Commit 246100d6 authored by Sashi Kumar Kumaresan's avatar Sashi Kumar Kumaresan Committed by Andy Soiron

Add developers and maintainers to security policy project

parent 9a0f518f
...@@ -78,6 +78,10 @@ class ProjectTeam ...@@ -78,6 +78,10 @@ class ProjectTeam
members.where(id: member_user_ids) members.where(id: member_user_ids)
end end
def members_with_access_levels(access_levels = [])
fetch_members(access_levels)
end
def guests def guests
@guests ||= fetch_members(Gitlab::Access::GUEST) @guests ||= fetch_members(Gitlab::Access::GUEST)
end end
......
...@@ -3,6 +3,8 @@ ...@@ -3,6 +3,8 @@
module Security module Security
module SecurityOrchestrationPolicies module SecurityOrchestrationPolicies
class ProjectCreateService < ::BaseProjectService class ProjectCreateService < ::BaseProjectService
ACCESS_LEVELS_TO_ADD = [Gitlab::Access::MAINTAINER, Gitlab::Access::DEVELOPER].freeze
def execute def execute
return error('Security Policy project already exists.') if project.security_orchestration_policy_configuration.present? return error('Security Policy project already exists.') if project.security_orchestration_policy_configuration.present?
...@@ -21,7 +23,8 @@ module Security ...@@ -21,7 +23,8 @@ module Security
private private
def add_members(policy_project) def add_members(policy_project)
members_to_add = project.team.maintainers - policy_project.team.members developers_and_maintainers = project.team.members_with_access_levels(ACCESS_LEVELS_TO_ADD)
members_to_add = developers_and_maintainers - policy_project.team.members
policy_project.add_users(members_to_add, :developer) policy_project.add_users(members_to_add, :developer)
end end
......
...@@ -11,18 +11,20 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ProjectCreateService do ...@@ -11,18 +11,20 @@ RSpec.describe Security::SecurityOrchestrationPolicies::ProjectCreateService do
context 'when security_orchestration_policies_configuration does not exist for project' do context 'when security_orchestration_policies_configuration does not exist for project' do
let_it_be(:maintainer) { create(:user) } let_it_be(:maintainer) { create(:user) }
let_it_be(:developer) { create(:user) }
before do before do
project.add_maintainer(maintainer) project.add_maintainer(maintainer)
project.add_developer(developer)
end end
it 'creates new project' do it 'creates policy project with maintainers and developers from target project as developers' do
response = service.execute response = service.execute
policy_project = response[:policy_project] policy_project = response[:policy_project]
expect(project.reload.security_orchestration_policy_configuration.security_policy_management_project).to eq(policy_project) expect(project.reload.security_orchestration_policy_configuration.security_policy_management_project).to eq(policy_project)
expect(policy_project.namespace).to eq(project.namespace) expect(policy_project.namespace).to eq(project.namespace)
expect(policy_project.team.developers).to contain_exactly(maintainer) expect(policy_project.team.developers).to contain_exactly(maintainer, developer)
expect(policy_project.container_registry_access_level).to eq(ProjectFeature::DISABLED) expect(policy_project.container_registry_access_level).to eq(ProjectFeature::DISABLED)
end end
end end
......
...@@ -193,6 +193,36 @@ RSpec.describe ProjectTeam do ...@@ -193,6 +193,36 @@ RSpec.describe ProjectTeam do
end end
end end
describe '#members_with_access_levels' do
let_it_be(:maintainer) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:guest) { create(:user) }
let_it_be(:project) { create(:project, namespace: maintainer.namespace) }
let_it_be(:access_levels) { [Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER] }
subject(:members_with_access_levels) { project.team.members_with_access_levels(access_levels) }
before do
project.team.add_developer(developer)
project.team.add_maintainer(maintainer)
project.team.add_guest(guest)
end
context 'with access_levels' do
it 'filters members who have given access levels' do
expect(members_with_access_levels).to contain_exactly(developer, maintainer)
end
end
context 'without access_levels' do
let_it_be(:access_levels) { [] }
it 'returns empty array' do
expect(members_with_access_levels).to be_empty
end
end
end
describe '#add_users' do describe '#add_users' do
let(:user1) { create(:user) } let(:user1) { create(:user) }
let(:user2) { create(:user) } let(:user2) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment