Commit c00f81d8 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'tc-refactor-projects-finder-init-collection' into 'master'

Add User#full_private_access? to check if user has access to all private groups & projects

Closes #31745

See merge request !12373
parents 1f3225a5 b90f1098
......@@ -41,7 +41,7 @@ class IssuesFinder < IssuableFinder
def self.not_restricted_by_confidentiality(user)
return Issue.where('issues.confidential IS NOT TRUE') if user.blank?
return Issue.all if user.admin?
return Issue.all if user.full_private_access?
Issue.where('
issues.confidential IS NOT TRUE
......
......@@ -90,7 +90,7 @@ class ProjectFeature < ActiveRecord::Base
when DISABLED
false
when PRIVATE
user && (project.team.member?(user) || user.admin?)
user && (project.team.member?(user) || user.full_private_access?)
when ENABLED
true
else
......
......@@ -984,6 +984,12 @@ class User < ActiveRecord::Base
self.admin = (new_level == 'admin')
end
# Does the user have access to all private groups & projects?
# Overridden in EE to also check auditor?
def full_private_access?
admin?
end
def update_two_factor_requirement
periods = expanded_groups_requiring_two_factor_authentication.pluck(:two_factor_grace_period)
......
---
title: Add User#full_private_access? to check if user has access to all private groups & projects
merge_request: 12373
author:
......@@ -28,7 +28,7 @@ module Gitlab
def levels_for_user(user = nil)
return [PUBLIC] unless user
if user.admin?
if user.full_private_access?
[PRIVATE, INTERNAL, PUBLIC]
elsif user.external?
[PUBLIC]
......
......@@ -21,7 +21,7 @@ describe Gitlab::VisibilityLevel, lib: true do
describe '.levels_for_user' do
it 'returns all levels for an admin' do
user = double(:user, admin?: true)
user = build(:user, :admin)
expect(described_class.levels_for_user(user))
.to eq([Gitlab::VisibilityLevel::PRIVATE,
......@@ -30,7 +30,7 @@ describe Gitlab::VisibilityLevel, lib: true do
end
it 'returns INTERNAL and PUBLIC for internal users' do
user = double(:user, admin?: false, external?: false)
user = build(:user)
expect(described_class.levels_for_user(user))
.to eq([Gitlab::VisibilityLevel::INTERNAL,
......@@ -38,7 +38,7 @@ describe Gitlab::VisibilityLevel, lib: true do
end
it 'returns PUBLIC for external users' do
user = double(:user, admin?: false, external?: true)
user = build(:user, :external)
expect(described_class.levels_for_user(user))
.to eq([Gitlab::VisibilityLevel::PUBLIC])
......
......@@ -1733,6 +1733,20 @@ describe User, models: true do
end
end
describe '#full_private_access?' do
it 'returns false for regular user' do
user = build(:user)
expect(user.full_private_access?).to be_falsy
end
it 'returns true for admin user' do
user = build(:user, :admin)
expect(user.full_private_access?).to be_truthy
end
end
describe '.ghost' do
it "creates a ghost user if one isn't already present" do
ghost = User.ghost
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment