Merge branch 'jm-allow-unconfirmed-user-searches' into 'master'

Allow unconfirmed users in non-admin searches See merge request gitlab-org/gitlab!85097

Merge branch 'jm-allow-unconfirmed-user-searches' into 'master'
Allow unconfirmed users in non-admin searches See merge request gitlab-org/gitlab!85097
1ad3a6c5 · Terri Chu · bc203d05 · a40898af · 1ad3a6c5 · 1ad3a6c5
Commit 1ad3a6c5 authored Apr 14, 2022 by Terri Chu
4 changed files
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -476,7 +476,7 @@ class User < ApplicationRecord
  scope :with_no_activity, -> { with_state(:active).human_or_service_user.where(last_activity_on: nil) }
  scope :by_provider_and_extern_uid, ->(provider, extern_uid) { joins(:identities).merge(Identity.with_extern_uid(provider, extern_uid)) }
  scope :by_ids_or_usernames, -> (ids, usernames) { where(username: usernames).or(where(id: ids)) }
-  scope :without_forbidden_states, -> { confirmed.where.not(state: FORBIDDEN_SEARCH_STATES) }
+  scope :without_forbidden_states, -> { where.not(state: FORBIDDEN_SEARCH_STATES) }

  strip_attributes! :name


--- a/ee/spec/finders/users_finder_spec.rb
+++ b/ee/spec/finders/users_finder_spec.rb
@@ -13,13 +13,13 @@ RSpec.describe UsersFinder do
        it 'returns ldap users by default' do
          users = described_class.new(normal_user).execute

-          expect(users).to contain_exactly(normal_user, omniauth_user, external_user, ldap_user, internal_user, admin_user)
+          expect(users).to contain_exactly(normal_user, unconfirmed_user, omniauth_user, external_user, ldap_user, internal_user, admin_user)
        end

        it 'returns only non-ldap users with skip_ldap: true' do
          users = described_class.new(normal_user, skip_ldap: true).execute

-          expect(users).to contain_exactly(normal_user, omniauth_user, external_user, internal_user, admin_user)
+          expect(users).to contain_exactly(normal_user, unconfirmed_user, omniauth_user, external_user, internal_user, admin_user)
        end
      end

@@ -36,7 +36,7 @@ RSpec.describe UsersFinder do
        it 'returns all users by default' do
          users = described_class.new(normal_user).execute

-          expect(users).to contain_exactly(normal_user, omniauth_user, external_user, internal_user, admin_user, saml_user, non_saml_user)
+          expect(users).to contain_exactly(normal_user, unconfirmed_user, omniauth_user, external_user, internal_user, admin_user, saml_user, non_saml_user)
        end

        it 'returns only saml users from the provided saml_provider_id' do

--- a/spec/finders/users_finder_spec.rb
+++ b/spec/finders/users_finder_spec.rb
@@ -14,7 +14,7 @@ RSpec.describe UsersFinder do
      it 'returns searchable users' do
        users = described_class.new(user).execute

-        expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
+        expect(users).to contain_exactly(user, normal_user, external_user, unconfirmed_user, omniauth_user, internal_user, admin_user, project_bot)
      end

      it 'filters by username' do
@@ -56,7 +56,7 @@ RSpec.describe UsersFinder do
      it 'filters by non external users' do
        users = described_class.new(user, non_external: true).execute

-        expect(users).to contain_exactly(user, normal_user, omniauth_user, internal_user, admin_user, project_bot)
+        expect(users).to contain_exactly(user, normal_user, unconfirmed_user, omniauth_user, internal_user, admin_user, project_bot)
      end

      it 'filters by created_at' do
@@ -73,7 +73,7 @@ RSpec.describe UsersFinder do
      it 'filters by non internal users' do
        users = described_class.new(user, non_internal: true).execute

-        expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, admin_user, project_bot)
+        expect(users).to contain_exactly(user, normal_user, unconfirmed_user, external_user, omniauth_user, admin_user, project_bot)
      end

      it 'does not filter by custom attributes' do
@@ -82,18 +82,18 @@ RSpec.describe UsersFinder do
          custom_attributes: { foo: 'bar' }
        ).execute

-        expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
+        expect(users).to contain_exactly(user, normal_user, external_user, unconfirmed_user, omniauth_user, internal_user, admin_user, project_bot)
      end

      it 'orders returned results' do
        users = described_class.new(user, sort: 'id_asc').execute

-        expect(users).to eq([normal_user, admin_user, external_user, omniauth_user, internal_user, project_bot, user])
+        expect(users).to eq([normal_user, admin_user, external_user, unconfirmed_user, omniauth_user, internal_user, project_bot, user])
      end

      it 'does not filter by admins' do
        users = described_class.new(user, admins: true).execute
-        expect(users).to contain_exactly(user, normal_user, external_user, admin_user, omniauth_user, internal_user, project_bot)
+        expect(users).to contain_exactly(user, normal_user, external_user, admin_user, unconfirmed_user, omniauth_user, internal_user, project_bot)
      end
    end


--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -6748,9 +6748,9 @@ RSpec.describe User do
    let_it_be(:omniauth_user) { create(:omniauth_user, provider: 'twitter', extern_uid: '123456') }
    let_it_be(:internal_user) { User.alert_bot.tap { |u| u.confirm } }

-    it 'does not return blocked, banned or unconfirmed users' do
+    it 'does not return blocked or banned users' do
      expect(described_class.without_forbidden_states).to match_array([
-        normal_user, admin_user, external_user, omniauth_user, internal_user
+        normal_user, admin_user, external_user, unconfirmed_user, omniauth_user, internal_user
      ])
    end
  end