Add Additional Minimal Access API Response Error Messages

Current return message does not tell the caller why the call failed. This change adds two additional messages to the returned error message. Changelog: changed EE: true Co-authored-by: Abdul Wadood <awadood@gitlab.com>

Add Additional Minimal Access API Response Error Messages
Current return message does not tell the caller why the call failed. This change adds two additional messages to the returned error message. Changelog: changed EE: true Co-authored-by: Abdul Wadood <awadood@gitlab.com>
f93424e8 · Abdul Wadood · Douglas Barbosa Alexandre · 550a2feb · f93424e8 · f93424e8
Commit f93424e8 authored Jan 11, 2022 by Abdul Wadood Committed by Douglas Barbosa Alexandre Jan 11, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 4 deletions

ee/app/models/ee/group_member.rb ee/app/models/ee/group_member.rb +5 -0

ee/spec/requests/api/members_spec.rb ee/spec/requests/api/members_spec.rb +18 -4

No files found.
--- a/ee/app/models/ee/group_member.rb
+++ b/ee/app/models/ee/group_member.rb
@@ -45,6 +45,11 @@ module EE
      return if access_level.in?(levels)

      errors.add(:access_level, "is not included in the list")
+
+      if access_level == ::Gitlab::Access::MINIMAL_ACCESS
+        errors.add(:access_level, "supported on top level groups only") if group.has_parent?
+        errors.add(:access_level, "not supported by license") unless group.feature_available?(:minimal_access_role)
+      end
    end

    override :post_create_hook

--- a/ee/spec/requests/api/members_spec.rb
+++ b/ee/spec/requests/api/members_spec.rb
@@ -7,11 +7,13 @@ RSpec.describe API::Members do

  context 'group members endpoints for group with minimal access feature' do
    let_it_be(:group) { create(:group) }
+    let_it_be(:subgroup) { create(:group, parent: group) }
    let_it_be(:minimal_access_member) { create(:group_member, :minimal_access, source: group) }
    let_it_be(:owner) { create(:user) }

    before do
      group.add_owner(owner)
+      subgroup.add_owner(owner)
    end

    describe "GET /groups/:id/members" do
@@ -41,21 +43,23 @@ RSpec.describe API::Members do
             params: { user_id: stranger.id, access_level: Member::MINIMAL_ACCESS }
      end

-      context 'when minimal access role is not available' do
+      context 'when minimal access license is not available' do
        it 'does not create a member' do
          expect do
            subject
          end.not_to change { group.all_group_members.count }

          expect(response).to have_gitlab_http_status(:bad_request)
-          expect(json_response['message']).to eq({ 'access_level' => ['is not included in the list'] })
+          expect(json_response['message']).to eq({ 'access_level' => ['is not included in the list', 'not supported by license'] })
        end
      end

-      context 'when minimal access role is available' do
-        it 'creates a member' do
+      context 'when minimal access license is available' do
+        before do
          stub_licensed_features(minimal_access_role: true)
+        end

+        it 'creates a member' do
          expect do
            subject
          end.to change { group.all_group_members.count }.by(1)
@@ -63,6 +67,16 @@ RSpec.describe API::Members do
          expect(response).to have_gitlab_http_status(:created)
          expect(json_response['id']).to eq(stranger.id)
        end
+
+        it 'cannot be assigned to subgroup' do
+          expect do
+            post api("/groups/#{subgroup.id}/members", owner),
+                 params: { user_id: stranger.id, access_level: Member::MINIMAL_ACCESS }
+          end.not_to change { subgroup.all_group_members.count }
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response['message']).to eq({ 'access_level' => ['is not included in the list', 'supported on top level groups only'] })
+        end
      end
    end