Merge branch '270392-ldap-override-throws-404-when-member-has-minimal-access' into 'master'

Fix LDAP override throws 404 when member has "Minimal access" See merge request gitlab-org/gitlab!50680

Merge branch '270392-ldap-override-throws-404-when-member-has-minimal-access' into 'master'
Fix LDAP override throws 404 when member has "Minimal access" See merge request gitlab-org/gitlab!50680
0ee0578a · Imre Farkas · 060e3172 · f797af25 · 0ee0578a · 0ee0578a
Commit 0ee0578a authored Jan 04, 2021 by Imre Farkas
3 changed files
--- a/changelogs/unreleased/270392-ldap-override-throws-404-when-member-has-minimal-access.yml
+++ b/changelogs/unreleased/270392-ldap-override-throws-404-when-member-has-minimal-access.yml
+---
+title: Fix LDAP override throws 404 when member has Minimal access
+merge_request: 50680
+author:
+type: fixed
--- a/ee/app/controllers/ee/groups/group_members_controller.rb
+++ b/ee/app/controllers/ee/groups/group_members_controller.rb
@@ -26,7 +26,7 @@ module EE
      # rubocop:disable Gitlab/ModuleWithInstanceVariables
      # rubocop: disable CodeReuse/ActiveRecord
      def override
-        member = @group.members.find_by!(id: params[:id])
+        member = membershipable_members.find_by!(id: params[:id])
        updated_member = ::Members::UpdateService.new(current_user, override_params)
          .execute(member, permission: :override)


--- a/ee/spec/controllers/groups/group_members_controller_spec.rb
+++ b/ee/spec/controllers/groups/group_members_controller_spec.rb
@@ -60,10 +60,12 @@ RSpec.describe Groups::GroupMembersController do
    describe 'POST #override' do
      let(:group) { create(:group_with_ldap_group_link) }

-      it 'is successful' do
+      before do
        allow(Ability).to receive(:allowed?).and_call_original
        allow(Ability).to receive(:allowed?).with(user, :override_group_member, membership) { true }
+      end

+      it 'is successful' do
        post :override,
             params: {
               group_id: group,
@@ -74,6 +76,40 @@ RSpec.describe Groups::GroupMembersController do

        expect(response).to have_gitlab_http_status(:ok)
      end
+
+      context 'when user has minimal access' do
+        let(:membership) { create(:group_member, :minimal_access, source: group, user: create(:user)) }
+
+        it 'is not successful' do
+          post :override,
+               params: {
+                 group_id: group,
+                 id: membership,
+                 group_member: { override: true }
+               },
+               format: :js
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+
+        context 'when minimal_access_role feature is available' do
+          before do
+            stub_licensed_features(minimal_access_role: true)
+          end
+
+          it 'is successful' do
+            post :override,
+                 params: {
+                   group_id: group,
+                   id: membership,
+                   group_member: { override: true }
+                 },
+                 format: :js
+
+            expect(response).to have_gitlab_http_status(:ok)
+          end
+        end
+      end
    end
  end