LdapGroupResetService added

Allows reset all ldap group members access to default one
specified in Group -> Ldap Access selectbox.
Does not affect user who initiated reset action.
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

app/services/ldap_group_reset_service.rb

+class LdapGroupResetService
+  def execute(group, current_user)
+    group.members.includes(:user).each do |member|
+      user = member.user
+
+      if user.ldap_user? && user != current_user
+        member.group_access = group.ldap_access
+        member.save
+      end
+    end
+  end
+end

spec/services/ldap_group_reset_service_spec.rb

+require 'spec_helper'
+
+describe LdapGroupResetService do
+  let(:group) { create(:group, ldap_cn: 'developers', ldap_access: Gitlab::Access::DEVELOPER) }
+  let(:user) { create(:user) }
+  let(:ldap_user) { create(:user, extern_uid: 'john', provider: 'ldap') }
+  let(:ldap_user_2) { create(:user, extern_uid: 'mike', provider: 'ldap') }
+
+  before do
+    group.add_owner(user)
+    group.add_owner(ldap_user)
+    group.add_user(ldap_user_2, Gitlab::Access::REPORTER)
+  end
+
+  describe '#execute' do
+    context 'initiated by ldap user' do
+      before { LdapGroupResetService.new.execute(group, ldap_user) }
+
+      it { member_access(ldap_user).should == Gitlab::Access::OWNER }
+      it { member_access(ldap_user_2).should == Gitlab::Access::DEVELOPER }
+      it { member_access(user).should == Gitlab::Access::OWNER }
+    end
+
+    context 'initiated by regular user' do
+      before { LdapGroupResetService.new.execute(group, user) }
+
+      it { member_access(ldap_user).should == Gitlab::Access::DEVELOPER }
+      it { member_access(ldap_user_2).should == Gitlab::Access::DEVELOPER }
+      it { member_access(user).should == Gitlab::Access::OWNER }
+    end
+  end
+
+  def member_access(user)
+    group.members.find_by(user_id: user).group_access
+  end
+end