Merge branch 'sh-allow-equal-level-in-subgroup-membership' into 'master'

Allow a member to have an access level equal to parent group Closes gitlab-ee#11323 See merge request gitlab-org/gitlab-ce!27913

Merge branch 'sh-allow-equal-level-in-subgroup-membership' into 'master'
Allow a member to have an access level equal to parent group Closes gitlab-ee#11323 See merge request gitlab-org/gitlab-ce!27913
2b3b0bb1 · James Lopez · 6835a64d · 32ddc3fe · 2b3b0bb1 · 2b3b0bb1
Commit 2b3b0bb1 authored May 02, 2019 by James Lopez
6 changed files
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -446,10 +446,10 @@ class Member < ApplicationRecord
  end
  def higher_access_level_than_group
-    if highest_group_member && highest_group_member.access_level >= access_level
+    if highest_group_member && highest_group_member.access_level > access_level
      error_parameters = { access: highest_group_member.human_access, group_name: highest_group_member.group.name }
-      errors.add(:access_level, s_("should be higher than %{access} inherited membership from group %{group_name}") % error_parameters)
+      errors.add(:access_level, s_("should be greater than or equal to %{access} inherited membership from group %{group_name}") % error_parameters)
    end
  end
 end
--- a/changelogs/unreleased/sh-allow-equal-level-in-subgroup-membership.yml
+++ b/changelogs/unreleased/sh-allow-equal-level-in-subgroup-membership.yml
+---
+title: Allow a member to have an access level equal to parent group
+merge_request: 27913
+author:
+type: fixed
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -11475,7 +11475,7 @@ msgstr[1] ""
 msgid "score"
 msgstr ""
-msgid "should be higher than %{access} inherited membership from group %{group_name}"
+msgid "should be greater than or equal to %{access} inherited membership from group %{group_name}"
 msgstr ""
 msgid "show less"

--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@@ -70,6 +70,16 @@ describe Member do
        expect(child_member).not_to be_valid
      end
+      # Membership in a subgroup confers certain access rights, such as being
+      # able to merge or push code to protected branches.
+      it "is valid with an equal level" do
+        child_member.access_level = GroupMember::DEVELOPER
+        child_member.validate
+        expect(child_member).to be_valid
+      end
      it "is valid with a higher level" do
        child_member.access_level = GroupMember::MAINTAINER

--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -236,7 +236,7 @@ describe API::Members do
               params: { user_id: stranger.id, access_level: Member::REPORTER }
          expect(response).to have_gitlab_http_status(400)
-          expect(json_response['message']['access_level']).to eq(["should be higher than Developer inherited membership from group #{parent.name}"])
+          expect(json_response['message']['access_level']).to eq(["should be greater than or equal to Developer inherited membership from group #{parent.name}"])
        end
        it 'creates the member if group level is lower', :nested_groups do

--- a/spec/support/shared_examples/models/member_shared_examples.rb
+++ b/spec/support/shared_examples/models/member_shared_examples.rb
@@ -41,7 +41,7 @@ shared_examples_for 'inherited access level as a member of entity' do
      member.update(access_level: Gitlab::Access::REPORTER)
-      expect(member.errors.full_messages).to eq(["Access level should be higher than Developer inherited membership from group #{parent_entity.name}"])
+      expect(member.errors.full_messages).to eq(["Access level should be greater than or equal to Developer inherited membership from group #{parent_entity.name}"])
    end
    it 'allows changing the level from a non existing member' do