Resolve "Gitlab administrator cannot create projects in every group"

2f9d50b7 · George Andrinopoulos · Rémy Coutable · c0ce9d01 · 2f9d50b7 · 2f9d50b7
Commit 2f9d50b7 authored Mar 24, 2017 by George Andrinopoulos Committed by Rémy Coutable Mar 24, 2017
4 changed files
--- a/app/helpers/namespaces_helper.rb
+++ b/app/helpers/namespaces_helper.rb
@@ -6,7 +6,13 @@ module NamespacesHelper
  def namespaces_options(selected = :current_user, display_path: false, extra_group: nil)
    groups = current_user.owned_groups + current_user.masters_groups

-    groups << extra_group if extra_group && !Group.exists?(name: extra_group.name)
+    unless extra_group.nil? || extra_group.is_a?(Group)
+      extra_group = Group.find(extra_group) if Namespace.find(extra_group).kind == 'group'
+    end
+
+    if extra_group && extra_group.is_a?(Group) && (!Group.exists?(name: extra_group.name) || Ability.allowed?(current_user, :read_group, extra_group))
+      groups |= [extra_group]
+    end

    users = [current_user.namespace]


--- a/app/views/projects/new.html.haml
+++ b/app/views/projects/new.html.haml
@@ -23,7 +23,7 @@
                - if current_user.can_select_namespace?
                  .input-group-addon
                    = root_url
-                  = f.select :namespace_id, namespaces_options(namespace_id_from(params) || :current_user, display_path: true), {}, {class: 'select2 js-select-namespace', tabindex: 1}
+                  = f.select :namespace_id, namespaces_options(namespace_id_from(params) || :current_user, display_path: true, extra_group: namespace_id_from(params)), {}, { class: 'select2 js-select-namespace', tabindex: 1}

                - else
                  .input-group-addon.static-namespace

--- a/changelogs/unreleased/27910-admin-can-create-project-in-all-groups.yml
+++ b/changelogs/unreleased/27910-admin-can-create-project-in-all-groups.yml
+---
+title: Allow admin to view all namespaces
+merge_request:
+author: George Andrinopoulos
--- a/spec/helpers/namespaces_helper_spec.rb
+++ b/spec/helpers/namespaces_helper_spec.rb
+require 'spec_helper'
+
+describe NamespacesHelper, type: :helper do
+  let!(:admin) { create(:admin) }
+  let!(:admin_group) { create(:group, :private) }
+  let!(:user) { create(:user) }
+  let!(:user_group) { create(:group, :private) }
+
+  before do
+    admin_group.add_owner(admin)
+    user_group.add_owner(user)
+  end
+
+  describe '#namespaces_options' do
+    it 'returns groups without being a member for admin' do
+      allow(helper).to receive(:current_user).and_return(admin)
+
+      options = helper.namespaces_options(user_group.id, display_path: true, extra_group: user_group.id)
+
+      expect(options).to include(admin_group.name)
+      expect(options).to include(user_group.name)
+    end
+
+    it 'returns only allowed namespaces for user' do
+      allow(helper).to receive(:current_user).and_return(user)
+
+      options = helper.namespaces_options
+
+      expect(options).not_to include(admin_group.name)
+      expect(options).to include(user_group.name)
+    end
+  end
+end