Merge branch 'fix_ldap_access_request_temp' into 'master'

Temporary fix for #825 - LDAP sync converts access requests to members Interim fix for #825. It's a critical enough issue that we need the workaround for now and when the true fix comes we can remove the conditional. The spec will still be relevant, thankfully. See merge request !655

Merge branch 'fix_ldap_access_request_temp' into 'master'
Temporary fix for #825 - LDAP sync converts access requests to members Interim fix for #825. It's a critical enough issue that we need the workaround for now and when the true fix comes we can remove the conditional. The spec will still be relevant, thankfully. See merge request !655
ce06cc65 · Douwe Maan · 38f7f31a · 78f74c35 · ce06cc65 · ce06cc65
Commit ce06cc65 authored Aug 16, 2016 by Douwe Maan
Showing with 30 additions and 4 deletions

CHANGELOG-EE CHANGELOG-EE +1 -0

lib/ee/gitlab/ldap/sync/group.rb lib/ee/gitlab/ldap/sync/group.rb +12 -3

spec/lib/ee/gitlab/ldap/sync/group_spec.rb spec/lib/ee/gitlab/ldap/sync/group_spec.rb +17 -1

No files found.
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
@@ -4,6 +4,7 @@ v 8.11.0 (unreleased)
  - Allow projects to be moved between repository storages
  - Add rake task to remove old repository copies from repositories moved to another storage
  - Performance improvement of push rules
+  - Temporary fix for #825 - LDAP sync converts access requests to members. !655
  - Change LdapGroupSyncWorker to use new LDAP group sync classes
  - Removed unused GitLab GEO database index
  - Enable monitoring for ES classes

--- a/lib/ee/gitlab/ldap/sync/group.rb
+++ b/lib/ee/gitlab/ldap/sync/group.rb
@@ -123,12 +123,21 @@ module EE
            # Prevent the last owner of a group from being demoted
            if access < ::Gitlab::Access::OWNER && group.last_owner?(user)
              warn_cannot_remove_last_owner(user, group)
+            else
+              # Temporarily handle access requests until
+              # gitlab-org/gitlab-ee#825 is properly resolved.
+              member = group.requesters.find_by(user_id: user.id)
+              if member.present?
+                member.access_level = access
+                member.requested_at = nil
+                member.save
              else
                # If you pass the user object, instead of just user ID,
                # it saves an extra user database query.
                group.add_users([user], access, skip_notification: true)
              end
            end
+          end

          def warn_cannot_remove_last_owner(user, group)
            logger.warn do

--- a/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
+++ b/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
@@ -49,7 +49,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do

            sync_group.update_permissions

-            expect(group.members).not_to include(user)
+            expect(group.members.pluck(:user_id)).not_to include(user.id)
          end
        end

@@ -59,6 +59,22 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
          expect(group.members.pluck(:user_id)).to include(user.id)
        end

+        it 'converts an existing membership access request to a real member' do
+          group.members.create(
+            user: user,
+            access_level: ::Gitlab::Access::MASTER,
+            requested_at: DateTime.now
+          )
+          # Validate that the user is properly created as a requester first.
+          expect(group.requesters.pluck(:user_id)).to include(user.id)
+
+          sync_group.update_permissions
+
+          expect(group.members.pluck(:user_id)).to include(user.id)
+          expect(group.members.find_by(user_id: user.id).access_level)
+            .to eq(::Gitlab::Access::DEVELOPER)
+        end
+
        it 'downgrades existing member access' do
          # Create user with higher access
          group.add_users([user],