Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b695ed10
Commit
b695ed10
authored
Feb 16, 2022
by
Jason Goodman
Committed by
Imre Farkas
Feb 16, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Handle pending project memberships
Restrict authorizable scope to only active memberships
parent
0f7bf7f0
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
137 additions
and
0 deletions
+137
-0
app/models/member.rb
app/models/member.rb
+1
-0
ee/spec/features/pending_project_memberships_spec.rb
ee/spec/features/pending_project_memberships_spec.rb
+80
-0
ee/spec/models/project_member_spec.rb
ee/spec/models/project_member_spec.rb
+30
-0
spec/models/member_spec.rb
spec/models/member_spec.rb
+2
-0
spec/requests/api/internal/base_spec.rb
spec/requests/api/internal/base_spec.rb
+24
-0
No files found.
app/models/member.rb
View file @
b695ed10
...
...
@@ -117,6 +117,7 @@ class Member < ApplicationRecord
# to projects/groups.
scope
:authorizable
,
->
do
connected_to_user
.
active_state
.
non_request
.
non_minimal_access
end
...
...
ee/spec/features/pending_project_memberships_spec.rb
0 → 100644
View file @
b695ed10
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
'Pending project memberships'
,
:js
do
let_it_be
(
:developer
)
{
create
(
:user
)
}
before
do
sign_in
(
developer
)
end
context
'with a private project in a private group'
do
let_it_be
(
:group
)
{
create
(
:group
,
:private
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:private
,
namespace:
group
)
}
let_it_be
(
:membership
)
{
create
(
:project_member
,
:awaiting
,
:developer
,
source:
project
,
user:
developer
)
}
it
'a pending project member gets a 404 for a private project'
do
visit
project_path
(
project
)
expect
(
page
).
to
have_content
"Page Not Found"
end
it
"a pending project member gets a 404 for the project's private group"
do
visit
group_path
(
group
)
expect
(
page
).
to
have_content
"Page Not Found"
end
it
"a project member can see the project's private group once the membership transitions to active"
do
membership
.
activate!
visit
group_path
(
group
)
expect
(
page
).
to
have_content
group
.
name
expect
(
page
).
to
have_content
"Group ID:
#{
group
.
id
}
"
expect
(
page
).
to
have_content
project
.
name
end
end
context
'with a public project in a public group'
do
let_it_be
(
:group
)
{
create
(
:group
,
:public
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
namespace:
group
)
}
before_all
do
create
(
:project_member
,
:awaiting
,
:developer
,
source:
project
,
user:
developer
)
end
it
'a pending project member sees a public project as if not a member'
do
visit
project_path
(
project
)
expect
(
page
).
to
have_content
"Project information"
expect
(
page
).
not_to
have_content
"Security & Compliance"
expect
(
page
).
not_to
have_content
"Infrastructure"
end
it
"a pending project member sees the project's public group as if not a member"
do
visit
group_path
(
group
)
expect
(
page
).
to
have_content
"Group ID:
#{
group
.
id
}
"
expect
(
page
).
not_to
have_content
"New project"
expect
(
page
).
not_to
have_content
"Recent activity"
end
end
context
'with a subgroup project'
do
let_it_be
(
:group
)
{
create
(
:group
,
:private
)
}
let_it_be
(
:subgroup
)
{
create
(
:group
,
:private
,
parent:
group
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:private
,
namespace:
subgroup
)
}
before_all
do
create
(
:project_member
,
:awaiting
,
:developer
,
source:
project
,
user:
developer
)
end
it
'a pending project member sees the root group as if not a member'
do
visit
group_path
(
group
)
expect
(
page
).
to
have_content
"Page Not Found"
end
end
end
ee/spec/models/project_member_spec.rb
View file @
b695ed10
...
...
@@ -75,6 +75,36 @@ RSpec.describe ProjectMember do
it
{
is_expected
.
to
eq
(
false
)
}
end
describe
'#state'
do
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:project
)
{
create
(
:project
,
group:
group
)
}
let!
(
:user
)
{
create
(
:user
)
}
describe
'#activate!'
do
it
"refreshes the user's authorized projects"
do
membership
=
create
(
:project_member
,
:awaiting
,
source:
project
,
user:
user
)
expect
(
user
.
authorized_projects
).
not_to
include
(
project
)
membership
.
activate!
expect
(
user
.
authorized_projects
.
reload
).
to
include
(
project
)
end
end
describe
'#wait!'
do
it
"refreshes the user's authorized projects"
do
membership
=
create
(
:project_member
,
source:
project
,
user:
user
)
expect
(
user
.
authorized_projects
).
to
include
(
project
)
membership
.
wait!
expect
(
user
.
authorized_projects
.
reload
).
not_to
include
(
project
)
end
end
end
describe
'delete protected environment acceses cascadingly'
do
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:user
)
{
create
(
:user
)
}
...
...
spec/models/member_spec.rb
View file @
b695ed10
...
...
@@ -513,6 +513,8 @@ RSpec.describe Member do
it
{
is_expected
.
not_to
include
@invited_member
}
it
{
is_expected
.
not_to
include
@requested_member
}
it
{
is_expected
.
not_to
include
@member_with_minimal_access
}
it
{
is_expected
.
not_to
include
awaiting_group_member
}
it
{
is_expected
.
not_to
include
awaiting_project_member
}
end
describe
'.distinct_on_user_with_max_access_level'
do
...
...
spec/requests/api/internal/base_spec.rb
View file @
b695ed10
...
...
@@ -748,6 +748,30 @@ RSpec.describe API::Internal::Base do
end
end
context
'with a pending membership'
do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
before_all
do
create
(
:project_member
,
:awaiting
,
:developer
,
source:
project
,
user:
user
)
end
it
'returns not found for git pull'
do
pull
(
key
,
project
)
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
expect
(
json_response
[
"status"
]).
to
be_falsey
expect
(
user
.
reload
.
last_activity_on
).
to
be_nil
end
it
'returns not found for git push'
do
push
(
key
,
project
)
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
expect
(
json_response
[
"status"
]).
to
be_falsey
expect
(
user
.
reload
.
last_activity_on
).
to
be_nil
end
end
context
"custom action"
do
let
(
:access_checker
)
{
double
(
Gitlab
::
GitAccess
)
}
let
(
:payload
)
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment