Merge branch 'feature/reset_access_button' into 'master'

Feature: Reset Access Button

Fixed #59

app/controllers/groups/ldaps_controller.rb

+class Groups::LdapsController < ApplicationController
+  before_filter :group
+  before_filter :authorize_admin_group!
+
+  def reset_access
+    LdapGroupResetService.new.execute(group, current_user)
+
+    redirect_to members_group_path(@group), notice: 'Access reset complete'
+  end
+
+  private
+
+  def group
+    @group ||= Group.find_by(path: params[:group_id])
+  end
+
+  def authorize_admin_group!
+    unless can?(current_user, :manage_group, group)
+      return render_404
+    end
+  end
+end

app/helpers/application_helper.rb

@@ -233,4 +233,8 @@ module ApplicationHelper
       content_tag(:i, nil, class: 'icon-spinner icon-spin') + text
     end
   end
+
+  def ldap_enabled?
+    Gitlab.config.ldap.enabled
+  end
 end

app/models/group.rb

@@ -76,4 +76,8 @@ class Group < Namespace
       self.errors.add :avatar, "only images allowed"
     end
   end
+
+  def human_ldap_access
+    Gitlab::Access.options_with_owner.key ldap_access
+  end
 end

app/services/ldap_group_reset_service.rb

+class LdapGroupResetService
+  def execute(group, current_user)
+    group.members.includes(:user).each do |member|
+      user = member.user
+
+      if user.ldap_user? && user != current_user
+        member.group_access = group.ldap_access
+        member.save
+      end
+    end
+  end
+end

app/views/groups/members.html.haml

@@ -15,6 +15,10 @@
 
   - if current_user.can? :manage_group, @group
     .pull-right
+      - if ldap_enabled? && @group.ldap_cn.present?
+        = link_to reset_access_group_ldap_path(@group), class: 'btn grouped', data: { confirm: "Reset the access level of all other LDAP group team members to '#{@group.human_ldap_access}'?" }, method: :put do
+          Reset access
+
       = link_to '#', class: 'btn btn-new js-toggle-visibility-link' do
         Add members
         %i.icon-chevron-down

config/routes.rb

@@ -159,6 +159,14 @@ Gitlab::Application.routes.draw do
       get :members
     end
 
+    scope module: :groups do
+      resource :ldap, only: [] do
+        member do
+          put :reset_access
+        end
+      end
+    end
+
     resources :users_groups, only: [:create, :update, :destroy]
     scope module: :groups do
       resource :avatar, only: [:destroy]

spec/services/ldap_group_reset_service_spec.rb

+require 'spec_helper'
+
+describe LdapGroupResetService do
+  let(:group) { create(:group, ldap_cn: 'developers', ldap_access: Gitlab::Access::DEVELOPER) }
+  let(:user) { create(:user) }
+  let(:ldap_user) { create(:user, extern_uid: 'john', provider: 'ldap') }
+  let(:ldap_user_2) { create(:user, extern_uid: 'mike', provider: 'ldap') }
+
+  before do
+    group.add_owner(user)
+    group.add_owner(ldap_user)
+    group.add_user(ldap_user_2, Gitlab::Access::REPORTER)
+  end
+
+  describe '#execute' do
+    context 'initiated by ldap user' do
+      before { LdapGroupResetService.new.execute(group, ldap_user) }
+
+      it { member_access(ldap_user).should == Gitlab::Access::OWNER }
+      it { member_access(ldap_user_2).should == Gitlab::Access::DEVELOPER }
+      it { member_access(user).should == Gitlab::Access::OWNER }
+    end
+
+    context 'initiated by regular user' do
+      before { LdapGroupResetService.new.execute(group, user) }
+
+      it { member_access(ldap_user).should == Gitlab::Access::DEVELOPER }
+      it { member_access(ldap_user_2).should == Gitlab::Access::DEVELOPER }
+      it { member_access(user).should == Gitlab::Access::OWNER }
+    end
+  end
+
+  def member_access(user)
+    group.members.find_by(user_id: user).group_access
+  end
+end