Merge branch...

Merge branch '325712-enterprise-users-distinguish-enterprise-from-regular-users-at-group-level' into 'master' Add "Enterprise" badge to users that are provisioned via SAML/SCIM See merge request gitlab-org/gitlab!63474

Merge branch...
Merge branch '325712-enterprise-users-distinguish-enterprise-from-regular-users-at-group-level' into 'master' Add "Enterprise" badge to users that are provisioned via SAML/SCIM See merge request gitlab-org/gitlab!63474
e67370db · David Fernandez · c8fc074b · 1f3fc17c · e67370db · e67370db
Commit e67370db authored Jun 14, 2021 by David Fernandez
14 changed files
--- a/doc/user/group/saml_sso/img/member_enterprise_badge_v14_0.png
+++ b/doc/user/group/saml_sso/img/member_enterprise_badge_v14_0.png
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -175,6 +175,10 @@ We recommend users do this prior to turning on sync, because while synchronizati

 New users and existing users on subsequent visits can access the group through the identify provider's dashboard or by visiting links directly.

+[In GitLab 14.0 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/325712), GitLab users created with a SCIM identity display with an **Enterprise** badge in the **Members** view.
+
+![Enterprise badge for users created with a SCIM identity](img/member_enterprise_badge_v14_0.png)
+
 For role information, please see the [Group SAML page](index.md#user-access-and-management)

 ### Blocking access

--- a/ee/app/assets/javascripts/members/utils.js
+++ b/ee/app/assets/javascripts/members/utils.js
@@ -32,6 +32,11 @@ export const generateBadges = ({ member, isCurrentUser, canManageMembers }) => [
    text: __('LDAP'),
    variant: 'info',
  },
+  {
+    show: member.provisionedByThisGroup,
+    text: __('Enterprise'),
+    variant: 'info',
+  },
 ];

 export const canOverride = (member) => member.canOverride && isDirectMember(member);
--- a/ee/app/models/ee/group_member.rb
+++ b/ee/app/models/ee/group_member.rb
@@ -81,6 +81,10 @@ module EE
      end
    end

+    def provisioned_by_this_group?
+      user&.user_detail&.provisioned_by_group_id == source_id
+    end
+
    private

    override :access_level_inclusion
@@ -152,9 +156,5 @@ module EE
    def send_welcome_email?
      !provisioned_by_this_group?
    end
-
-    def provisioned_by_this_group?
-      user.user_detail.provisioned_by_group_id == source_id
-    end
  end
 end
--- a/ee/app/models/ee/members_preloader.rb
+++ b/ee/app/models/ee/members_preloader.rb
@@ -11,6 +11,7 @@ module EE
      ActiveRecord::Associations::Preloader.new.preload(members, user: { group_saml_identities: :saml_provider })
      ActiveRecord::Associations::Preloader.new.preload(members, user: { oncall_participants: { rotation: :schedule } })
      ActiveRecord::Associations::Preloader.new.preload(members, user: :oncall_schedules)
+      ActiveRecord::Associations::Preloader.new.preload(members, user: :user_detail)
    end
  end
 end
--- a/ee/app/models/ee/project_member.rb
+++ b/ee/app/models/ee/project_member.rb
@@ -33,5 +33,9 @@ module EE
        errors.add(:user, _('is not in the group enforcing Group Managed Account'))
      end
    end
+
+    def provisioned_by_this_group?
+      false
+    end
  end
 end
--- a/ee/app/serializers/ee/member_entity.rb
+++ b/ee/app/serializers/ee/member_entity.rb
@@ -18,6 +18,8 @@ module EE
      end

      expose :override, as: :is_overridden
+
+      expose :provisioned_by_this_group?, as: :provisioned_by_this_group
    end

    private

--- a/ee/spec/fixtures/api/schemas/entities/member.json
+++ b/ee/spec/fixtures/api/schemas/entities/member.json
@@ -8,14 +8,16 @@
        "group_sso",
        "group_managed_account",
        "can_override",
-        "is_overridden"
+        "is_overridden",
+        "provisioned_by_this_group"
      ],
      "properties": {
        "using_license": { "type": ["boolean", "null"] },
        "group_sso": { "type": ["boolean", "null"] },
        "group_managed_account": { "type": ["boolean", "null"] },
        "can_override": { "type": ["boolean"] },
-        "is_overridden": { "type": ["boolean"] }
+        "is_overridden": { "type": ["boolean"] },
+        "provisioned_by_this_group": { "type": ["boolean"] }
      }
    }
  ]

--- a/ee/spec/frontend/members/utils_spec.js
+++ b/ee/spec/frontend/members/utils_spec.js
@@ -27,6 +27,7 @@ describe('Members Utils', () => {
      ${{ ...memberMock, groupSso: true }}               | ${{ show: true, text: 'SAML', variant: 'info' }}
      ${{ ...memberMock, groupManagedAccount: true }}    | ${{ show: true, text: 'Managed Account', variant: 'info' }}
      ${{ ...memberMock, canOverride: true }}            | ${{ show: true, text: 'LDAP', variant: 'info' }}
+      ${{ ...memberMock, provisionedByThisGroup: true }} | ${{ show: true, text: 'Enterprise', variant: 'info' }}
    `('returns expected output for "$expected.text" badge', ({ member, expected }) => {
      expect(
        generateBadges({ member, isCurrentUser: true, canManageMembers: true }),

--- a/ee/spec/models/group_member_spec.rb
+++ b/ee/spec/models/group_member_spec.rb
@@ -400,6 +400,32 @@ RSpec.describe GroupMember do
    end
  end

+  describe '#provisioned_by_this_group?' do
+    let_it_be(:group) { create(:group) }
+
+    let(:user) { build(:user) }
+    let(:member) { build(:group_member, group: group, user: user) }
+    let(:invited) { build(:group_member, :invited, group: group, user: user) }
+
+    subject { member.provisioned_by_this_group? }
+
+    context 'when user is provisioned by the group' do
+      let!(:user_detail) { build(:user_detail, user: user, provisioned_by_group_id: group.id) }
+
+      it { is_expected.to eq(true) }
+    end
+
+    context 'when user is not provisioned by the group' do
+      it { is_expected.to eq(false) }
+    end
+
+    context 'when member does not have a related user (invited member)' do
+      let(:member) { invited }
+
+      it { is_expected.to eq(false) }
+    end
+  end
+
  def webhook_data(group_member, event)
    {
      headers: { 'Content-Type' => 'application/json', 'User-Agent' => "GitLab/#{Gitlab::VERSION}", 'X-Gitlab-Event' => 'Member Hook' },

--- a/ee/spec/models/project_member_spec.rb
+++ b/ee/spec/models/project_member_spec.rb
@@ -88,4 +88,12 @@ RSpec.describe ProjectMember do
      end
    end
  end
+
+  describe '#provisioned_by_this_group?' do
+    let_it_be(:member) { build(:project_member) }
+
+    subject { member.provisioned_by_this_group? }
+
+    it { is_expected.to eq(false) }
+  end
 end
--- a/ee/spec/serializers/member_entity_spec.rb
+++ b/ee/spec/serializers/member_entity_spec.rb
@@ -37,6 +37,12 @@ RSpec.describe MemberEntity do

      expect(entity_hash[:can_override]).to be(true)
    end
+
+    it 'correctly exposes `provisioned_by_this_group`' do
+      allow(member).to receive(:provisioned_by_this_group?).and_return(true)
+
+      expect(entity_hash[:provisioned_by_this_group]).to be(true)
+    end
  end

  context 'group member' do

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -12382,6 +12382,9 @@ msgstr ""
 msgid "Enter your password to approve"
 msgstr ""

+msgid "Enterprise"
+msgstr ""
+
 msgid "Environment"
 msgstr ""


--- a/spec/frontend/members/mock_data.js
+++ b/spec/frontend/members/mock_data.js
@@ -30,6 +30,7 @@ export const member = {
  usingLicense: false,
  groupSso: false,
  groupManagedAccount: false,
+  provisionedByThisGroup: false,
  validRoles: {
    Guest: 10,
    Reporter: 20,