Commit 81662f7b authored by Fabio Papa's avatar Fabio Papa

Make subgroup_creation_level default to maintainer at SQL level

- Migration updates existing groups to "owner", then sets default to
  "maintainer" so that new groups will default to that
- Update spec examples
parent e962ffbc
...@@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] ...@@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1]
:subgroup_creation_level, :subgroup_creation_level,
:integer, :integer,
default: 0) default: 0)
change_column_default(:namespaces, :subgroup_creation_level, 1)
end end
end end
......
...@@ -70,14 +70,13 @@ describe Admin::GroupsController do ...@@ -70,14 +70,13 @@ describe Admin::GroupsController do
end end
it 'updates the subgroup_creation_level successfully' do it 'updates the subgroup_creation_level successfully' do
MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
expect do expect do
post :update, post :update,
params: { id: group.to_param, params: { id: group.to_param,
group: { subgroup_creation_level: MAINTAINER } } group: { subgroup_creation_level: OWNER } }
end.to change { group.reload.subgroup_creation_level } end.to change { group.reload.subgroup_creation_level }.to(OWNER)
.to(MAINTAINER)
end end
end end
end end
...@@ -5,7 +5,6 @@ FactoryBot.define do ...@@ -5,7 +5,6 @@ FactoryBot.define do
type 'Group' type 'Group'
owner nil owner nil
project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS
subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
after(:create) do |group| after(:create) do |group|
if group.owner if group.owner
...@@ -46,5 +45,9 @@ FactoryBot.define do ...@@ -46,5 +45,9 @@ FactoryBot.define do
trait :auto_devops_disabled do trait :auto_devops_disabled do
auto_devops_enabled false auto_devops_enabled false
end end
trait :owner_subgroup_creation_only do
subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
end
end end
end end
...@@ -72,10 +72,11 @@ describe 'Group show page' do ...@@ -72,10 +72,11 @@ describe 'Group show page' do
context 'when subgroups are supported', :js, :nested_groups do context 'when subgroups are supported', :js, :nested_groups do
before do before do
allow(Group).to receive(:supports_nested_objects?) { true } allow(Group).to receive(:supports_nested_objects?) { true }
visit path
end end
it 'allows creating subgroups' do it 'allows creating subgroups' do
visit path
expect(page) expect(page)
.to have_css("li[data-text='New subgroup']", visible: false) .to have_css("li[data-text='New subgroup']", visible: false)
end end
...@@ -84,10 +85,11 @@ describe 'Group show page' do ...@@ -84,10 +85,11 @@ describe 'Group show page' do
context 'when subgroups are not supported' do context 'when subgroups are not supported' do
before do before do
allow(Group).to receive(:supports_nested_objects?) { false } allow(Group).to receive(:supports_nested_objects?) { false }
visit path
end end
it 'does not allow creating subgroups' do it 'does not allow creating subgroups' do
visit path
expect(page) expect(page)
.not_to have_selector("li[data-text='New subgroup']", visible: false) .not_to have_selector("li[data-text='New subgroup']", visible: false)
end end
...@@ -102,10 +104,9 @@ describe 'Group show page' do ...@@ -102,10 +104,9 @@ describe 'Group show page' do
context 'when subgroups are supported', :js, :nested_groups do context 'when subgroups are supported', :js, :nested_groups do
before do before do
allow(Group).to receive(:supports_nested_objects?) { true } allow(Group).to receive(:supports_nested_objects?) { true }
visit path
end end
context 'when subgroup_creation_level is set to maintainer' do context 'when subgroup_creation_level is set to maintainers' do
let(:group) do let(:group) do
create(:group, create(:group,
subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
...@@ -113,7 +114,9 @@ describe 'Group show page' do ...@@ -113,7 +114,9 @@ describe 'Group show page' do
it 'allows creating subgroups' do it 'allows creating subgroups' do
visit path visit path
expect(page).to have_css("li[data-text='New subgroup']", visible: false)
expect(page)
.to have_css("li[data-text='New subgroup']", visible: false)
end end
end end
...@@ -125,6 +128,7 @@ describe 'Group show page' do ...@@ -125,6 +128,7 @@ describe 'Group show page' do
it 'does not allow creating subgroups' do it 'does not allow creating subgroups' do
visit path visit path
expect(page) expect(page)
.not_to have_css("li[data-text='New subgroup']", visible: false) .not_to have_css("li[data-text='New subgroup']", visible: false)
end end
...@@ -134,10 +138,11 @@ describe 'Group show page' do ...@@ -134,10 +138,11 @@ describe 'Group show page' do
context 'when subgroups are not supported' do context 'when subgroups are not supported' do
before do before do
allow(Group).to receive(:supports_nested_objects?) { false } allow(Group).to receive(:supports_nested_objects?) { false }
visit path
end end
it 'does not allow creating subgroups' do it 'does not allow creating subgroups' do
visit path
expect(page) expect(page)
.not_to have_selector("li[data-text='New subgroup']", visible: false) .not_to have_selector("li[data-text='New subgroup']", visible: false)
end end
......
...@@ -997,9 +997,8 @@ describe Group do ...@@ -997,9 +997,8 @@ describe Group do
describe 'subgroup_creation_level' do describe 'subgroup_creation_level' do
it 'defaults to maintainers' do it 'defaults to maintainers' do
group = create (:group) expect(group.subgroup_creation_level)
.to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
end end
end end
end end
...@@ -98,12 +98,38 @@ describe GroupPolicy do ...@@ -98,12 +98,38 @@ describe GroupPolicy do
context 'maintainer' do context 'maintainer' do
let(:current_user) { maintainer } let(:current_user) { maintainer }
it do context 'with subgroup_creation level set to maintainer' do
expect_allowed(*guest_permissions) let(:group) { create(:group,
expect_allowed(*reporter_permissions) :private,
expect_allowed(*developer_permissions) subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) }
expect_allowed(*maintainer_permissions)
expect_disallowed(*owner_permissions) it do
allow(Group).to receive(:supports_nested_objects?).and_return(true)
create_subgroup_permission = [:create_subgroup]
updated_maintainer_permissions =
maintainer_permissions + create_subgroup_permission
updated_owner_permissions =
owner_permissions - create_subgroup_permission
expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_allowed(*updated_maintainer_permissions)
expect_disallowed(*updated_owner_permissions)
end
end
context 'with subgroup_creation_level set to owner' do
it do
allow(Group).to receive(:supports_nested_objects?).and_return(true)
expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_allowed(*maintainer_permissions)
expect_disallowed(*owner_permissions)
end
end end
end end
...@@ -181,7 +207,10 @@ describe GroupPolicy do ...@@ -181,7 +207,10 @@ describe GroupPolicy do
end end
describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do
let(:nested_group) { create(:group, :private, parent: group) } let(:nested_group) { create(:group,
:private,
:owner_subgroup_creation_only,
parent: group) }
before do before do
nested_group.add_guest(guest) nested_group.add_guest(guest)
......
...@@ -803,10 +803,10 @@ describe API::Groups do ...@@ -803,10 +803,10 @@ describe API::Groups do
group2.add_maintainer(user1) group2.add_maintainer(user1)
end end
it 'cannot create subgroups' do it 'can create subgroups' do
post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' }
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(201)
end end
end end
end end
......
...@@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do ...@@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do
let(:maintainer) { create(:user) } let(:maintainer) { create(:user) }
let(:owner) { create(:user) } let(:owner) { create(:user) }
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
let(:group) { create(:group, :private) } let(:group) { create(:group, :private, :owner_subgroup_creation_only) }
let(:guest_permissions) do let(:guest_permissions) do
%i[ %i[
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment