Remove duplicate authorized_projects entries during refresh

cf04eb76 · Imre Farkas · 489520a9 · cf04eb76 · cf04eb76 · cf04eb76
Commit cf04eb76 authored Aug 05, 2020 by Imre Farkas
3 changed files
--- a/app/services/users/refresh_authorized_projects_service.rb
+++ b/app/services/users/refresh_authorized_projects_service.rb
@@ -53,7 +53,13 @@ module Users
      current = current_authorizations_per_project
      fresh = fresh_access_levels_per_project

-      remove = current.each_with_object([]) do |(project_id, row), array|
+      # Delete projects that have more than one authorizations associated with
+      # the user. The correct authorization is added to the ``add`` array in the
+      # next stage.
+      remove = projects_with_duplicates
+      current.except!(*projects_with_duplicates)
+
+      remove |= current.each_with_object([]) do |(project_id, row), array|
        # rows not in the new list or with a different access level should be
        # removed.
        if !fresh[project_id] || fresh[project_id] != row.access_level
@@ -106,7 +112,7 @@ module Users
    end

    def current_authorizations
-      user.project_authorizations.select(:project_id, :access_level)
+      @current_authorizations ||= user.project_authorizations.select(:project_id, :access_level)
    end

    def fresh_authorizations
@@ -116,5 +122,12 @@ module Users
    private

    attr_reader :incorrect_auth_found_callback, :missing_auth_found_callback
+
+    def projects_with_duplicates
+      @projects_with_duplicates ||= current_authorizations
+                                      .group_by(&:project_id)
+                                      .select { |project_id, authorizations| authorizations.count > 1 }
+                                      .keys
+    end
  end
 end
--- a/changelogs/unreleased/218744-remove_duplicate_project_auths.yml
+++ b/changelogs/unreleased/218744-remove_duplicate_project_auths.yml
+---
+title: Remove duplicate authorized_projects entries during refresh
+merge_request: 38715
+author:
+type: fixed
--- a/spec/services/users/refresh_authorized_projects_service_spec.rb
+++ b/spec/services/users/refresh_authorized_projects_service_spec.rb
@@ -76,6 +76,26 @@ RSpec.describe Users::RefreshAuthorizedProjectsService do
      service.execute_without_lease
    end

+    it 'removes duplicate entries' do
+      [Gitlab::Access::MAINTAINER, Gitlab::Access::REPORTER].each do |access_level|
+        user.project_authorizations.create!(project: project, access_level: access_level)
+      end
+
+      expect(service).to(
+        receive(:update_authorizations)
+          .with([project.id], [[user.id, project.id, Gitlab::Access::MAINTAINER]])
+          .and_call_original)
+
+      service.execute_without_lease
+
+      expect(user.project_authorizations.count).to eq(1)
+      project_authorization = ProjectAuthorization.where(
+        project_id: project.id,
+        user_id: user.id,
+        access_level: Gitlab::Access::MAINTAINER)
+      expect(project_authorization).to exist
+    end
+
    it 'sets the access level of a project to the highest available level' do
      user.project_authorizations.delete_all