Commit 714c60ec authored by peterhegman's avatar peterhegman

Remove LDAP "Edit Permissions" button for inherited group members

LDAP override is not supported for inherited group members
parent 0aa819ac
...@@ -2,6 +2,7 @@ import { __ } from '~/locale'; ...@@ -2,6 +2,7 @@ import { __ } from '~/locale';
import { import {
generateBadges as CEGenerateBadges, generateBadges as CEGenerateBadges,
parseDataAttributes as CEParseDataAttributes, parseDataAttributes as CEParseDataAttributes,
isDirectMember,
} from '~/members/utils'; } from '~/members/utils';
export { export {
...@@ -37,7 +38,7 @@ export const generateBadges = (member, isCurrentUser) => [ ...@@ -37,7 +38,7 @@ export const generateBadges = (member, isCurrentUser) => [
}, },
]; ];
export const canOverride = (member) => member.canOverride; export const canOverride = (member) => member.canOverride && isDirectMember(member);
export const parseDataAttributes = (el) => { export const parseDataAttributes = (el) => {
const { ldapOverridePath } = el.dataset; const { ldapOverridePath } = el.dataset;
......
---
title: Remove LDAP "Edit Permissions" button for inherited group members
merge_request: 52847
author:
type: fixed
...@@ -10,6 +10,7 @@ RSpec.describe 'Groups > Members > Maintainer/Owner can override LDAP access lev ...@@ -10,6 +10,7 @@ RSpec.describe 'Groups > Members > Maintainer/Owner can override LDAP access lev
let(:maryjane) { create(:user, name: 'Mary Jane') } let(:maryjane) { create(:user, name: 'Mary Jane') }
let(:owner) { create(:user) } let(:owner) { create(:user) }
let(:group) { create(:group_with_ldap_group_link, :public) } let(:group) { create(:group_with_ldap_group_link, :public) }
let(:subgroup) { create(:group, :public, parent: group) }
let(:project) { create(:project, namespace: group) } let(:project) { create(:project, namespace: group) }
let!(:owner_member) { create(:group_member, :owner, group: group, user: owner) } let!(:owner_member) { create(:group_member, :owner, group: group, user: owner) }
...@@ -23,12 +24,18 @@ RSpec.describe 'Groups > Members > Maintainer/Owner can override LDAP access lev ...@@ -23,12 +24,18 @@ RSpec.describe 'Groups > Members > Maintainer/Owner can override LDAP access lev
sign_in(owner) sign_in(owner)
end end
it 'override not available on project members page', :js do it 'does not allow override on project members page', :js do
visit namespace_project_project_members_path(group, project) visit namespace_project_project_members_path(group, project)
expect(page).not_to have_button 'Edit permissions' expect(page).not_to have_button 'Edit permissions'
end end
it 'does not allow override of inherited group members', :js do
visit group_group_members_path(subgroup)
expect(page).not_to have_button 'Edit permissions'
end
it 'owner cannot override LDAP access level', :js do it 'owner cannot override LDAP access level', :js do
stub_application_setting(allow_group_owners_to_manage_ldap: false) stub_application_setting(allow_group_owners_to_manage_ldap: false)
......
import { mount, createLocalVue } from '@vue/test-utils'; import { mount, createLocalVue } from '@vue/test-utils';
import Vuex from 'vuex'; import Vuex from 'vuex';
import { member as memberMock } from 'jest/members/mock_data'; import { member as memberMock, directMember } from 'jest/members/mock_data';
import MembersTableCell from 'ee/members/components/table/members_table_cell.vue'; import MembersTableCell from 'ee/members/components/table/members_table_cell.vue';
describe('MemberTableCell', () => { describe('MemberTableCell', () => {
...@@ -80,7 +80,7 @@ describe('MemberTableCell', () => { ...@@ -80,7 +80,7 @@ describe('MemberTableCell', () => {
describe('canOverride', () => { describe('canOverride', () => {
it('returns `true` when `canOverride` is `true`', () => { it('returns `true` when `canOverride` is `true`', () => {
createComponent({ createComponent({
member: { ...memberMock, canOverride: true }, member: { ...directMember, canOverride: true },
}); });
expect(findWrappedComponent().props('permissions').canOverride).toBe(true); expect(findWrappedComponent().props('permissions').canOverride).toBe(true);
...@@ -88,7 +88,7 @@ describe('MemberTableCell', () => { ...@@ -88,7 +88,7 @@ describe('MemberTableCell', () => {
it('returns `false` when `canOverride` is `false`', () => { it('returns `false` when `canOverride` is `false`', () => {
createComponent({ createComponent({
member: { ...memberMock, canOverride: false }, member: { ...directMember, canOverride: false },
}); });
expect(findWrappedComponent().props('permissions').canOverride).toBe(false); expect(findWrappedComponent().props('permissions').canOverride).toBe(false);
......
import { within } from '@testing-library/dom'; import { within } from '@testing-library/dom';
import { mount, createLocalVue, createWrapper } from '@vue/test-utils'; import { mount, createLocalVue, createWrapper } from '@vue/test-utils';
import Vuex from 'vuex'; import Vuex from 'vuex';
import { member as memberMock, members } from 'jest/members/mock_data'; import { member as memberMock, directMember, members } from 'jest/members/mock_data';
import MembersTable from '~/members/components/table/members_table.vue'; import MembersTable from '~/members/components/table/members_table.vue';
const localVue = createLocalVue(); const localVue = createLocalVue();
...@@ -58,8 +58,7 @@ describe('MemberList', () => { ...@@ -58,8 +58,7 @@ describe('MemberList', () => {
describe('fields', () => { describe('fields', () => {
describe('"Actions" field', () => { describe('"Actions" field', () => {
const memberCanOverride = { const memberCanOverride = {
...memberMock, ...directMember,
source: { ...memberMock.source, id: 1 },
canOverride: true, canOverride: true,
}; };
......
import { member as memberMock, membersJsonString, members } from 'jest/members/mock_data'; import {
member as memberMock,
directMember,
inheritedMember,
membersJsonString,
members,
} from 'jest/members/mock_data';
import { generateBadges, canOverride, parseDataAttributes } from 'ee/members/utils'; import { generateBadges, canOverride, parseDataAttributes } from 'ee/members/utils';
describe('Members Utils', () => { describe('Members Utils', () => {
...@@ -31,8 +37,10 @@ describe('Members Utils', () => { ...@@ -31,8 +37,10 @@ describe('Members Utils', () => {
describe('canOverride', () => { describe('canOverride', () => {
test.each` test.each`
member | expected member | expected
${{ ...memberMock, canOverride: true }} | ${true} ${{ ...directMember, canOverride: true }} | ${true}
${memberMock} | ${false} ${{ ...inheritedMember, canOverride: true }} | ${false}
${{ ...directMember, canOverride: false }} | ${false}
${{ ...inheritedMember, canOverride: false }} | ${false}
`('returns $expected', ({ member, expected }) => { `('returns $expected', ({ member, expected }) => {
expect(canOverride(member)).toBe(expected); expect(canOverride(member)).toBe(expected);
}); });
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment