Commit 51038dff authored by Imre Farkas's avatar Imre Farkas

Merge branch 'pending-group-member-access-part4' into 'master'

Handle Permissions for Group Sharing with Pending Memberships

See merge request gitlab-org/gitlab!80679
parents a3a124db 7eca8567
...@@ -882,6 +882,7 @@ class Group < Namespace ...@@ -882,6 +882,7 @@ class Group < Namespace
.where(group_member_table[:requested_at].eq(nil)) .where(group_member_table[:requested_at].eq(nil))
.where(group_member_table[:source_id].eq(group_group_link_table[:shared_with_group_id])) .where(group_member_table[:source_id].eq(group_group_link_table[:shared_with_group_id]))
.where(group_member_table[:source_type].eq('Namespace')) .where(group_member_table[:source_type].eq('Namespace'))
.where(group_member_table[:state].eq(::Member::STATE_ACTIVE))
.non_minimal_access .non_minimal_access
end end
......
...@@ -124,6 +124,23 @@ RSpec.describe 'Pending group memberships', :js do ...@@ -124,6 +124,23 @@ RSpec.describe 'Pending group memberships', :js do
create(:group_group_link, shared_group: other_group, shared_with_group: group) create(:group_group_link, shared_group: other_group, shared_with_group: group)
end end
it 'a pending member of the invited group sees the shared group as if not a member' do
create(:group_member, :awaiting, :developer, source: group, user: developer)
visit group_path(other_group)
expect(page).to have_content 'Page Not Found'
end
it 'a pending member of the invited group sees the shared group as if not a member when the shared group has a project' do
create(:project, namespace: other_group)
create(:group_member, :awaiting, :developer, source: group, user: developer)
visit group_path(other_group)
expect(page).to have_content 'Page Not Found'
end
it 'a pending member of the invited group sees a project in the shared group as if not a member' do it 'a pending member of the invited group sees a project in the shared group as if not a member' do
project = create(:project, namespace: other_group) project = create(:project, namespace: other_group)
create(:group_member, :awaiting, :developer, source: group, user: developer) create(:group_member, :awaiting, :developer, source: group, user: developer)
......
...@@ -1861,6 +1861,31 @@ RSpec.describe GroupPolicy do ...@@ -1861,6 +1861,31 @@ RSpec.describe GroupPolicy do
end end
end end
context 'with a group invited to another group' do
using RSpec::Parameterized::TableSyntax
let_it_be(:group) { create(:group, :public) }
let_it_be(:other_group) { create(:group, :private) }
subject { described_class.new(user, other_group) }
before_all do
create(:group_group_link, { shared_with_group: group, shared_group: other_group })
end
where(:role) do
%i(owner maintainer developer reporter guest)
end
with_them do
it 'a pending member in the group has permissions to the other group as if the user is not a member' do
create(:group_member, :awaiting, role, source: group, user: user)
expect_private_group_permissions_as_if_non_member
end
end
end
def expect_private_group_permissions_as_if_non_member def expect_private_group_permissions_as_if_non_member
expect_disallowed(*public_permissions) expect_disallowed(*public_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
......
...@@ -1327,10 +1327,14 @@ RSpec.describe Group do ...@@ -1327,10 +1327,14 @@ RSpec.describe Group do
let!(:group) { create(:group, :nested) } let!(:group) { create(:group, :nested) }
let!(:maintainer) { group.parent.add_user(create(:user), GroupMember::MAINTAINER) } let!(:maintainer) { group.parent.add_user(create(:user), GroupMember::MAINTAINER) }
let!(:developer) { group.add_user(create(:user), GroupMember::DEVELOPER) } let!(:developer) { group.add_user(create(:user), GroupMember::DEVELOPER) }
let!(:pending_maintainer) { create(:group_member, :awaiting, :maintainer, group: group.parent) }
let!(:pending_developer) { create(:group_member, :awaiting, :developer, group: group) }
it 'returns parents members' do it 'returns parents active members' do
expect(group.members_with_parents).to include(developer) expect(group.members_with_parents).to include(developer)
expect(group.members_with_parents).to include(maintainer) expect(group.members_with_parents).to include(maintainer)
expect(group.members_with_parents).not_to include(pending_developer)
expect(group.members_with_parents).not_to include(pending_maintainer)
end end
context 'group sharing' do context 'group sharing' do
...@@ -1340,9 +1344,11 @@ RSpec.describe Group do ...@@ -1340,9 +1344,11 @@ RSpec.describe Group do
create(:group_group_link, shared_group: shared_group, shared_with_group: group) create(:group_group_link, shared_group: shared_group, shared_with_group: group)
end end
it 'returns shared with group members' do it 'returns shared with group active members' do
expect(shared_group.members_with_parents).to( expect(shared_group.members_with_parents).to(
include(developer)) include(developer))
expect(shared_group.members_with_parents).not_to(
include(pending_developer))
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment