Skip to content

G
gitlab-ce
Commit f62fd171 authored by Matthias Käppler's avatar Matthias Käppler
Browse files
Options

Merge branch '324037-restrict-group-level-approval-settings-to-top-level-group' into 'master' 

Restrict group level approval settings to top level group

See merge request gitlab-org/gitlab!59225
parents 81e733e2 899991a0
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 16 deletions
ee/app/policies/ee/group_policy.rb
View file @ f62fd171
...@@ -111,7 +111,7 @@ module EE ...@@ -111,7 +111,7 @@ module EE
end end
condition(:group_merge_request_approval_settings_enabled) do condition(:group_merge_request_approval_settings_enabled) do
@subject.feature_available?(:group_merge_request_approval_settings) @subject.feature_available?(:group_merge_request_approval_settings) && @subject.root?
end end
condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? } condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
......
ee/spec/policies/group_policy_spec.rb
View file @ f62fd171
...@@ -1449,21 +1449,23 @@ RSpec.describe GroupPolicy do ...@@ -1449,21 +1449,23 @@ RSpec.describe GroupPolicy do
let(:policy) { :admin_merge_request_approval_settings } let(:policy) { :admin_merge_request_approval_settings }
where(:role, :licensed, :admin_mode, :allowed) do where(:role, :licensed, :admin_mode, :root_group, :allowed) do
:guest | true | nil | false :guest | true | nil | true | false
:guest | false | nil | false :guest | false | nil | true | false
:reporter | true | nil | false :reporter | true | nil | true | false
:reporter | false | nil | false :reporter | false | nil | true | false
:developer | true | nil | false :developer | true | nil | true | false
:developer | false | nil | false :developer | false | nil | true | false
:maintainer | true | nil | false :maintainer | true | nil | true | false
:maintainer | false | nil | false :maintainer | false | nil | true | false
:owner | true | nil | true :owner | true | nil | true | true
:owner | false | nil | false :owner | true | nil | false | false
:admin | true | true | true :owner | false | nil | true | false
:admin | false | true | false :admin | true | true | true | true
:admin | true | false | false :admin | true | true | false | false
:admin | false | false | false :admin | false | true | true | false
:admin | true | false | true | false
:admin | false | false | true | false
end end
with_them do with_them do
...@@ -1472,6 +1474,7 @@ RSpec.describe GroupPolicy do ...@@ -1472,6 +1474,7 @@ RSpec.describe GroupPolicy do
before do before do
stub_licensed_features(group_merge_request_approval_settings: licensed) stub_licensed_features(group_merge_request_approval_settings: licensed)
enable_admin_mode!(current_user) if admin_mode enable_admin_mode!(current_user) if admin_mode
group.parent = build(:group) unless root_group
end end
it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) } it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7