Move user Auditor role code to EE-specific file

To limit the number of CE merge conflicts, move the auditor role code outside the original User model and into the EE-specific mixin.

Move user Auditor role code to EE-specific file
To limit the number of CE merge conflicts, move the auditor role code outside the original User model and into the EE-specific mixin.
304dce21 · Toon Claes · f9488901 · 304dce21 · 304dce21 · 304dce21
Commit 304dce21 authored Jun 21, 2017 by Toon Claes
4 changed files
--- a/app/models/ee/user.rb
+++ b/app/models/ee/user.rb
@@ -56,6 +56,27 @@ module EE
      admin? || auditor?
    end

+    def access_level
+      if auditor?
+        :auditor
+      else
+        super
+      end
+    end
+
+    def access_level=(new_level)
+      new_level = new_level.to_s
+      return unless %w(admin auditor regular).include?(new_level)
+
+      self.admin = (new_level == 'admin')
+      self.auditor = (new_level == 'auditor')
+    end
+
+    # Does the user have access to all private groups & projects?
+    def has_full_private_access?
+      admin_or_auditor?
+    end
+
    def remember_me!
      return if ::Gitlab::Geo.secondary?
      super

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1003,8 +1003,6 @@ class User < ActiveRecord::Base
  def access_level
    if admin?
      :admin
-    elsif auditor?
-      :auditor
    else
      :regular
    end
@@ -1012,10 +1010,14 @@ class User < ActiveRecord::Base

  def access_level=(new_level)
    new_level = new_level.to_s
-    return unless %w(admin auditor regular).include?(new_level)
+    return unless %w(admin regular).include?(new_level)

    self.admin = (new_level == 'admin')
-    self.auditor = (new_level == 'auditor')
+  end
+
+  # Does the user have access to all private groups & projects?
+  def has_full_private_access?
+    admin?
  end

  def update_two_factor_requirement

--- a/spec/models/ee/user_spec.rb
+++ b/spec/models/ee/user_spec.rb
+require 'spec_helper'
+
+describe EE::User, models: true do
+  describe '#access_level=' do
+    let(:user) { build(:user) }
+
+    before do
+      # `auditor?` returns true only when the user is an auditor _and_ the auditor license
+      # add-on is present. We aren't testing this here, so we can assume that the add-on exists.
+      allow_any_instance_of(License).to receive(:feature_available?).with(:auditor_user) { true }
+    end
+
+    it "does not set 'auditor' for an invalid access level" do
+      user.access_level = :invalid_access_level
+
+      expect(user.auditor).to be false
+    end
+
+    it "does not set 'auditor' for admin level" do
+      user.access_level = :admin
+
+      expect(user.auditor).to be false
+    end
+
+    it "assigns the 'auditor' access level" do
+      user.access_level = :auditor
+
+      expect(user.access_level).to eq(:auditor)
+      expect(user.admin).to be false
+      expect(user.auditor).to be true
+    end
+
+    it "assigns the 'auditor' access level" do
+      user.access_level = :regular
+
+      expect(user.access_level).to eq(:regular)
+      expect(user.admin).to be false
+      expect(user.auditor).to be false
+    end
+
+    it "clears the 'admin' access level when a user is made an auditor" do
+      user.access_level = :admin
+      user.access_level = :auditor
+
+      expect(user.access_level).to eq(:auditor)
+      expect(user.admin).to be false
+      expect(user.auditor).to be true
+    end
+
+    it "clears the 'auditor' access level when a user is made an admin" do
+      user.access_level = :auditor
+      user.access_level = :admin
+
+      expect(user.access_level).to eq(:admin)
+      expect(user.admin).to be true
+      expect(user.auditor).to be false
+    end
+
+    it "doesn't clear existing 'auditor' access levels when an invalid access level is passed in" do
+      user.access_level = :auditor
+      user.access_level = :invalid_access_level
+
+      expect(user.access_level).to eq(:auditor)
+      expect(user.admin).to be false
+      expect(user.auditor).to be true
+    end
+  end
+
+  describe '#has_full_private_access?' do
+    it 'returns true for auditor user' do
+      user = build(:user, :auditor)
+
+      expect(user.has_full_private_access?).to be_truthy
+    end
+  end
+end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1737,18 +1737,11 @@ describe User, models: true do
  describe '#access_level=' do
    let(:user) { build(:user) }

-    before do
-      # `auditor?` returns true only when the user is an auditor _and_ the auditor license
-      # add-on is present. We aren't testing this here, so we can assume that the add-on exists.
-      allow_any_instance_of(License).to receive(:feature_available?).with(:auditor_user) { true }
-    end
-
    it 'does nothing for an invalid access level' do
      user.access_level = :invalid_access_level

      expect(user.access_level).to eq(:regular)
      expect(user.admin).to be false
-      expect(user.auditor).to be false
    end

    it "assigns the 'admin' access level" do
@@ -1756,41 +1749,6 @@ describe User, models: true do

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
-      expect(user.auditor).to be false
-    end
-
-    it "assigns the 'auditor' access level" do
-      user.access_level = :auditor
-
-      expect(user.access_level).to eq(:auditor)
-      expect(user.admin).to be false
-      expect(user.auditor).to be true
-    end
-
-    it "assigns the 'auditor' access level" do
-      user.access_level = :regular
-
-      expect(user.access_level).to eq(:regular)
-      expect(user.admin).to be false
-      expect(user.auditor).to be false
-    end
-
-    it "clears the 'admin' access level when a user is made an auditor" do
-      user.access_level = :admin
-      user.access_level = :auditor
-
-      expect(user.access_level).to eq(:auditor)
-      expect(user.admin).to be false
-      expect(user.auditor).to be true
-    end
-
-    it "clears the 'auditor' access level when a user is made an admin" do
-      user.access_level = :auditor
-      user.access_level = :admin
-
-      expect(user.access_level).to eq(:admin)
-      expect(user.admin).to be true
-      expect(user.auditor).to be false
    end

    it "doesn't clear existing access levels when an invalid access level is passed in" do
@@ -1799,7 +1757,6 @@ describe User, models: true do

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
-      expect(user.auditor).to be false
    end

    it "accepts string values in addition to symbols" do
@@ -1807,7 +1764,20 @@ describe User, models: true do

      expect(user.access_level).to eq(:admin)
      expect(user.admin).to be true
-      expect(user.auditor).to be false
+    end
+  end
+
+  describe '#has_full_private_access?' do
+    it 'returns false for regular user' do
+      user = build(:user)
+
+      expect(user.has_full_private_access?).to be_falsy
+    end
+
+    it 'returns true for admin user' do
+      user = build(:user, :admin)
+
+      expect(user.has_full_private_access?).to be_truthy
    end
  end