Merge branch 'gl-badge-poc' into 'master'

Derive GitLab Team member badge from gitlab-com group See merge request gitlab-org/gitlab!30884

Merge branch 'gl-badge-poc' into 'master'
Derive GitLab Team member badge from gitlab-com group See merge request gitlab-org/gitlab!30884
49c0ec6f · Kamil Trzciński · 6a4264e1 · 7067c86d · 49c0ec6f · 49c0ec6f
Commit 49c0ec6f authored May 14, 2020 by Kamil Trzciński
12 changed files
--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -348,7 +348,7 @@ module EE
    def gitlab_employee?
      strong_memoize(:gitlab_employee) do
        if ::Gitlab.com? && ::Feature.enabled?(:gitlab_employee_badge)
-          confirmed? && human? && Mail::Address.new(email).domain == "gitlab.com"
+          human? && ::Gitlab::Com.gitlab_com_group_member_id?(id)
        else
          false
        end

--- a/ee/lib/gitlab/com.rb
+++ b/ee/lib/gitlab/com.rb
+# frozen_string_literal: true
+module Gitlab
+  module Com
+    ALLOWED_USER_IDS_KEY = 'gitlab_com_group_allowed_user_ids'
+    EXPIRY_TIME_L1_CACHE = 1.minute
+    EXPIRY_TIME_L2_CACHE = 5.minutes
+    GITLAB_COM_GROUP = 'gitlab-com'
+    def self.gitlab_com_group_member_id?(user_id = nil)
+      return false unless Gitlab.com? && user_id && ::Feature.enabled?(:gitlab_employee_badge)
+      gitlab_com_user_ids.include?(user_id)
+    end
+    # rubocop: disable CodeReuse/ActiveRecord
+    def self.gitlab_com_user_ids
+      l1_cache_backend.fetch(ALLOWED_USER_IDS_KEY, expires_in: EXPIRY_TIME_L1_CACHE) do
+        l2_cache_backend.fetch(ALLOWED_USER_IDS_KEY, expires_in: EXPIRY_TIME_L2_CACHE) do
+          group = Group.find_by_name(GITLAB_COM_GROUP)
+          if group
+            GroupMembersFinder.new(group).execute.pluck(:user_id)
+          else
+            []
+          end
+        end
+      end
+    end
+    # rubocop: enable CodeReuse/ActiveRecord
+    private_class_method :gitlab_com_user_ids
+    def self.expire_allowed_user_ids_cache
+      l1_cache_backend.delete(ALLOWED_USER_IDS_KEY)
+      l2_cache_backend.delete(ALLOWED_USER_IDS_KEY)
+    end
+    def self.l1_cache_backend
+      Gitlab::ProcessMemoryCache.cache_backend
+    end
+    def self.l2_cache_backend
+      Rails.cache
+    end
+  end
+end
--- a/ee/spec/controllers/projects/issues_controller_spec.rb
+++ b/ee/spec/controllers/projects/issues_controller_spec.rb
@@ -238,23 +238,21 @@ describe Projects::IssuesController do
      before do
        sign_in(user)
        allow(Gitlab).to receive(:com?).and_return(true)
-        note_user = discussion.author
+        discussion.update(author: user)
-        note_user.update(email: email)
-        note_user.confirm
      end
-      shared_examples 'non inclusion of gitlab employee badge' do
+      shared_context 'non inclusion of gitlab team member badge' do |result|
        it 'does not render the is_gitlab_employee attribute' do
          subject
          note_json = json_response.first['notes'].first
-          expect(note_json['author'].has_key?('is_gitlab_employee')).to be false
+          expect(note_json['author']['is_gitlab_employee']).to be result
        end
      end
-      context 'when user is a gitlab employee' do
+      context 'when user is a gitlab team member' do
-        let(:email) { 'test@gitlab.com' }
+        include_context 'gitlab team member'
        it 'renders the is_gitlab_employee attribute' do
          subject
@@ -269,27 +267,19 @@ describe Projects::IssuesController do
            stub_feature_flags(gitlab_employee_badge: false)
          end
-          it_behaves_like 'non inclusion of gitlab employee badge'
+          it_behaves_like 'non inclusion of gitlab team member badge', nil
        end
      end
-      context 'when user is not a gitlab employee' do
+      context 'when user is not a gitlab team member' do
-        let(:email) { 'test@example.com' }
+        it_behaves_like 'non inclusion of gitlab team member badge', false
-        it 'shows is_gitlab_employee attribute as false' do
-          subject
-          note_json = json_response.first['notes'].first
-          expect(note_json['author']['is_gitlab_employee']).to be false
-        end
        context 'when feature flag is disabled' do
          before do
            stub_feature_flags(gitlab_employee_badge: false)
          end
-          it_behaves_like 'non inclusion of gitlab employee badge'
+          it_behaves_like 'non inclusion of gitlab team member badge', nil
        end
      end
    end

--- a/ee/spec/helpers/ee/issuables_helper_spec.rb
+++ b/ee/spec/helpers/ee/issuables_helper_spec.rb
@@ -53,6 +53,7 @@ describe IssuablesHelper do
    end
    describe '#gitlab_team_member_badge' do
+      let(:user) { create(:user) }
      let(:issue) { build(:issue, author: user) }
      before do
@@ -60,7 +61,7 @@ describe IssuablesHelper do
      end
      context 'when `:gitlab_employee_badge` feature flag is disabled' do
-        let(:user) { build(:user, email: 'test@gitlab.com') }
+        include_context 'gitlab team member'
        before do
          stub_feature_flags(gitlab_employee_badge: false)
@@ -72,15 +73,13 @@ describe IssuablesHelper do
      end
      context 'when issue author is not a GitLab team member' do
-        let(:user) { build(:user, email: 'test@example.com') }
        it 'returns nil' do
          expect(helper.gitlab_team_member_badge(issue.author)).to be_nil
        end
      end
      context 'when issue author is a GitLab team member' do
-        let(:user) { build(:user, email: 'test@gitlab.com') }
+        include_context 'gitlab team member'
        it 'returns span with svg icon' do
          expect(helper.gitlab_team_member_badge(issue.author)).to have_selector('span > svg')

--- a/ee/spec/lib/gitlab/com_spec.rb
+++ b/ee/spec/lib/gitlab/com_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Gitlab::Com do
+  it { expect(described_class.l1_cache_backend).to eq(Gitlab::ProcessMemoryCache.cache_backend) }
+  it { expect(described_class.l2_cache_backend).to eq(Rails.cache) }
+  describe '.gitlab_team_member?' do
+    subject { described_class.gitlab_com_group_member_id?(user&.id) }
+    let(:user) { create(:user) }
+    before do
+      allow(Gitlab).to receive(:com?).and_return(true)
+    end
+    context 'when user is a gitlab team member' do
+      include_context 'gitlab team member'
+      it { is_expected.to be true }
+      context 'caching of allowed user IDs' do
+        before do
+          described_class.gitlab_com_group_member_id?(user&.id)
+        end
+        it_behaves_like 'allowed user IDs are cached'
+      end
+    end
+    context 'when user is not a gitlab team member' do
+      it { is_expected.to be false }
+      context 'caching of allowed user IDs' do
+        before do
+          described_class.gitlab_com_group_member_id?(user&.id)
+        end
+        it_behaves_like 'allowed user IDs are cached'
+      end
+    end
+    context 'when user is nil' do
+      let(:user) { nil }
+      it { is_expected.to be false }
+    end
+    context 'when gitlab-com group does not exist' do
+      before do
+        allow(Group).to receive(:find_by_name).and_return(nil)
+      end
+      it { is_expected.to be false }
+    end
+    context 'when feature flag is turned off' do
+      before do
+        stub_feature_flags(gitlab_employee_badge: false)
+      end
+      it { is_expected.to be false }
+    end
+  end
+end
--- a/ee/spec/models/user_spec.rb
+++ b/ee/spec/models/user_spec.rb
@@ -1101,46 +1101,73 @@ describe User do
    subject { user.gitlab_employee? }
-    where(:email, :is_com, :expected_result) do
+    let_it_be(:gitlab_group) { create(:group, name: 'gitlab-com') }
-      'test@gitlab.com'   | true  | true
+    let_it_be(:random_group) { create(:group, name: 'random-group') }
-      'test@example.com'  | true  | false
-      'test@gitlab.com'   | false | false
-      'test@example.com'  | false | false
-    end
-    with_them do
-      let(:user) { build(:user, email: email) }
+    context 'based on group membership' do
      before do
        allow(Gitlab).to receive(:com?).and_return(is_com)
      end
-      it { is_expected.to be expected_result }
+      context 'when user belongs to gitlab-com group' do
-    end
+        where(:is_com, :expected_result) do
+          true  | true
+          false | false
+        end
-    context 'when email is of Gitlab and is not confirmed' do
+        with_them do
-      let(:user) { build(:user, email: 'test@gitlab.com', confirmed_at: nil) }
+          let(:user) { create(:user) }
-      it { is_expected.to be false }
+          before do
-    end
+            gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
+          end
+          it { is_expected.to be expected_result }
+        end
+      end
-    context 'when user is a bot' do
+      context 'when user does not belongs to gitlab-com group' do
-      let(:user) { build(:user, email: 'test@gitlab.com', user_type: :alert_bot) }
+        where(:is_com, :expected_result) do
+          true  | false
+          false | false
+        end
-      it { is_expected.to be false }
+        with_them do
+          let(:user) { create(:user) }
+          before do
+            random_group.add_user(user, Gitlab::Access::DEVELOPER)
+          end
+          it { is_expected.to be expected_result }
+        end
+      end
    end
-    context 'when user is ghost' do
+    context 'based on user type' do
-      let(:user) { build(:user, :ghost, email: 'test@gitlab.com') }
+      before do
+        gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
+      end
-      it { is_expected.to be false }
+      context 'when user is a bot' do
+        let(:user) { build(:user, user_type: :alert_bot) }
+        it { is_expected.to be false }
+      end
+      context 'when user is ghost' do
+        let(:user) { build(:user, :ghost) }
+        it { is_expected.to be false }
+      end
    end
    context 'when `:gitlab_employee_badge` feature flag is disabled' do
-      let(:user) { build(:user, email: 'test@gitlab.com') }
+      let(:user) { build(:user) }
      before do
        stub_feature_flags(gitlab_employee_badge: false)
+        gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
      end
      it { is_expected.to be false }

--- a/ee/spec/support/shared_contexts/gitlab_team_member_shared_context.rb
+++ b/ee/spec/support/shared_contexts/gitlab_team_member_shared_context.rb
+# frozen_string_literal: true
+shared_context 'gitlab team member' do
+  let_it_be(:namespace) { create(:group, name: 'gitlab-com') }
+  before do
+    namespace.add_developer(user)
+  end
+end
--- a/ee/spec/views/profiles/show.html.haml_spec.rb
+++ b/ee/spec/views/profiles/show.html.haml_spec.rb
@@ -4,6 +4,8 @@ require 'spec_helper'
 describe 'profiles/show' do
  context 'gitlab.com organization field' do
+    let(:user) { create(:user) }
    before do
      assign(:user, user)
      allow(controller).to receive(:current_user).and_return(user)
@@ -12,8 +14,8 @@ describe 'profiles/show' do
    end
    context 'when `:gitlab_employee_badge` feature flag is enabled' do
-      context 'and when user has an `@gitlab.com` email address' do
+      context 'and when user is a gitlab team member' do
-        let(:user) { create(:user, email: 'test@gitlab.com') }
+        include_context 'gitlab team member'
        it 'displays the organization field as `readonly` with a `value` of `GitLab`' do
          render
@@ -22,9 +24,7 @@ describe 'profiles/show' do
        end
      end
-      context 'and when a user does not have an `@gitlab.com` email' do
+      context 'and when a user is not a gitlab team member' do
-        let(:user) { create(:user, email: 'test@example.com') }
        it 'displays an editable organization field' do
          render
@@ -38,8 +38,8 @@ describe 'profiles/show' do
        stub_feature_flags(gitlab_employee_badge: false)
      end
-      context 'and when a user has an `@gitlab.com` email' do
+      context 'and when a user is a gitlab team member' do
-        let(:user) { create(:user, email: 'test@gitlab.com') }
+        include_context 'gitlab team member'
        it 'displays an editable organization field' do
          render

--- a/ee/spec/views/projects/issues/show.html.haml_spec.rb
+++ b/ee/spec/views/projects/issues/show.html.haml_spec.rb
@@ -6,7 +6,9 @@ describe 'projects/issues/show' do
  include_context 'project show action'
  context 'when issue is created by a GitLab team member' do
-    let(:user) { create(:user, email: 'test@gitlab.com') }
+    let(:user) { create(:user) }
+    include_context 'gitlab team member'
    before do
      allow(Gitlab).to receive(:com?).and_return(true)

--- a/ee/spec/views/projects/merge_requests/show.html.haml_spec.rb
+++ b/ee/spec/views/projects/merge_requests/show.html.haml_spec.rb
@@ -6,7 +6,9 @@ describe 'projects/merge_requests/show.html.haml' do
  include_context 'merge request show action'
  context 'when merge request is created by a GitLab team member' do
-    let(:user) { create(:user, email: 'test@gitlab.com') }
+    let(:user) { create(:user) }
+    include_context 'gitlab team member'
    before do
      allow(Gitlab).to receive(:com?).and_return(true)

--- a/spec/lib/gitlab/performance_bar_spec.rb
+++ b/spec/lib/gitlab/performance_bar_spec.rb
@@ -3,41 +3,6 @@
 require 'spec_helper'
 describe Gitlab::PerformanceBar do
-  shared_examples 'allowed user IDs are cached' do
-    before do
-      # Warm the caches
-      described_class.enabled_for_user?(user)
-    end
-    it 'caches the allowed user IDs in cache', :use_clean_rails_memory_store_caching do
-      expect do
-        expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
-        expect(described_class.l2_cache_backend).not_to receive(:fetch)
-        expect(described_class.enabled_for_user?(user)).to be_truthy
-      end.not_to exceed_query_limit(0)
-    end
-    it 'caches the allowed user IDs in L1 cache for 1 minute', :use_clean_rails_memory_store_caching do
-      Timecop.travel 2.minutes do
-        expect do
-          expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
-          expect(described_class.l2_cache_backend).to receive(:fetch).and_call_original
-          expect(described_class.enabled_for_user?(user)).to be_truthy
-        end.not_to exceed_query_limit(0)
-      end
-    end
-    it 'caches the allowed user IDs in L2 cache for 5 minutes', :use_clean_rails_memory_store_caching do
-      Timecop.travel 6.minutes do
-        expect do
-          expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
-          expect(described_class.l2_cache_backend).to receive(:fetch).and_call_original
-          expect(described_class.enabled_for_user?(user)).to be_truthy
-        end.not_to exceed_query_limit(2)
-      end
-    end
-  end
  it { expect(described_class.l1_cache_backend).to eq(Gitlab::ProcessMemoryCache.cache_backend) }
  it { expect(described_class.l2_cache_backend).to eq(Rails.cache) }
@@ -82,7 +47,16 @@ describe Gitlab::PerformanceBar do
          expect(described_class.enabled_for_user?(user)).to be_falsy
        end
-        it_behaves_like 'allowed user IDs are cached'
+        context 'caching of allowed user IDs' do
+          subject { described_class.enabled_for_user?(user) }
+          before do
+            # Warm the caches
+            described_class.enabled_for_user?(user)
+          end
+          it_behaves_like 'allowed user IDs are cached'
+        end
      end
      context 'when user is a member of the allowed group' do
@@ -94,7 +68,16 @@ describe Gitlab::PerformanceBar do
          expect(described_class.enabled_for_user?(user)).to be_truthy
        end
-        it_behaves_like 'allowed user IDs are cached'
+        context 'caching of allowed user IDs' do
+          subject { described_class.enabled_for_user?(user) }
+          before do
+            # Warm the caches
+            described_class.enabled_for_user?(user)
+          end
+          it_behaves_like 'allowed user IDs are cached'
+        end
      end
    end

--- a/spec/support/shared_contexts/cache_allowed_users_in_namespace_shared_context.rb
+++ b/spec/support/shared_contexts/cache_allowed_users_in_namespace_shared_context.rb
+# frozen_string_literal: true
+shared_examples 'allowed user IDs are cached' do
+  it 'caches the allowed user IDs in cache', :use_clean_rails_memory_store_caching do
+    expect do
+      expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
+      expect(described_class.l2_cache_backend).not_to receive(:fetch)
+      expect(subject).to be_truthy
+    end.not_to exceed_query_limit(0)
+  end
+  it 'caches the allowed user IDs in L1 cache for 1 minute', :use_clean_rails_memory_store_caching do
+    Timecop.travel 2.minutes do
+      expect do
+        expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
+        expect(described_class.l2_cache_backend).to receive(:fetch).and_call_original
+        expect(subject).to be_truthy
+      end.not_to exceed_query_limit(0)
+    end
+  end
+  it 'caches the allowed user IDs in L2 cache for 5 minutes', :use_clean_rails_memory_store_caching do
+    Timecop.travel 6.minutes do
+      expect do
+        expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
+        expect(described_class.l2_cache_backend).to receive(:fetch).and_call_original
+        expect(subject).to be_truthy
+      end.not_to exceed_query_limit(2)
+    end
+  end
+end