enabled` (optional) | boolean | no | Enable/disable Large File Storage (LFS) for the projects in this group. |
| `request_access_enabled` | boolean | no | Allow users to request member access. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). |
| `file_template_project_id` | integer | no | **(PREMIUM)** The ID of a project to load custom file templates from. |
| `shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `extra_shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
| `prevent_forking_outside_group` | boolean | no | **(PREMIUM)** When enabled, users can **not** fork projects from this group to external namespaces
| `shared_runners_setting` | string | no | See [Options for `shared_runners_setting`](#options-for-shared_runners_setting). Enable or disable shared runners for a group's subgroups and projects. |
| `prevent_sharing_groups_outside_hierarchy` | boolean | no | See [Prevent group sharing outside the group hierarchy](../user/group/index.md#prevent-group-sharing-outside-the-group-hierarchy). This attribute is only available on top-level groups. [Introduced in GitLab 14.1](https://gitlab.com/gitlab-org/gitlab/-/issues/333721) |
NOTE:
The `projects` and `shared_projects` attributes in the response are deprecated and [scheduled for removal in API v5](https://gitlab.com/gitlab-org/gitlab/-/issues/213797).
......@@ -910,6 +914,7 @@ Example response:
"file_template_project_id": 1,
"parent_id": null,
"created_at": "2020-01-15T12:36:29.590Z",
"prevent_sharing_groups_outside_hierarchy": false,
"projects": [ // Deprecated and will be removed in API v5
{
"id": 9,
......@@ -954,6 +959,8 @@ Example response:
}
```
The `prevent_sharing_groups_outside_hierarchy` attribute is present in the response only for top-level groups.
### Disable the results limit **(FREE SELF)**
The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
......
lib/api/entities/group_detail.rb
View file @ ec4c5d6d
......@@ -7,6 +7,7 @@ module API
SharedGroupWithGroup.represent(group.shared_with_group_links.public_or_visible_to_user(group, options[:current_user]))
end
expose :runners_token, if: lambda { |group, options| options[:user_can_admin_group] }
expose :prevent_sharing_groups_outside_hierarchy, if: ->(group) { group.root? }
expose :projects, using: Entities::Project do |group, options|
projects = GroupProjectsFinder.new(
......
lib/api/groups.rb
View file @ ec4c5d6d
......@@ -215,6 +215,7 @@ module API
optional :name, type: String, desc: 'The name of the group'
optional :path, type: String, desc: 'The path of the group'
use :optional_params
use :optional_update_params
use :optional_update_params_ee
end
put ':id' do
......
lib/api/helpers/groups_helpers.rb
View file @ ec4c5d6d
......@@ -30,6 +30,10 @@ module API
params :optional_params_ee do
end
params :optional_update_params do
optional :prevent_sharing_groups_outside_hierarchy, type: Boolean, desc: 'Prevent sharing groups within this namespace with any groups outside the namespace. Only available on top-level groups.'
end
params :optional_update_params_ee do
end
......
locale/gitlab.pot
View file @ ec4c5d6d
......@@ -39087,6 +39087,9 @@ msgstr ""
msgid "on track"
msgstr ""
msgid "only available on top-level groups."
msgstr ""
msgid "open issue"
msgstr ""
......
spec/lib/api/entities/group_detail_spec.rb 0 → 100644
View file @ ec4c5d6d
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::Entities::GroupDetail do
describe '#as_json' do
it 'includes prevent_sharing_groups_outside_hierarchy for a root group' do
group = create(:group)
expect(described_class.new(group).as_json).to include(prevent_sharing_groups_outside_hierarchy: false)
end
it 'excludes prevent_sharing_groups_outside_hierarchy for a subgroup' do
subgroup = build(:group, :nested)
expect(described_class.new(subgroup).as_json.keys).not_to include(:prevent_sharing_groups_outside_hierarchy)
end
end
end
spec/requests/api/groups_spec.rb
View file @ ec4c5d6d
......@@ -490,6 +490,7 @@ RSpec.describe API::Groups do
expect(json_response['visibility']).to eq(Gitlab::VisibilityLevel.string_level(group1.visibility_level))
expect(json_response['avatar_url']).to eq(group1.avatar_url(only_path: false))
expect(json_response['share_with_group_lock']).to eq(group1.share_with_group_lock)
expect(json_response['prevent_sharing_groups_outside_hierarchy']).to eq(group2.namespace_settings.prevent_sharing_groups_outside_hierarchy)
expect(json_response['require_two_factor_authentication']).to eq(group1.require_two_factor_authentication)
expect(json_response['two_factor_grace_period']).to eq(group1.two_factor_grace_period)
expect(json_response['auto_devops_enabled']).to eq(group1.auto_devops_enabled)
......@@ -700,6 +701,7 @@ RSpec.describe API::Groups do
project_creation_level: "noone",
subgroup_creation_level: "maintainer",
default_branch_protection: ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS,
prevent_sharing_groups_outside_hierarchy: true,
avatar: fixture_file_upload(file_path)
}
......@@ -724,6 +726,7 @@ RSpec.describe API::Groups do
expect(json_response['shared_projects'].length).to eq(0)
expect(json_response['default_branch_protection']).to eq(::Gitlab::Access::MAINTAINER_PROJECT_ACCESS)
expect(json_response['avatar_url']).to end_with('dk.png')
expect(json_response['prevent_sharing_groups_outside_hierarchy']).to eq(true)
end
context 'updating the `default_branch_protection` attribute' do
......@@ -794,6 +797,15 @@ RSpec.describe API::Groups do
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['message']['visibility_level']).to contain_exactly('private is not allowed since there are sub-groups with higher visibility.')
end
it 'does not update prevent_sharing_groups_outside_hierarchy' do
put api("/groups/#{subgroup.id}", user3), params: { description: 'it works', prevent_sharing_groups_outside_hierarchy: true }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response.keys).not_to include('prevent_sharing_groups_outside_hierarchy')
expect(subgroup.reload.prevent_sharing_groups_outside_hierarchy).to eq(false)
expect(json_response['description']).to eq('it works')
end
end
end
......
spec/services/namespace_settings/update_service_spec.rb
View file @ ec4c5d6d
......@@ -106,6 +106,22 @@ RSpec.describe NamespaceSettings::UpdateService do
expect(group.namespace_settings.errors.messages[:prevent_sharing_groups_outside_hierarchy]).to include('can only be changed by a group admin.')
end
end
context 'with a subgroup' do
let(:subgroup) { create(:group, parent: group) }
before do
group.add_owner(user)
end
it 'does not change settings' do
service = described_class.new(user, subgroup, settings)
expect { service.execute }.not_to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy }
expect(subgroup.namespace_settings.errors.messages[:prevent_sharing_groups_outside_hierarchy]).to include('only available on top-level groups.')
end
end
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7