Commit 7eca8567 authored by Jason Goodman's avatar Jason Goodman Committed by Imre Farkas

Handle permissions for group sharing with pending memberships

Treat pending members of invited groups as if they are not members
parent 553e0207
......@@ -882,6 +882,7 @@ class Group < Namespace
.where(group_member_table[:requested_at].eq(nil))
.where(group_member_table[:source_id].eq(group_group_link_table[:shared_with_group_id]))
.where(group_member_table[:source_type].eq('Namespace'))
.where(group_member_table[:state].eq(::Member::STATE_ACTIVE))
.non_minimal_access
end
......
......@@ -124,6 +124,23 @@ RSpec.describe 'Pending group memberships', :js do
create(:group_group_link, shared_group: other_group, shared_with_group: group)
end
it 'a pending member of the invited group sees the shared group as if not a member' do
create(:group_member, :awaiting, :developer, source: group, user: developer)
visit group_path(other_group)
expect(page).to have_content 'Page Not Found'
end
it 'a pending member of the invited group sees the shared group as if not a member when the shared group has a project' do
create(:project, namespace: other_group)
create(:group_member, :awaiting, :developer, source: group, user: developer)
visit group_path(other_group)
expect(page).to have_content 'Page Not Found'
end
it 'a pending member of the invited group sees a project in the shared group as if not a member' do
project = create(:project, namespace: other_group)
create(:group_member, :awaiting, :developer, source: group, user: developer)
......
......@@ -1861,6 +1861,31 @@ RSpec.describe GroupPolicy do
end
end
context 'with a group invited to another group' do
using RSpec::Parameterized::TableSyntax
let_it_be(:group) { create(:group, :public) }
let_it_be(:other_group) { create(:group, :private) }
subject { described_class.new(user, other_group) }
before_all do
create(:group_group_link, { shared_with_group: group, shared_group: other_group })
end
where(:role) do
%i(owner maintainer developer reporter guest)
end
with_them do
it 'a pending member in the group has permissions to the other group as if the user is not a member' do
create(:group_member, :awaiting, role, source: group, user: user)
expect_private_group_permissions_as_if_non_member
end
end
end
def expect_private_group_permissions_as_if_non_member
expect_disallowed(*public_permissions)
expect_disallowed(*guest_permissions)
......
......@@ -1327,10 +1327,14 @@ RSpec.describe Group do
let!(:group) { create(:group, :nested) }
let!(:maintainer) { group.parent.add_user(create(:user), GroupMember::MAINTAINER) }
let!(:developer) { group.add_user(create(:user), GroupMember::DEVELOPER) }
let!(:pending_maintainer) { create(:group_member, :awaiting, :maintainer, group: group.parent) }
let!(:pending_developer) { create(:group_member, :awaiting, :developer, group: group) }
it 'returns parents members' do
it 'returns parents active members' do
expect(group.members_with_parents).to include(developer)
expect(group.members_with_parents).to include(maintainer)
expect(group.members_with_parents).not_to include(pending_developer)
expect(group.members_with_parents).not_to include(pending_maintainer)
end
context 'group sharing' do
......@@ -1340,9 +1344,11 @@ RSpec.describe Group do
create(:group_group_link, shared_group: shared_group, shared_with_group: group)
end
it 'returns shared with group members' do
it 'returns shared with group active members' do
expect(shared_group.members_with_parents).to(
include(developer))
expect(shared_group.members_with_parents).not_to(
include(pending_developer))
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment