Commit 0771109b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Fix permission issue with highest access level for group

If user was a member of both group and project and group access level
was higher it was not respected and user got lowest project access
level. Now it is fixed and user get highest access level
Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 995d193d
...@@ -118,19 +118,30 @@ class ProjectTeam ...@@ -118,19 +118,30 @@ class ProjectTeam
end end
def guest?(user) def guest?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::GUEST max_tm_access(user.id) == Gitlab::Access::GUEST
end end
def reporter?(user) def reporter?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::REPORTER max_tm_access(user.id) == Gitlab::Access::REPORTER
end end
def developer?(user) def developer?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::DEVELOPER max_tm_access(user.id) == Gitlab::Access::DEVELOPER
end end
def master?(user) def master?(user)
find_tm(user.id).try(:access_field) == Gitlab::Access::MASTER max_tm_access(user.id) == Gitlab::Access::MASTER
end
def max_tm_access(user_id)
access = []
access << project.users_projects.find_by(user_id: user_id).try(:access_field)
if group
access << group.users_groups.find_by(user_id: user_id).try(:access_field)
end
access.compact.max
end end
private private
......
require "spec_helper" require "spec_helper"
describe ProjectTeam do describe ProjectTeam do
let(:group) { create(:group) }
let(:project) { create(:empty_project, group: group) }
let(:master) { create(:user) } let(:master) { create(:user) }
let(:reporter) { create(:user) } let(:reporter) { create(:user) }
let(:guest) { create(:user) } let(:guest) { create(:user) }
let(:nonmember) { create(:user) } let(:nonmember) { create(:user) }
before do context 'personal project' do
group.add_user(master, Gitlab::Access::MASTER) let(:project) { create(:empty_project) }
group.add_user(reporter, Gitlab::Access::REPORTER)
group.add_user(guest, Gitlab::Access::GUEST)
# Add group guest as master to this project before do
# to test project access priority over group members project.team << [master, :master]
project.team << [guest, :master] project.team << [reporter, :reporter]
end project.team << [guest, :guest]
end
describe 'members collection' do describe 'members collection' do
it { project.team.masters.should include(master) } it { project.team.masters.should include(master) }
it { project.team.masters.should include(guest) } it { project.team.masters.should_not include(guest) }
it { project.team.masters.should_not include(reporter) } it { project.team.masters.should_not include(reporter) }
it { project.team.masters.should_not include(nonmember) } it { project.team.masters.should_not include(nonmember) }
end
describe 'access methods' do
it { project.team.master?(master).should be_true }
it { project.team.master?(guest).should be_false }
it { project.team.master?(reporter).should be_false }
it { project.team.master?(nonmember).should be_false }
end
end end
describe 'access methods' do context 'group project' do
it { project.team.master?(master).should be_true } let(:group) { create(:group) }
it { project.team.master?(guest).should be_true } let(:project) { create(:empty_project, group: group) }
it { project.team.master?(reporter).should be_false }
it { project.team.master?(nonmember).should be_false } before do
group.add_user(master, Gitlab::Access::MASTER)
group.add_user(reporter, Gitlab::Access::REPORTER)
group.add_user(guest, Gitlab::Access::GUEST)
# If user is a group and a project member - GitLab uses highest permission
# So we add group guest as master and add group master as guest
# to this project to test highest access
project.team << [guest, :master]
project.team << [master, :guest]
end
describe 'members collection' do
it { project.team.reporters.should include(reporter) }
it { project.team.masters.should include(master) }
it { project.team.masters.should include(guest) }
it { project.team.masters.should_not include(reporter) }
it { project.team.masters.should_not include(nonmember) }
end
describe 'access methods' do
it { project.team.reporter?(reporter).should be_true }
it { project.team.master?(master).should be_true }
it { project.team.master?(guest).should be_true }
it { project.team.master?(reporter).should be_false }
it { project.team.master?(nonmember).should be_false }
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment