diff --git a/app/models/user.rb b/app/models/user.rb index e512800a573c48b2207efaa2c52c498e19df0ec4..b6d49daada82206e865259d65dde5ab9af1bbf4e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -124,6 +124,7 @@ class User < ActiveRecord::Base validate :owns_notification_email, if: ->(user) { user.notification_email_changed? } validate :owns_public_email, if: ->(user) { user.public_email_changed? } validate :cannot_be_admin_and_auditor + validate :auditor_requires_license_add_on validates :avatar, file_size: { maximum: 200.kilobytes.to_i } before_validation :generate_password, on: :create @@ -460,6 +461,12 @@ class User < ActiveRecord::Base end end + def auditor_requires_license_add_on + unless ::License.current && ::License.current.add_on?('GitLab_Auditor_User') + errors.add(:auditor, 'user cannot be created without the "GitLab_Auditor_User" addon') + end + end + # Returns the groups a user has access to def authorized_groups union = Gitlab::SQL::Union. @@ -538,6 +545,12 @@ class User < ActiveRecord::Base admin end + def auditor? + @license_allows_auditors ||= (::License.current && ::License.current.add_on?('GitLab_Auditor_User')) + + @license_allows_auditors && self.auditor + end + def admin_or_auditor? admin? || auditor? end diff --git a/spec/factories/licenses.rb b/spec/factories/licenses.rb index bfc483943778b5a609e6e8e557c0a9d4298abbfb..4faff875637fcf2dc09aeda574a2a9f7936b898b 100644 --- a/spec/factories/licenses.rb +++ b/spec/factories/licenses.rb @@ -6,7 +6,12 @@ FactoryGirl.define do { "Name" => FFaker::Name.name } end restrictions do - { add_ons: { 'GitLab_FileLocks' => 1 } } + { + add_ons: { + 'GitLab_FileLocks' => 1, + 'GitLab_Auditor_User' => 1 + } + } end notify_users_at { |l| l.expires_at } notify_admins_at { |l| l.expires_at } diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 97a5fafac876c085592ae2bdf5d12db741317c10..a1c042611091c4c2a1c6d427ad39e8e3c04c4d4a 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1492,4 +1492,52 @@ describe User, models: true do expect(user.project_authorizations.where(access_level: Gitlab::Access::REPORTER).exists?).to eq(true) end end + + describe 'the GitLab_Auditor_User add-on' do + context 'creating an auditor user' do + it "does not allow creating an auditor user if the addon isn't enabled" do + allow_any_instance_of(License).to receive(:add_ons).and_return({}) + + expect(build(:user, :auditor)).to be_invalid + end + + it "does not allow creating an auditor user if no license is present" do + allow(License).to receive(:current).and_return nil + + expect(build(:user, :auditor)).to be_invalid + end + + it "allows creating an auditor user if the addon is enabled" do + allow_any_instance_of(License).to receive(:add_ons).and_return({ 'GitLab_Auditor_User' => 1 }) + + expect(build(:user, :auditor)).to be_valid + end + end + + context '#auditor?' do + it "returns true for an auditor user if the addon is enabled" do + allow_any_instance_of(License).to receive(:add_ons).and_return({ 'GitLab_Auditor_User' => 1 }) + + expect(build(:user, :auditor)).to be_auditor + end + + it "returns false for an auditor user if the addon is not enabled" do + allow_any_instance_of(License).to receive(:add_ons).and_return({}) + + expect(build(:user, :auditor)).not_to be_auditor + end + + it "returns false for an auditor user if a license is not present" do + allow(License).to receive(:current).and_return nil + + expect(build(:user, :auditor)).not_to be_auditor + end + + it "returns false for a non-auditor user even if the addon is present" do + allow_any_instance_of(License).to receive(:add_ons).and_return({ 'GitLab_Auditor_User' => 1 }) + + expect(build(:user)).not_to be_auditor + end + end + end end