Commit 1954bd6e authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'fix-admin-should-be-able-to-add-himself-to-group' into 'master'

Signed in Admin can add/remove himself to a group/project

Fixes #3640 

/cc @JobV Could you have a look as well?

See merge request !1942
parents 9bfd6c44 bf0af030
......@@ -40,6 +40,7 @@ v 8.2.2
- Fix Error 500 when viewing user's personal projects from admin page (Stan Hu)
- Fix: Raw private snippets access workflow
- Prevent "413 Request entity too large" errors when pushing large files with LFS
- Fix: As an admin, cannot add oneself as a member to a group/project
- Fix invalid links within projects dashboard header
- Make current user the first user in assignee dropdown in issues detail page (Stan Hu)
- Fix: duplicate email notifications on issue comments
......
......@@ -346,12 +346,10 @@ class Ability
unless group.last_owner?(target_user)
can_manage = group_abilities(user, group).include?(:admin_group_member)
if can_manage && user != target_user
if can_manage
rules << :update_group_member
rules << :destroy_group_member
end
if user == target_user
elsif user == target_user
rules << :destroy_group_member
end
end
......@@ -367,12 +365,10 @@ class Ability
unless target_user == project.owner
can_manage = project_abilities(user, project).include?(:admin_project_member)
if can_manage && user != target_user
if can_manage
rules << :update_project_member
rules << :destroy_project_member
end
if user == target_user
elsif user == target_user
rules << :destroy_project_member
end
end
......
......@@ -33,3 +33,19 @@ Feature: Admin Groups
When I visit admin group page
When I select user "johndoe@gitlab.com" from user list as "Reporter"
Then I should see "johndoe@gitlab.com" in team list in every project as "Reporter"
@javascript
Scenario: Signed in admin should be able to add himself to a group
Given "John Doe" is owner of group "Owned"
When I visit group "Owned" members page
When I select current user as "Developer"
Then I should see current user as "Developer"
@javascript
Scenario: Signed in admin should be able to remove himself from group
Given current user is developer of group "Owned"
When I visit group "Owned" members page
Then I should see current user as "Developer"
When I click on the "Remove User From Group" button for current user
When I visit group "Owned" members page
Then I should not see current user as "Developer"
......@@ -27,3 +27,19 @@ Feature: Admin Projects
And I visit admin project page
When I transfer project to group 'Web'
Then I should see project transfered
@javascript
Scenario: Signed in admin should be able to add himself to a project
Given "John Doe" owns private project "Enterprise"
When I visit project "Enterprise" members page
When I select current user as "Developer"
Then I should see current user as "Developer"
@javascript
Scenario: Signed in admin should be able to remove himself from a project
Given "John Doe" owns private project "Enterprise"
And current user is developer of project "Enterprise"
When I visit project "Enterprise" members page
Then I should see current user as "Developer"
When I click on the "Remove User From Project" button for current user
Then I should not see current user as "Developer"
class Spinach::Features::AdminGroups < Spinach::FeatureSteps
include SharedAuthentication
include SharedGroup
include SharedPaths
include SharedUser
include SharedActiveTab
......@@ -88,6 +89,34 @@ class Spinach::Features::AdminGroups < Spinach::FeatureSteps
end
end
step 'I select current user as "Developer"' do
page.within ".users-group-form" do
select2(current_user.id, from: "#user_ids", multiple: true)
select "Developer", from: "access_level"
end
click_button "Add users to group"
end
step 'I should see current user as "Developer"' do
page.within '.content-list' do
expect(page).to have_content(current_user.name)
expect(page).to have_content('Developer')
end
end
step 'I click on the "Remove User From Group" button for current user' do
find(:css, 'li', text: current_user.name).find(:css, 'a.btn-remove').click
# poltergeist always confirms popups.
end
step 'I should not see current user as "Developer"' do
page.within '.content-list' do
expect(page).not_to have_content(current_user.name)
expect(page).not_to have_content('Developer')
end
end
protected
def current_group
......
......@@ -3,6 +3,8 @@ class Spinach::Features::AdminProjects < Spinach::FeatureSteps
include SharedPaths
include SharedAdmin
include SharedProject
include SharedUser
include Select2Helper
step 'I should see all non-archived projects' do
Project.non_archived.each do |p|
......@@ -56,6 +58,41 @@ class Spinach::Features::AdminProjects < Spinach::FeatureSteps
expect(page).to have_content 'Namespace: Web'
end
step 'I visit project "Enterprise" members page' do
project = Project.find_by!(name: "Enterprise")
visit namespace_project_project_members_path(project.namespace, project)
end
step 'I select current user as "Developer"' do
page.within ".users-project-form" do
select2(current_user.id, from: "#user_ids", multiple: true)
select "Developer", from: "access_level"
end
click_button "Add users to project"
end
step 'I should see current user as "Developer"' do
page.within '.content-list' do
expect(page).to have_content(current_user.name)
expect(page).to have_content('Developer')
end
end
step 'current user is developer of project "Enterprise"' do
project = Project.find_by!(name: "Enterprise")
project.team << [current_user, :developer]
end
step 'I click on the "Remove User From Project" button for current user' do
find(:css, 'li', text: current_user.name).find(:css, 'a.btn-remove').click
# poltergeist always confirms popups.
end
step 'I should not see current_user as "Developer"' do
expect(page).not_to have_selector(:css, '.content-list')
end
def project
@project ||= Project.first
end
......
module SharedGroup
include Spinach::DSL
step 'current user is developer of group "Owned"' do
is_member_of(current_user.name, "Owned", Gitlab::Access::DEVELOPER)
end
step '"John Doe" is owner of group "Owned"' do
is_member_of("John Doe", "Owned", Gitlab::Access::OWNER)
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment