Allow Owner access level for sharing groups with groups

Only project level permissions were allowed for GroupGroupLink#group_access but as OWNER level is available for group membership, GroupGroupLinks should also allow that.

Allow Owner access level for sharing groups with groups
Only project level permissions were allowed for GroupGroupLink#group_access but as OWNER level is available for group membership, GroupGroupLinks should also allow that.
75ed9e7e · Imre Farkas · b88f2bec · 75ed9e7e · 75ed9e7e · 75ed9e7e
Commit 75ed9e7e authored Jan 28, 2020 by Imre Farkas
4 changed files
--- a/app/models/group_group_link.rb
+++ b/app/models/group_group_link.rb
@@ -10,11 +10,11 @@ class GroupGroupLink < ApplicationRecord
  validates :shared_group_id, uniqueness: { scope: [:shared_with_group_id],
                                            message: _('The group has already been shared with this group') }
  validates :shared_with_group, presence: true
-  validates :group_access, inclusion: { in: Gitlab::Access.values },
+  validates :group_access, inclusion: { in: Gitlab::Access.all_values },
                           presence: true

  def self.access_options
-    Gitlab::Access.options
+    Gitlab::Access.options_with_owner
  end

  def self.default_access

--- a/app/views/shared/members/_group.html.haml
+++ b/app/views/shared/members/_group.html.haml
@@ -31,7 +31,7 @@
          = dropdown_title(_("Change permissions"))
          .dropdown-content
            %ul
-              - Gitlab::Access.options.each do |role, role_id|
+              - Gitlab::Access.options_with_owner.each do |role, role_id|
                %li
                  = link_to role, '#',
                    class: ("is-active" if group_link.group_access == role_id),

--- a/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml
+++ b/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml
+---
+title: Allow Owner access level for sharing groups with groups
+merge_request: 23868
+author:
+type: fixed
--- a/spec/controllers/groups/group_links_controller_spec.rb
+++ b/spec/controllers/groups/group_links_controller_spec.rb
@@ -13,12 +13,30 @@ describe Groups::GroupLinksController do

  describe '#create' do
    let(:shared_with_group_id) { shared_with_group.id }
+    let(:shared_group_access) { GroupGroupLink.default_access }

    subject do
      post(:create,
           params: { group_id: shared_group,
                     shared_with_group_id: shared_with_group_id,
-                     shared_group_access: GroupGroupLink.default_access })
+                     shared_group_access: shared_group_access })
+    end
+
+    shared_examples 'creates group group link' do
+      it 'links group with selected group' do
+        expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
+      end
+
+      it 'redirects to group links page' do
+        subject
+
+        expect(response).to(redirect_to(group_group_members_path(shared_group)))
+      end
+
+      it 'allows access for group member' do
+        expect { subject }.to(
+          change { group_member.can?(:read_group, shared_group) }.from(false).to(true))
+      end
    end

    context 'when user has correct access to both groups' do
@@ -31,18 +49,19 @@ describe Groups::GroupLinksController do
        shared_with_group.add_developer(group_member)
      end

-      it 'links group with selected group' do
-        expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
+      context 'when default access level is requested' do
+        include_examples 'creates group group link'
      end

-      it 'redirects to group links page' do
-        subject
+      context 'when owner access is requested' do
+        let(:shared_group_access) { Gitlab::Access::OWNER }

-        expect(response).to(redirect_to(group_group_members_path(shared_group)))
-      end
+        include_examples 'creates group group link'

-      it 'allows access for group member' do
-        expect { subject }.to change { group_member.can?(:read_group, shared_group) }.from(false).to(true)
+        it 'allows admin access for group member' do
+          expect { subject }.to(
+            change { group_member.can?(:admin_group, shared_group) }.from(false).to(true))
+        end
      end

      context 'when shared with group id is not present' do