Commit c35277ca authored by Sean Arnold's avatar Sean Arnold

Allow project members who are owners permissions

Changelog: fixed
parent e3a22f2d
...@@ -8,7 +8,11 @@ class ProjectMemberPolicy < BasePolicy ...@@ -8,7 +8,11 @@ class ProjectMemberPolicy < BasePolicy
condition(:project_bot) { @subject.user&.project_bot? } condition(:project_bot) { @subject.user&.project_bot? }
rule { anonymous }.prevent_all rule { anonymous }.prevent_all
rule { target_is_owner }.prevent_all
rule { target_is_owner }.policy do
prevent :update_project_member
prevent :destroy_project_member
end
rule { ~project_bot & can?(:admin_project_member) }.policy do rule { ~project_bot & can?(:admin_project_member) }.policy do
enable :update_project_member enable :update_project_member
......
---
title: Fix restrictive permissions for ProjectMembers who are owners
merge_request: 59844
author:
type: fixed
...@@ -16,12 +16,22 @@ RSpec.describe ProjectMemberPolicy do ...@@ -16,12 +16,22 @@ RSpec.describe ProjectMemberPolicy do
context 'with regular member' do context 'with regular member' do
let(:member_user) { create(:user) } let(:member_user) { create(:user) }
it { is_expected.to be_allowed(:read_project) }
it { is_expected.to be_allowed(:update_project_member) } it { is_expected.to be_allowed(:update_project_member) }
it { is_expected.to be_allowed(:destroy_project_member) } it { is_expected.to be_allowed(:destroy_project_member) }
it { is_expected.not_to be_allowed(:destroy_project_bot_member) } it { is_expected.not_to be_allowed(:destroy_project_bot_member) }
end end
context 'when user is project owner' do
let(:member_user) { project.owner }
let(:member) { project.members.find_by!(user: member_user) }
it { is_expected.to be_allowed(:read_project) }
it { is_expected.to be_disallowed(:update_project_member) }
it { is_expected.to be_disallowed(:destroy_project_member) }
end
context 'with a bot member' do context 'with a bot member' do
let(:member_user) { create(:user, :project_bot) } let(:member_user) { create(:user, :project_bot) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment