Merge branch 'tpresa-add-highest-role-to-user' into 'master'

Add highest_role method to User See merge request gitlab-org/gitlab-ce!25462

Merge branch 'tpresa-add-highest-role-to-user' into 'master'
Add highest_role method to User See merge request gitlab-org/gitlab-ce!25462
9764c123 · Sean McGivern · e14b4b05 · 538741f2 · 9764c123 · 9764c123
Commit 9764c123 authored Mar 22, 2019 by Sean McGivern
10 changed files
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -917,6 +917,10 @@ class User < ApplicationRecord
    DeployKey.unscoped.in_projects(authorized_projects.pluck(:id)).distinct(:id)
  end

+  def highest_role
+    members.maximum(:access_level) || Gitlab::Access::NO_ACCESS
+  end
+
  def accessible_deploy_keys
    @accessible_deploy_keys ||= begin
      key_ids = project_deploy_keys.pluck(:id)

--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -117,6 +117,11 @@
          %strong
            = @user.sign_in_count

+        %li
+          %span.light= _("Highest role:")
+          %strong
+            = Gitlab::Access.human_access_with_none(@user.highest_role)
+
        - if @user.ldap_user?
          %li
            %span.light LDAP uid:

--- a/changelogs/unreleased/tpresa-add-highest-role-to-user.yml
+++ b/changelogs/unreleased/tpresa-add-highest-role-to-user.yml
+---
+title: Adding highest role property to admin's user details page
+merge_request:
+author:
+type: added
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -140,7 +140,8 @@ GET /users
    "can_create_project": true,
    "two_factor_enabled": true,
    "external": false,
-    "private_profile": false
+    "private_profile": false,
+    "highest_role":10
  }
 ]
 ```

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -86,6 +86,10 @@ module API
      expose :admin?, as: :is_admin
    end

+    class UserDetailsWithAdmin < UserWithAdmin
+      expose :highest_role
+    end
+
    class UserStatus < Grape::Entity
      expose :emoji
      expose :message

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -124,7 +124,7 @@ module API
        user = User.find_by(id: params[:id])
        not_found!('User') unless user && can?(current_user, :read_user, user)

-        opts = { with: current_user&.admin? ? Entities::UserWithAdmin : Entities::User, current_user: current_user }
+        opts = { with: current_user&.admin? ? Entities::UserDetailsWithAdmin : Entities::User, current_user: current_user }
        user, opts = with_custom_attributes(user, opts)

        present user, opts

--- a/lib/gitlab/access.rb
+++ b/lib/gitlab/access.rb
@@ -46,6 +46,12 @@ module Gitlab
        )
      end

+      def options_with_none
+        options_with_owner.merge(
+          "None" => NO_ACCESS
+        )
+      end
+
      def sym_options
        {
          guest:      GUEST,
@@ -75,12 +81,20 @@ module Gitlab
      def human_access(access)
        options_with_owner.key(access)
      end
+
+      def human_access_with_none(access)
+        options_with_none.key(access)
+      end
    end

    def human_access
      Gitlab::Access.human_access(access_field)
    end

+    def human_access_with_none
+      Gitlab::Access.human_access_with_none(access_field)
+    end
+
    def owner?
      access_field == OWNER
    end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -4121,6 +4121,9 @@ msgstr[1] ""
 msgid "Hide values"
 msgstr ""

+msgid "Highest role:"
+msgstr ""
+
 msgid "History"
 msgstr ""


--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -660,6 +660,68 @@ describe User do
    end
  end

+  describe '#highest_role' do
+    let(:user) { create(:user) }
+
+    let(:group) { create(:group) }
+
+    it 'returns NO_ACCESS if none has been set' do
+      expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
+    end
+
+    it 'returns MAINTAINER if user is maintainer of a project' do
+      create(:project, group: group) do |project|
+        project.add_maintainer(user)
+      end
+
+      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
+    end
+
+    it 'returns the highest role if user is member of multiple projects' do
+      create(:project, group: group) do |project|
+        project.add_maintainer(user)
+      end
+
+      create(:project, group: group) do |project|
+        project.add_developer(user)
+      end
+
+      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
+    end
+
+    it 'returns MAINTAINER if user is maintainer of a group' do
+      create(:group) do |group|
+        group.add_user(user, GroupMember::MAINTAINER)
+      end
+
+      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
+    end
+
+    it 'returns the highest role if user is member of multiple groups' do
+      create(:group) do |group|
+        group.add_user(user, GroupMember::MAINTAINER)
+      end
+
+      create(:group) do |group|
+        group.add_user(user, GroupMember::DEVELOPER)
+      end
+
+      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
+    end
+
+    it 'returns the highest role if user is member of multiple groups and projects' do
+      create(:group) do |group|
+        group.add_user(user, GroupMember::DEVELOPER)
+      end
+
+      create(:project, group: group) do |project|
+        project.add_maintainer(user)
+      end
+
+      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
+    end
+  end
+
  describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do
    let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") }
    let(:user) { create(:user) }

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -68,6 +68,13 @@ describe API::Users do
        expect(json_response.size).to eq(0)
      end

+      it "does not return the highest role" do
+        get api("/users"), params: { username: user.username }
+
+        expect(response).to match_response_schema('public_api/v4/user/basics')
+        expect(json_response.first.keys).not_to include 'highest_role'
+      end
+
      context "when public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
@@ -286,6 +293,13 @@ describe API::Users do
      expect(json_response.keys).not_to include 'is_admin'
    end

+    it "does not return the user's `highest_role`" do
+      get api("/users/#{user.id}", user)
+
+      expect(response).to match_response_schema('public_api/v4/user/basic')
+      expect(json_response.keys).not_to include 'highest_role'
+    end
+
    context 'when authenticated as admin' do
      it 'includes the `is_admin` field' do
        get api("/users/#{user.id}", admin)
@@ -300,6 +314,12 @@ describe API::Users do
        expect(response).to match_response_schema('public_api/v4/user/admin')
        expect(json_response.keys).to include 'created_at'
      end
+      it 'includes the `highest_role` field' do
+        get api("/users/#{user.id}", admin)
+
+        expect(response).to match_response_schema('public_api/v4/user/admin')
+        expect(json_response['highest_role']).to be(0)
+      end
    end

    context 'for an anonymous user' do