Merge branch 'tc-refactor-projects-finder-init-collection' into 'master'

Add User#full_private_access? to check if user has access to all private groups & projects Closes #31745 See merge request !12373

Merge branch 'tc-refactor-projects-finder-init-collection' into 'master'
Add User#full_private_access? to check if user has access to all private groups & projects Closes #31745 See merge request !12373
c00f81d8 · Douwe Maan · 1f3225a5 · b90f1098 · c00f81d8 · c00f81d8
Commit c00f81d8 authored Jun 23, 2017 by Douwe Maan
7 changed files
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -41,7 +41,7 @@ class IssuesFinder < IssuableFinder
  def self.not_restricted_by_confidentiality(user)
    return Issue.where('issues.confidential IS NOT TRUE') if user.blank?
-    return Issue.all if user.admin?
+    return Issue.all if user.full_private_access?
    Issue.where('
      issues.confidential IS NOT TRUE

--- a/app/models/project_feature.rb
+++ b/app/models/project_feature.rb
@@ -90,7 +90,7 @@ class ProjectFeature < ActiveRecord::Base
    when DISABLED
      false
    when PRIVATE
-      user && (project.team.member?(user) || user.admin?)
+      user && (project.team.member?(user) || user.full_private_access?)
    when ENABLED
      true
    else

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -984,6 +984,12 @@ class User < ActiveRecord::Base
    self.admin = (new_level == 'admin')
  end
+  # Does the user have access to all private groups & projects?
+  # Overridden in EE to also check auditor?
+  def full_private_access?
+    admin?
+  end
  def update_two_factor_requirement
    periods = expanded_groups_requiring_two_factor_authentication.pluck(:two_factor_grace_period)

--- a/changelogs/unreleased/tc-refactor-projects-finder-init-collection.yml
+++ b/changelogs/unreleased/tc-refactor-projects-finder-init-collection.yml
+---
+title: Add User#full_private_access? to check if user has access to all private groups & projects
+merge_request: 12373
+author:
--- a/lib/gitlab/visibility_level.rb
+++ b/lib/gitlab/visibility_level.rb
@@ -28,7 +28,7 @@ module Gitlab
      def levels_for_user(user = nil)
        return [PUBLIC] unless user
-        if user.admin?
+        if user.full_private_access?
          [PRIVATE, INTERNAL, PUBLIC]
        elsif user.external?
          [PUBLIC]

--- a/spec/lib/gitlab/visibility_level_spec.rb
+++ b/spec/lib/gitlab/visibility_level_spec.rb
@@ -21,7 +21,7 @@ describe Gitlab::VisibilityLevel, lib: true do
  describe '.levels_for_user' do
    it 'returns all levels for an admin' do
-      user = double(:user, admin?: true)
+      user = build(:user, :admin)
      expect(described_class.levels_for_user(user))
        .to eq([Gitlab::VisibilityLevel::PRIVATE,
@@ -30,7 +30,7 @@ describe Gitlab::VisibilityLevel, lib: true do
    end
    it 'returns INTERNAL and PUBLIC for internal users' do
-      user = double(:user, admin?: false, external?: false)
+      user = build(:user)
      expect(described_class.levels_for_user(user))
        .to eq([Gitlab::VisibilityLevel::INTERNAL,
@@ -38,7 +38,7 @@ describe Gitlab::VisibilityLevel, lib: true do
    end
    it 'returns PUBLIC for external users' do
-      user = double(:user, admin?: false, external?: true)
+      user = build(:user, :external)
      expect(described_class.levels_for_user(user))
        .to eq([Gitlab::VisibilityLevel::PUBLIC])

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1733,6 +1733,20 @@ describe User, models: true do
    end
  end
+  describe '#full_private_access?' do
+    it 'returns false for regular user' do
+      user = build(:user)
+      expect(user.full_private_access?).to be_falsy
+    end
+    it 'returns true for admin user' do
+      user = build(:user, :admin)
+      expect(user.full_private_access?).to be_truthy
+    end
+  end
  describe '.ghost' do
    it "creates a ghost user if one isn't already present" do
      ghost = User.ghost