Commit deb22925 authored by Manoj M J's avatar Manoj M J

Value of `lock_memberships_to_ldap` should not affect authorizations

This change removes the check on the value of
`lock_memberships_to_ldap ` setting
that was previously being done while refreshing
authorizations via the `EffectiveAccessLevelFinder`
finder.

Changelog: fixed
parent b3be4dfb
......@@ -99,7 +99,7 @@ module Projects
end
def include_membership_from_project_group_shares?
project.allowed_to_share_with_group? && project.project_group_links.any?
!project.namespace.share_with_group_lock && project.project_group_links.any?
end
# methods for `select` options
......
......@@ -194,6 +194,7 @@ RSpec.describe Projects::Members::EffectiveAccessLevelFinder, '#execute' do
context 'for a project that is shared with other group(s)' do
let_it_be(:shared_with_group) { create(:group) }
let_it_be(:user_from_shared_with_group) { create(:user) }
let_it_be(:project) { create(:project, group: create(:group)) }
before do
create(:project_group_link, :developer, project: project, group: shared_with_group)
......@@ -211,9 +212,24 @@ RSpec.describe Projects::Members::EffectiveAccessLevelFinder, '#execute' do
)
end
context 'when the group containing the project has forbidden group shares for any of its projects' do
let_it_be(:project) { create(:project, group: create(:group)) }
context 'even when the `lock_memberships_to_ldap` setting has been turned ON' do
before do
stub_application_setting(lock_memberships_to_ldap: true)
end
it 'includes the least among the specified access levels' do
expect(subject).to(
include(
hash_including(
'user_id' => user_from_shared_with_group.id,
'access_level' => Gitlab::Access::DEVELOPER
)
)
)
end
end
context 'when the group containing the project has forbidden group shares for any of its projects' do
before do
project.namespace.update!(share_with_group_lock: true)
end
......
......@@ -204,6 +204,43 @@ RSpec.describe Gitlab::ProjectAuthorizations do
end
end
context 'with shared projects' do
let_it_be(:shared_with_group) { create(:group) }
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, group: create(:group)) }
let(:mapping) { map_access_levels(authorizations) }
before do
create(:project_group_link, :developer, project: project, group: shared_with_group)
shared_with_group.add_maintainer(user)
end
it 'creates proper authorizations' do
expect(mapping[project.id]).to eq(Gitlab::Access::DEVELOPER)
end
context 'even when the `lock_memberships_to_ldap` setting has been turned ON' do
before do
stub_application_setting(lock_memberships_to_ldap: true)
end
it 'creates proper authorizations' do
expect(mapping[project.id]).to eq(Gitlab::Access::DEVELOPER)
end
end
context 'when the group containing the project has forbidden group shares for any of its projects' do
before do
project.namespace.update!(share_with_group_lock: true)
end
it 'does not create authorizations' do
expect(mapping[project.id]).to be_nil
end
end
end
context 'with shared groups' do
let(:parent_group_user) { create(:user) }
let(:group_user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment