Commit 538741f2 authored by Thiago Presa's avatar Thiago Presa Committed by Sean McGivern

Add highest_role method to User

parent e14b4b05
...@@ -917,6 +917,10 @@ class User < ApplicationRecord ...@@ -917,6 +917,10 @@ class User < ApplicationRecord
DeployKey.unscoped.in_projects(authorized_projects.pluck(:id)).distinct(:id) DeployKey.unscoped.in_projects(authorized_projects.pluck(:id)).distinct(:id)
end end
def highest_role
members.maximum(:access_level) || Gitlab::Access::NO_ACCESS
end
def accessible_deploy_keys def accessible_deploy_keys
@accessible_deploy_keys ||= begin @accessible_deploy_keys ||= begin
key_ids = project_deploy_keys.pluck(:id) key_ids = project_deploy_keys.pluck(:id)
......
...@@ -117,6 +117,11 @@ ...@@ -117,6 +117,11 @@
%strong %strong
= @user.sign_in_count = @user.sign_in_count
%li
%span.light= _("Highest role:")
%strong
= Gitlab::Access.human_access_with_none(@user.highest_role)
- if @user.ldap_user? - if @user.ldap_user?
%li %li
%span.light LDAP uid: %span.light LDAP uid:
......
---
title: Adding highest role property to admin's user details page
merge_request:
author:
type: added
...@@ -140,7 +140,8 @@ GET /users ...@@ -140,7 +140,8 @@ GET /users
"can_create_project": true, "can_create_project": true,
"two_factor_enabled": true, "two_factor_enabled": true,
"external": false, "external": false,
"private_profile": false "private_profile": false,
"highest_role":10
} }
] ]
``` ```
......
...@@ -86,6 +86,10 @@ module API ...@@ -86,6 +86,10 @@ module API
expose :admin?, as: :is_admin expose :admin?, as: :is_admin
end end
class UserDetailsWithAdmin < UserWithAdmin
expose :highest_role
end
class UserStatus < Grape::Entity class UserStatus < Grape::Entity
expose :emoji expose :emoji
expose :message expose :message
......
...@@ -124,7 +124,7 @@ module API ...@@ -124,7 +124,7 @@ module API
user = User.find_by(id: params[:id]) user = User.find_by(id: params[:id])
not_found!('User') unless user && can?(current_user, :read_user, user) not_found!('User') unless user && can?(current_user, :read_user, user)
opts = { with: current_user&.admin? ? Entities::UserWithAdmin : Entities::User, current_user: current_user } opts = { with: current_user&.admin? ? Entities::UserDetailsWithAdmin : Entities::User, current_user: current_user }
user, opts = with_custom_attributes(user, opts) user, opts = with_custom_attributes(user, opts)
present user, opts present user, opts
......
...@@ -46,6 +46,12 @@ module Gitlab ...@@ -46,6 +46,12 @@ module Gitlab
) )
end end
def options_with_none
options_with_owner.merge(
"None" => NO_ACCESS
)
end
def sym_options def sym_options
{ {
guest: GUEST, guest: GUEST,
...@@ -75,12 +81,20 @@ module Gitlab ...@@ -75,12 +81,20 @@ module Gitlab
def human_access(access) def human_access(access)
options_with_owner.key(access) options_with_owner.key(access)
end end
def human_access_with_none(access)
options_with_none.key(access)
end
end end
def human_access def human_access
Gitlab::Access.human_access(access_field) Gitlab::Access.human_access(access_field)
end end
def human_access_with_none
Gitlab::Access.human_access_with_none(access_field)
end
def owner? def owner?
access_field == OWNER access_field == OWNER
end end
......
...@@ -4121,6 +4121,9 @@ msgstr[1] "" ...@@ -4121,6 +4121,9 @@ msgstr[1] ""
msgid "Hide values" msgid "Hide values"
msgstr "" msgstr ""
msgid "Highest role:"
msgstr ""
msgid "History" msgid "History"
msgstr "" msgstr ""
......
...@@ -660,6 +660,68 @@ describe User do ...@@ -660,6 +660,68 @@ describe User do
end end
end end
describe '#highest_role' do
let(:user) { create(:user) }
let(:group) { create(:group) }
it 'returns NO_ACCESS if none has been set' do
expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
end
it 'returns MAINTAINER if user is maintainer of a project' do
create(:project, group: group) do |project|
project.add_maintainer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple projects' do
create(:project, group: group) do |project|
project.add_maintainer(user)
end
create(:project, group: group) do |project|
project.add_developer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns MAINTAINER if user is maintainer of a group' do
create(:group) do |group|
group.add_user(user, GroupMember::MAINTAINER)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple groups' do
create(:group) do |group|
group.add_user(user, GroupMember::MAINTAINER)
end
create(:group) do |group|
group.add_user(user, GroupMember::DEVELOPER)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
it 'returns the highest role if user is member of multiple groups and projects' do
create(:group) do |group|
group.add_user(user, GroupMember::DEVELOPER)
end
create(:project, group: group) do |project|
project.add_maintainer(user)
end
expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
end
end
describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do
let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") } let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") }
let(:user) { create(:user) } let(:user) { create(:user) }
......
...@@ -68,6 +68,13 @@ describe API::Users do ...@@ -68,6 +68,13 @@ describe API::Users do
expect(json_response.size).to eq(0) expect(json_response.size).to eq(0)
end end
it "does not return the highest role" do
get api("/users"), params: { username: user.username }
expect(response).to match_response_schema('public_api/v4/user/basics')
expect(json_response.first.keys).not_to include 'highest_role'
end
context "when public level is restricted" do context "when public level is restricted" do
before do before do
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC]) stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
...@@ -286,6 +293,13 @@ describe API::Users do ...@@ -286,6 +293,13 @@ describe API::Users do
expect(json_response.keys).not_to include 'is_admin' expect(json_response.keys).not_to include 'is_admin'
end end
it "does not return the user's `highest_role`" do
get api("/users/#{user.id}", user)
expect(response).to match_response_schema('public_api/v4/user/basic')
expect(json_response.keys).not_to include 'highest_role'
end
context 'when authenticated as admin' do context 'when authenticated as admin' do
it 'includes the `is_admin` field' do it 'includes the `is_admin` field' do
get api("/users/#{user.id}", admin) get api("/users/#{user.id}", admin)
...@@ -300,6 +314,12 @@ describe API::Users do ...@@ -300,6 +314,12 @@ describe API::Users do
expect(response).to match_response_schema('public_api/v4/user/admin') expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response.keys).to include 'created_at' expect(json_response.keys).to include 'created_at'
end end
it 'includes the `highest_role` field' do
get api("/users/#{user.id}", admin)
expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response['highest_role']).to be(0)
end
end end
context 'for an anonymous user' do context 'for an anonymous user' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment