Rename to minimal access

From unassigned, in all related files fix Add cr remarks Start with new concept Update scope per maintainer recommendation

Rename to minimal access
From unassigned, in all related files fix Add cr remarks Start with new concept Update scope per maintainer recommendation
a4a823ab · Małgorzata Ksionek · Jan Provaznik · 5428e3ab · a4a823ab · a4a823ab
Commit a4a823ab authored Sep 04, 2020 by Małgorzata Ksionek Committed by Jan Provaznik Sep 10, 2020
22 changed files
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -83,7 +83,7 @@ class Admin::GroupsController < Admin::ApplicationController
  end
  def group_members
-    @group.members.non_unassigned
+    @group.members
  end
  def group_params

--- a/app/finders/group_members_finder.rb
+++ b/app/finders/group_members_finder.rb
@@ -19,7 +19,7 @@ class GroupMembersFinder < UnionFinder
  # rubocop: disable CodeReuse/ActiveRecord
  def execute(include_relations: [:inherited, :direct])
-    group_members = group.members.non_unassigned
+    group_members = group.members
    relations = []
    return group_members if include_relations == [:direct]
@@ -27,7 +27,7 @@ class GroupMembersFinder < UnionFinder
    relations << group_members if include_relations.include?(:direct)
    if include_relations.include?(:inherited) && group.parent
-      parents_members = GroupMember.non_request.non_unassigned
+      parents_members = GroupMember.non_request.non_minimal_access
        .where(source_id: group.ancestors.select(:id))
        .where.not(user_id: group.users.select(:id))
@@ -35,7 +35,7 @@ class GroupMembersFinder < UnionFinder
    end
    if include_relations.include?(:descendants)
-      descendant_members = GroupMember.non_request.non_unassigned
+      descendant_members = GroupMember.non_request.non_minimal_access
        .where(source_id: group.descendants.select(:id))
        .where.not(user_id: group.users.select(:id))

--- a/app/finders/members_finder.rb
+++ b/app/finders/members_finder.rb
@@ -63,7 +63,7 @@ class MembersFinder
  def direct_group_members(include_descendants)
    requested_relations = [:inherited, :direct]
    requested_relations << :descendants if include_descendants
-    GroupMembersFinder.new(group).execute(include_relations: requested_relations).non_invite.non_unassigned # rubocop: disable CodeReuse/Finder
+    GroupMembersFinder.new(group).execute(include_relations: requested_relations).non_invite.non_minimal_access # rubocop: disable CodeReuse/Finder
  end
  def project_invited_groups_members
@@ -73,7 +73,7 @@ class MembersFinder
      .public_or_visible_to_user(current_user)
      .select(:id)
-    GroupMember.with_source_id(invited_groups_ids_including_ancestors).non_unassigned
+    GroupMember.with_source_id(invited_groups_ids_including_ancestors).non_minimal_access
  end
  def distinct_union_of_members(union_members)

--- a/app/models/concerns/loaded_in_group_list.rb
+++ b/app/models/concerns/loaded_in_group_list.rb
@@ -54,7 +54,7 @@ module LoadedInGroupList
        .where(members[:source_type].eq(Namespace.name))
        .where(members[:source_id].eq(namespaces[:id]))
        .where(members[:requested_at].eq(nil))
-        .where(members[:access_level].gt(Gitlab::Access::UNASSIGNED))
+        .where(members[:access_level].gt(Gitlab::Access::MINIMAL_ACCESS))
    end
  end
@@ -71,7 +71,7 @@ module LoadedInGroupList
  end
  def member_count
-    @member_count ||= try(:preloaded_member_count) || full_access_members.count
+    @member_count ||= try(:preloaded_member_count) || members.count
  end
 end

--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -20,9 +20,9 @@ class Group < Namespace
  UpdateSharedRunnersError = Class.new(StandardError)
-  has_many :group_members, -> { where(requested_at: nil) }, dependent: :destroy, as: :source # rubocop:disable Cop/ActiveRecordDependent
+  has_many :all_group_members, -> { where(requested_at: nil) }, dependent: :destroy, as: :source, class_name: 'GroupMember' # rubocop:disable Cop/ActiveRecordDependent
+  has_many :group_members, -> { where(requested_at: nil).where.not(members: { access_level: Gitlab::Access::MINIMAL_ACCESS }) }, dependent: :destroy, as: :source # rubocop:disable Cop/ActiveRecordDependent
  alias_method :members, :group_members
-  has_many :full_access_members, -> { where(requested_at: nil).where.not(access_level: Gitlab::Access::UNASSIGNED) }, dependent: :destroy, as: :source, class_name: 'GroupMember' # rubocop:disable Cop/ActiveRecordDependent
  has_many :users, through: :group_members
  has_many :owners,
@@ -270,7 +270,7 @@ class Group < Namespace
    add_user(user, :owner, current_user: current_user)
  end
-  def member?(user, min_access_level = Gitlab::Access::UNASSIGNED)
+  def member?(user, min_access_level = Gitlab::Access::GUEST)
    return false unless user
    max_member_access_for_user(user) >= min_access_level
@@ -328,7 +328,7 @@ class Group < Namespace
  # rubocop: enable CodeReuse/ServiceClass
  def user_ids_for_project_authorizations
-    members_with_parents.non_unassigned.pluck(:user_id)
+    members_with_parents.pluck(:user_id)
  end
  def self_and_ancestors_ids
@@ -347,6 +347,7 @@ class Group < Namespace
      end
    group_hierarchy_members = GroupMember.active_without_invites_and_requests
+                                         .non_minimal_access
                                         .where(source_id: source_ids)
    GroupMember.from_union([group_hierarchy_members,
@@ -354,7 +355,7 @@ class Group < Namespace
  end
  def members_from_self_and_ancestors_with_effective_access_level
-    members_with_parents.non_unassigned.select([:user_id, 'MAX(access_level) AS access_level'])
+    members_with_parents.select([:user_id, 'MAX(access_level) AS access_level'])
                        .group(:user_id)
  end
@@ -398,7 +399,7 @@ class Group < Namespace
  end
  def users_count
-    members.non_unassigned.count
+    members.count
  end
  # Returns all users that are members of projects

--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -84,7 +84,7 @@ class Member < ApplicationRecord
  scope :developers, -> { active.where(access_level: DEVELOPER) }
  scope :maintainers, -> { active.where(access_level: MAINTAINER) }
  scope :non_guests, -> { where('members.access_level > ?', GUEST) }
-  scope :non_unassigned, -> { where('members.access_level > ?', UNASSIGNED) }
+  scope :non_minimal_access, -> { where('members.access_level > ?', MINIMAL_ACCESS) }
  scope :owners, -> { active.where(access_level: OWNER) }
  scope :owners_and_maintainers, -> { active.where(access_level: [OWNER, MAINTAINER]) }
  scope :with_user, -> (user) { where(user: user) }

--- a/ee/app/models/ee/group.rb
+++ b/ee/app/models/ee/group.rb
@@ -401,8 +401,17 @@ module EE
      root_ancestor.saml_provider&.prohibited_outer_forks?
    end
-    def unassigned_role_allowed?
+    def minimal_access_role_allowed?
-      feature_available?(:unassigned_role) && !has_parent?
+      feature_available?(:minimal_access_role) && !has_parent?
+    end
+    override :member?
+    def member?(user, min_access_level = minimal_member_access_level)
+      super
+    end
+    def minimal_member_access_level
+      minimal_access_role_allowed? ? ::Gitlab::Access::MINIMAL_ACCESS : ::Gitlab::Access::GUEST
    end
    private

--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -44,8 +44,8 @@ module EE
      has_many :approvals,                dependent: :destroy # rubocop: disable Cop/ActiveRecordDependent
      has_many :approvers,                dependent: :destroy # rubocop: disable Cop/ActiveRecordDependent
-      has_many :unassigned_group_members, -> { where(access_level: [Gitlab::Access::UNASSIGNED]) }, source: 'GroupMember', class_name: 'GroupMember'
+      has_many :minimal_access_group_members, -> { where(access_level: [Gitlab::Access::MINIMAL_ACCESS]) }, source: 'GroupMember', class_name: 'GroupMember'
-      has_many :unassigned_groups, through: :unassigned_group_members, source: :group
+      has_many :minimal_access_groups, through: :minimal_access_group_members, source: :group
      has_many :users_ops_dashboard_projects
      has_many :ops_dashboard_projects, through: :users_ops_dashboard_projects, source: :project

--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -108,7 +108,7 @@ class License < ApplicationRecord
    smartcard_auth
    group_timelogs
    type_of_work_analytics
-    unassigned_role
+    minimal_access_role
    unprotection_restrictions
    ci_project_subscriptions
  ]

--- a/ee/lib/ee/gitlab/access.rb
+++ b/ee/lib/ee/gitlab/access.rb
@@ -16,9 +16,9 @@ module EE
          @vulnerability_access_levels ||= options_with_owner.except('Guest')
        end
-        def options_with_unassigned
+        def options_with_minimal_access
          options_with_owner.merge(
-            "Unassigned" => ::Gitlab::Access::UNASSIGNED
+            "Minimal Access" => ::Gitlab::Access::MINIMAL_ACCESS
          )
        end
      end

--- a/ee/spec/models/group_spec.rb
+++ b/ee/spec/models/group_spec.rb
@@ -668,12 +668,12 @@ RSpec.describe Group do
    end
  end
-  describe '#unassigned_role_allowed?' do
+  describe '#minimal_access_role_allowed?' do
-    subject { group.unassigned_role_allowed? }
+    subject { group.minimal_access_role_allowed? }
    context 'licensed' do
      before do
-        stub_licensed_features(unassigned_role: true)
+        stub_licensed_features(minimal_access_role: true)
      end
      it 'returns true for licensed instance' do
@@ -681,13 +681,13 @@ RSpec.describe Group do
      end
      it 'returns false for subgroup in licensed instance' do
-        expect(create(:group, parent: group).unassigned_role_allowed?).to be false
+        expect(create(:group, parent: group).minimal_access_role_allowed?).to be false
      end
    end
    context 'unlicensed' do
      before do
-        stub_licensed_features(unassigned_role: false)
+        stub_licensed_features(minimal_access_role: false)
      end
      it 'returns false unlicensed instance' do
@@ -696,6 +696,43 @@ RSpec.describe Group do
    end
  end
+  describe '#member?' do
+    subject { group.member?(user) }
+    let(:group) { create(:group) }
+    let(:user) { create(:user) }
+    context 'with `minimal_access_role` not licensed' do
+      before do
+        stub_licensed_features(minimal_access_role: false)
+        create(:group_member, :minimal_access, user: user, group: group)
+      end
+      it { is_expected.to be_falsey }
+    end
+    context 'with `minimal_access_role` licensed' do
+      before do
+        stub_licensed_features(minimal_access_role: true)
+        create(:group_member, :minimal_access, user: user, group: group)
+      end
+      context 'when group is a subgroup' do
+        let(:group) { create(:group, parent: create(:group)) }
+        it { is_expected.to be_falsey }
+      end
+      context 'when group is a top-level group' do
+        it { is_expected.to be_truthy }
+        it 'accepts higher level as argument' do
+          expect(group.member?(user, ::Gitlab::Access::DEVELOPER)).to be_falsey
+        end
+      end
+    end
+  end
  describe '#saml_discovery_token' do
    it 'returns existing tokens' do
      group = create(:group, saml_discovery_token: 'existing')

--- a/lib/gitlab/access.rb
+++ b/lib/gitlab/access.rb
@@ -10,7 +10,7 @@ module Gitlab
    AccessDeniedError = Class.new(StandardError)
    NO_ACCESS      = 0
-    UNASSIGNED     = 5
+    MINIMAL_ACCESS = 5
    GUEST          = 10
    REPORTER       = 20
    DEVELOPER      = 30

--- a/lib/gitlab/project_authorizations.rb
+++ b/lib/gitlab/project_authorizations.rb
@@ -99,7 +99,7 @@ module Gitlab
        .and(members[:source_type].eq('Namespace'))
        .and(members[:requested_at].eq(nil))
        .and(members[:user_id].eq(user.id))
-        .and(members[:access_level].gt(Gitlab::Access::UNASSIGNED))
+        .and(members[:access_level].gt(Gitlab::Access::MINIMAL_ACCESS))
      Arel::Nodes::OuterJoin.new(members, Arel::Nodes::On.new(cond))
    end
@@ -120,7 +120,7 @@ module Gitlab
                    .and(members[:source_type].eq('Namespace'))
                    .and(members[:requested_at].eq(nil))
                    .and(members[:user_id].eq(user.id))
-                    .and(members[:access_level].gt(Gitlab::Access::UNASSIGNED))
+                    .and(members[:access_level].gt(Gitlab::Access::MINIMAL_ACCESS))
      Arel::Nodes::InnerJoin.new(members, Arel::Nodes::On.new(cond))
    end

--- a/spec/factories/group_members.rb
+++ b/spec/factories/group_members.rb
@@ -29,10 +29,10 @@ FactoryBot.define do
      after(:build) { |group_member, _| group_member.user.block! }
    end
-    trait :unassigned do
+    trait :minimal_access do
      to_create { |instance| instance.save!(validate: false) }
-      access_level { GroupMember::UNASSIGNED }
+      access_level { GroupMember::MINIMAL_ACCESS }
    end
  end
 end
--- a/spec/finders/group_members_finder_spec.rb
+++ b/spec/finders/group_members_finder_spec.rb
@@ -16,7 +16,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
    member1 = group.add_maintainer(user1)
    member2 = group.add_maintainer(user2)
    member3 = group.add_maintainer(user3)
-    create(:group_member, :unassigned, user: create(:user), group: group)
+    create(:group_member, :minimal_access, user: create(:user), group: group)
    result = described_class.new(group).execute

--- a/spec/finders/groups_finder_spec.rb
+++ b/spec/finders/groups_finder_spec.rb
@@ -107,8 +107,8 @@ RSpec.describe GroupsFinder do
          end
          context 'being limited access member of parent group' do
-            it 'do not return group with unassigned access' do
+            it 'do not return group with minimal_access access' do
-              create(:group_member, :unassigned, user: user, group: parent_group)
+              create(:group_member, :minimal_access, user: user, group: parent_group)
              is_expected.to contain_exactly(public_subgroup, internal_subgroup)
            end

--- a/spec/finders/members_finder_spec.rb
+++ b/spec/finders/members_finder_spec.rb
@@ -45,12 +45,12 @@ RSpec.describe MembersFinder, '#execute' do
    expect(result).to contain_exactly(member1)
  end
-  it 'does not return members of parent group with unassigned access' do
+  it 'does not return members of parent group with minimal access' do
    nested_group.request_access(user1)
    member1 = group.add_maintainer(user2)
    member2 = nested_group.add_maintainer(user3)
    member3 = project.add_maintainer(user4)
-    create(:group_member, :unassigned, user: create(:user), group: group)
+    create(:group_member, :minimal_access, user: create(:user), group: group)
    result = described_class.new(project, user2).execute

--- a/spec/lib/gitlab/project_authorizations_spec.rb
+++ b/spec/lib/gitlab/project_authorizations_spec.rb
@@ -115,7 +115,7 @@ RSpec.describe Gitlab::ProjectAuthorizations do
    end
  end
-  context 'user with unassigned access to group' do
+  context 'user with minimal access to group' do
    let_it_be(:group) { create(:group) }
    let_it_be(:user) { create(:user) }
@@ -125,7 +125,7 @@ RSpec.describe Gitlab::ProjectAuthorizations do
      let!(:group_project) { create(:project, namespace: group) }
      before do
-        create(:group_member, :unassigned, user: user, group: group)
+        create(:group_member, :minimal_access, user: user, group: group)
      end
      it 'does not create authorization' do
@@ -138,7 +138,7 @@ RSpec.describe Gitlab::ProjectAuthorizations do
      let!(:sub_group_project) { create(:project, namespace: sub_group) }
      before do
-        create(:group_member, :unassigned, user: user, group: group)
+        create(:group_member, :minimal_access, user: user, group: group)
      end
      it 'does not create authorization' do
@@ -152,7 +152,7 @@ RSpec.describe Gitlab::ProjectAuthorizations do
      before do
        create(:group_group_link, shared_group: shared_group, shared_with_group: group)
-        create(:group_member, :unassigned, user: user, group: group)
+        create(:group_member, :minimal_access, user: user, group: group)
      end
      it 'does not create authorization' do
@@ -166,7 +166,7 @@ RSpec.describe Gitlab::ProjectAuthorizations do
      before do
        create(:project_group_link, group: group, project: shared_project)
-        create(:group_member, :unassigned, user: user, group: group)
+        create(:group_member, :minimal_access, user: user, group: group)
      end
      it 'does not create authorization' do

--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -692,7 +692,7 @@ RSpec.describe Group do
    before do
      create(:group_member, user: user, group: group_parent, access_level: parent_group_access_level)
      create(:group_member, user: user, group: group, access_level: group_access_level)
-      create(:group_member, :unassigned, user: create(:user), group: group)
+      create(:group_member, :minimal_access, user: create(:user), group: group)
      create(:group_member, user: user, group: group_child, access_level: child_group_access_level)
    end

--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@@ -149,7 +149,7 @@ RSpec.describe Member do
      accepted_request_user = create(:user).tap { |u| project.request_access(u) }
      @accepted_request_member = project.requesters.find_by(user_id: accepted_request_user.id).tap { |m| m.accept_request }
-      @member_unassigned = create(:group_member, :unassigned, group: group)
+      @member_with_minimal_access = create(:group_member, :minimal_access, group: group)
    end
    describe '.access_for_user_ids' do
@@ -180,13 +180,13 @@ RSpec.describe Member do
      it { expect(described_class.non_invite).to include @accepted_request_member }
    end
-    describe '.non_unassigned' do
+    describe '.non_minimal_access' do
-      it { expect(described_class.non_unassigned).to include @maintainer }
+      it { expect(described_class.non_minimal_access).to include @maintainer }
-      it { expect(described_class.non_unassigned).to include @invited_member }
+      it { expect(described_class.non_minimal_access).to include @invited_member }
-      it { expect(described_class.non_unassigned).to include @accepted_invite_member }
+      it { expect(described_class.non_minimal_access).to include @accepted_invite_member }
-      it { expect(described_class.non_unassigned).to include @requested_member }
+      it { expect(described_class.non_minimal_access).to include @requested_member }
-      it { expect(described_class.non_unassigned).to include @accepted_request_member }
+      it { expect(described_class.non_minimal_access).to include @accepted_request_member }
-      it { expect(described_class.non_unassigned).not_to include @member_unassigned }
+      it { expect(described_class.non_minimal_access).not_to include @member_with_minimal_access }
    end
    describe '.request' do

--- a/spec/services/authorized_project_update/project_create_service_spec.rb
+++ b/spec/services/authorized_project_update/project_create_service_spec.rb
@@ -81,7 +81,7 @@ RSpec.describe AuthorizedProjectUpdate::ProjectCreateService do
        before do
          create(:group_member, access_level: Gitlab::Access::REPORTER, group: group, user: group_user)
          create(:group_member, access_level: Gitlab::Access::MAINTAINER, group: shared_with_group, user: group_user)
-          create(:group_member, :unassigned, group: shared_with_group, user: create(:user))
+          create(:group_member, :minimal_access, group: shared_with_group, user: create(:user))
          create(:group_group_link, shared_group: group, shared_with_group: shared_with_group, group_access: Gitlab::Access::DEVELOPER)
@@ -99,7 +99,7 @@ RSpec.describe AuthorizedProjectUpdate::ProjectCreateService do
          expect(project_authorization).to exist
        end
-        it 'does not create project authorization for user with limited access' do
+        it 'does not create project authorization for user with minimal access' do
          expect { service.execute }.to(
            change { ProjectAuthorization.count }.from(0).to(1))
        end
@@ -124,9 +124,9 @@ RSpec.describe AuthorizedProjectUpdate::ProjectCreateService do
      end
    end
-    context 'member with unassigned access' do
+    context 'member with minimal access' do
      before do
-        create(:group_member, :unassigned, user: group_user, group: group)
+        create(:group_member, :minimal_access, user: group_user, group: group)
      end
      it 'does not create project authorization' do

--- a/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
+++ b/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
@@ -112,9 +112,9 @@ RSpec.describe AuthorizedProjectUpdate::ProjectGroupLinkCreateService do
      end
    end
-    context 'unassigned member' do
+    context 'minimal access member' do
      before do
-        create(:group_member, :unassigned, user: group_user, group: group)
+        create(:group_member, :minimal_access, user: group_user, group: group)
      end
      it 'does not create project authorization' do