Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d9a2814f
Commit
d9a2814f
authored
2 years ago
by
Manoj M J
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add ability to filter by Enterprise users
Add ability to filter by Enterprise users EE: true
parent
0578cc5c
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
206 additions
and
17 deletions
+206
-17
app/finders/group_members_finder.rb
app/finders/group_members_finder.rb
+7
-0
app/models/application_record.rb
app/models/application_record.rb
+4
-0
ee/app/controllers/ee/groups/group_members_controller.rb
ee/app/controllers/ee/groups/group_members_controller.rb
+5
-0
ee/app/finders/ee/group_members_finder.rb
ee/app/finders/ee/group_members_finder.rb
+22
-0
ee/app/helpers/ee/groups/group_members_helper.rb
ee/app/helpers/ee/groups/group_members_helper.rb
+2
-1
ee/app/models/ee/group_member.rb
ee/app/models/ee/group_member.rb
+14
-0
ee/spec/finders/ee/group_members_finder_spec.rb
ee/spec/finders/ee/group_members_finder_spec.rb
+116
-16
ee/spec/helpers/ee/groups/group_members_helper_spec.rb
ee/spec/helpers/ee/groups/group_members_helper_spec.rb
+5
-0
ee/spec/models/group_member_spec.rb
ee/spec/models/group_member_spec.rb
+19
-0
spec/models/application_record_spec.rb
spec/models/application_record_spec.rb
+12
-0
No files found.
app/finders/group_members_finder.rb
View file @
d9a2814f
...
...
@@ -60,6 +60,8 @@ class GroupMembersFinder < UnionFinder
members
=
members
.
filter_by_2fa
(
params
[
:two_factor
])
end
members
=
apply_additional_filters
(
members
)
by_created_at
(
members
)
end
...
...
@@ -84,6 +86,11 @@ class GroupMembersFinder < UnionFinder
raise
ArgumentError
,
"
#{
(
include_relations
-
RELATIONS
).
first
}
#{
INVALID_RELATION_TYPE_ERROR_MSG
}
"
end
end
def
apply_additional_filters
(
members
)
# overridden in EE to include additional filtering conditions.
members
end
end
GroupMembersFinder
.
prepend_mod_with
(
'GroupMembersFinder'
)
This diff is collapsed.
Click to expand it.
app/models/application_record.rb
View file @
d9a2814f
...
...
@@ -101,6 +101,10 @@ class ApplicationRecord < ActiveRecord::Base
where
(
'EXISTS (?)'
,
query
.
select
(
1
))
end
def
self
.
where_not_exists
(
query
)
where
(
'NOT EXISTS (?)'
,
query
.
select
(
1
))
end
def
self
.
declarative_enum
(
enum_mod
)
enum
(
enum_mod
.
key
=>
enum_mod
.
values
)
end
...
...
This diff is collapsed.
Click to expand it.
ee/app/controllers/ee/groups/group_members_controller.rb
View file @
d9a2814f
...
...
@@ -82,6 +82,11 @@ module EE
group
.
all_group_members
end
override
:filter_params
def
filter_params
super
.
merge
(
params
.
permit
(
:enterprise
))
end
end
end
end
This diff is collapsed.
Click to expand it.
ee/app/finders/ee/group_members_finder.rb
View file @
d9a2814f
...
...
@@ -27,4 +27,26 @@ module EE::GroupMembersFinder
super
end
override
:apply_additional_filters
def
apply_additional_filters
(
filtered_members
)
members
=
super
filter_by_enterprise_users
(
members
)
end
private
def
filter_by_enterprise_users
(
members
)
filter_by_enterprise_param
=
::
Gitlab
::
Utils
.
to_boolean
(
params
[
:enterprise
])
return
members
if
filter_by_enterprise_param
.
nil?
# we require this param to be either `true` or `false`
return
members
unless
can_filter_by_enterprise?
members
.
filter_by_enterprise_users
(
filter_by_enterprise_param
)
end
def
can_filter_by_enterprise?
can_manage_members
&&
group
.
root_ancestor
.
saml_enabled?
end
end
This diff is collapsed.
Click to expand it.
ee/app/helpers/ee/groups/group_members_helper.rb
View file @
d9a2814f
...
...
@@ -19,7 +19,8 @@ module EE::Groups::GroupMembersHelper
def
group_members_app_data
(
group
,
members
:,
invited
:,
access_requests
:)
super
.
merge!
({
can_export_members:
can?
(
current_user
,
:export_group_memberships
,
group
),
export_csv_path:
export_csv_group_group_members_path
(
group
)
export_csv_path:
export_csv_group_group_members_path
(
group
),
can_filter_by_enterprise:
can?
(
current_user
,
:admin_group_member
,
group
)
&&
group
.
root_ancestor
.
saml_enabled?
})
end
end
This diff is collapsed.
Click to expand it.
ee/app/models/ee/group_member.rb
View file @
d9a2814f
...
...
@@ -31,6 +31,20 @@ module EE
def
member_of_group?
(
group
,
user
)
exists?
(
group:
group
,
user:
user
)
end
def
filter_by_enterprise_users
(
value
)
subquery
=
::
UserDetail
.
where
(
::
UserDetail
.
arel_table
[
:provisioned_by_group_id
].
eq
(
arel_table
[
:source_id
]).
and
(
::
UserDetail
.
arel_table
[
:user_id
].
eq
(
arel_table
[
:user_id
]))
)
if
value
where_exists
(
subquery
)
else
where_not_exists
(
subquery
)
end
end
end
def
provisioned_by_this_group?
...
...
This diff is collapsed.
Click to expand it.
ee/spec/finders/ee/group_members_finder_spec.rb
View file @
d9a2814f
...
...
@@ -21,32 +21,132 @@ RSpec.describe GroupMembersFinder do
end
describe
'#execute'
do
let_it_be
(
:group_minimal_access_membership
)
do
create
(
:group_member
,
:minimal_access
,
source:
group
,
user:
create
(
:user
))
end
context
'minimal access'
do
let_it_be
(
:group_minimal_access_membership
)
do
create
(
:group_member
,
:minimal_access
,
source:
group
)
end
context
'when group does not allow minimal access members'
do
before
do
stub_licensed_features
(
minimal_access_role:
false
)
end
it
'returns only members with full access'
do
result
=
finder
.
execute
(
include_relations:
[
:direct
,
:descendants
])
context
'when group does not allow minimal access members'
do
before
do
stub_licensed_features
(
minimal_access_role:
false
)
expect
(
result
.
to_a
).
to
match_array
([
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
])
end
end
it
'returns only members with full access'
do
result
=
finder
.
execute
(
include_relations:
[
:direct
,
:descendants
])
context
'when group allows minimal access members'
do
before
do
group
.
clear_memoization
(
:feature_available
)
stub_licensed_features
(
minimal_access_role:
true
)
end
expect
(
result
.
to_a
).
to
match_array
([
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
])
it
'also returns members with minimal access'
do
result
=
finder
.
execute
(
include_relations:
[
:direct
,
:descendants
])
expect
(
result
.
to_a
).
to
match_array
([
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
,
group_minimal_access_membership
])
end
end
end
context
'when group allows minimal access members'
do
before
do
group
.
clear_memoization
(
:feature_available
)
stub_licensed_features
(
minimal_access_role:
true
)
context
'filter by enterprise users'
do
let_it_be
(
:saml_provider
)
{
create
(
:saml_provider
,
group:
group
)
}
let_it_be
(
:enterprise_member_1_of_root_group
)
{
group
.
add_developer
(
create
(
:user
,
provisioned_by_group_id:
group
.
id
))
}
let_it_be
(
:enterprise_member_2_of_root_group
)
{
group
.
add_developer
(
create
(
:user
,
provisioned_by_group_id:
group
.
id
))
}
let
(
:all_members
)
do
[
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
,
enterprise_member_1_of_root_group
,
enterprise_member_2_of_root_group
]
end
context
'the group has SAML enabled'
do
context
'when requested by owner'
do
let
(
:current_user
)
{
group_owner_membership
.
user
}
context
'direct members of the group'
do
it
'returns Enterprise members when the filter is `true`'
do
result
=
described_class
.
new
(
group
,
current_user
,
params:
{
enterprise:
'true'
}).
execute
expect
(
result
.
to_a
).
to
match_array
([
enterprise_member_1_of_root_group
,
enterprise_member_2_of_root_group
])
end
it
'returns members that are not Enterprise members when the filter is `false`'
do
result
=
described_class
.
new
(
group
,
current_user
,
params:
{
enterprise:
'false'
}).
execute
expect
(
result
.
to_a
).
to
match_array
([
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
])
end
it
'returns all members when the filter is not specified'
do
result
=
described_class
.
new
(
group
,
current_user
,
params:
{}).
execute
expect
(
result
.
to_a
).
to
match_array
(
all_members
)
end
it
'returns all members when the filter is not either of `true` or `false`'
do
result
=
described_class
.
new
(
group
,
current_user
,
params:
{
enterprise:
'not-valid'
}).
execute
expect
(
result
.
to_a
).
to
match_array
(
all_members
)
end
end
context
'inherited members of the group'
do
let_it_be
(
:subgroup
)
{
create
(
:group
,
parent:
group
)
}
let_it_be
(
:subgroup_member_membership
)
{
subgroup
.
add_developer
(
create
(
:user
))
}
it
'returns all members including inherited members, that are Enterprise members, when the filter is `true`'
do
result
=
described_class
.
new
(
subgroup
,
current_user
,
params:
{
enterprise:
'true'
}).
execute
expect
(
result
.
to_a
).
to
match_array
([
enterprise_member_1_of_root_group
,
enterprise_member_2_of_root_group
])
end
it
'returns all members including inherited members, that are not Enterprise members, when the filter is `false`'
do
result
=
described_class
.
new
(
subgroup
,
current_user
,
params:
{
enterprise:
'false'
}).
execute
expect
(
result
.
to_a
).
to
match_array
(
[
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
,
subgroup_member_membership
]
)
end
end
end
context
'when requested by non-owner'
do
let
(
:current_user
)
{
group_member_membership
.
user
}
it
'returns all members, as non-owners do not have the ability to filter by Enterprise users'
do
result
=
described_class
.
new
(
group
,
current_user
,
params:
{
enterprise:
'true'
}).
execute
expect
(
result
.
to_a
).
to
match_array
(
all_members
)
end
end
end
it
'also returns members with minimal access'
do
result
=
finder
.
execute
(
include_relations:
[
:direct
,
:descendants
])
context
'the group does not have SAML enabled'
do
before
do
group
.
saml_provider
.
destroy!
end
context
'when requested by owner'
do
let
(
:current_user
)
{
group_owner_membership
.
user
}
it
'returns all members, because `Enterprise` filter can only be applied on groups that have SAML enabled'
do
result
=
described_class
.
new
(
group
,
current_user
,
params:
{
enterprise:
'true'
}).
execute
expect
(
result
.
to_a
).
to
match_array
([
group_owner_membership
,
group_member_membership
,
dedicated_member_account_membership
,
group_minimal_access_membership
])
expect
(
result
.
to_a
).
to
match_array
(
all_members
)
end
end
end
end
end
...
...
This diff is collapsed.
Click to expand it.
ee/spec/helpers/ee/groups/group_members_helper_spec.rb
View file @
d9a2814f
...
...
@@ -50,5 +50,10 @@ RSpec.describe Groups::GroupMembersHelper do
it
'adds `export_csv_path`'
do
expect
(
subject
[
:export_csv_path
]).
not_to
be_nil
end
it
'adds `can_filter_by_enterprise`'
do
allow
(
group
.
root_ancestor
).
to
receive
(
:saml_enabled?
).
and_return
(
true
)
expect
(
subject
[
:can_filter_by_enterprise
]).
to
eq
(
true
)
end
end
end
This diff is collapsed.
Click to expand it.
ee/spec/models/group_member_spec.rb
View file @
d9a2814f
...
...
@@ -105,6 +105,25 @@ RSpec.describe GroupMember do
end
end
describe
'.filter_by_enterprise_users'
do
let_it_be
(
:group
)
{
create
(
:group
)
}
let_it_be
(
:provisioned_member_1_of_group
)
{
group
.
add_developer
(
create
(
:user
,
provisioned_by_group_id:
group
.
id
))
}
let_it_be
(
:provisioned_member_2_of_group
)
{
group
.
add_developer
(
create
(
:user
,
provisioned_by_group_id:
group
.
id
))
}
let_it_be
(
:normal_group_member
)
{
group
.
add_developer
(
create
(
:user
))
}
it
'returns members that are provisioned by a group when the filter is `true`'
do
result
=
described_class
.
filter_by_enterprise_users
(
true
)
expect
(
result
.
to_a
).
to
match_array
([
provisioned_member_1_of_group
,
provisioned_member_2_of_group
])
end
it
'returns members that are not provisioned by a group when the filter is `false`'
do
result
=
described_class
.
filter_by_enterprise_users
(
false
)
expect
(
result
.
to_a
).
to
match_array
([
normal_group_member
])
end
end
context
'refreshing project_authorizations'
do
let_it_be_with_refind
(
:group
)
{
create
(
:group
)
}
let_it_be_with_refind
(
:user
)
{
create
(
:user
)
}
...
...
This diff is collapsed.
Click to expand it.
spec/models/application_record_spec.rb
View file @
d9a2814f
...
...
@@ -104,6 +104,18 @@ RSpec.describe ApplicationRecord do
end
end
describe
'.where_not_exists'
do
it
'produces a WHERE NOT EXISTS query'
do
create
(
:user
,
:two_factor_via_u2f
)
user_2
=
create
(
:user
)
expect
(
User
.
where_not_exists
(
U2fRegistration
.
where
(
U2fRegistration
.
arel_table
[
:user_id
].
eq
(
User
.
arel_table
[
:id
])))
).
to
match_array
([
user_2
])
end
end
describe
'.transaction'
,
:delete
do
it
'opens a new transaction'
do
expect
(
described_class
.
connection
.
transaction_open?
).
to
be
false
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment