Commit f88b2f61 authored by Etienne Baqué's avatar Etienne Baqué Committed by Alex Kalderimis

Added user_cap to setting update service

Changelog: added
parent 363d0d38
...@@ -15,7 +15,7 @@ class NamespaceSetting < ApplicationRecord ...@@ -15,7 +15,7 @@ class NamespaceSetting < ApplicationRecord
NAMESPACE_SETTINGS_PARAMS = [:default_branch_name, :delayed_project_removal, NAMESPACE_SETTINGS_PARAMS = [:default_branch_name, :delayed_project_removal,
:lock_delayed_project_removal, :resource_access_token_creation_allowed, :lock_delayed_project_removal, :resource_access_token_creation_allowed,
:prevent_sharing_groups_outside_hierarchy].freeze :prevent_sharing_groups_outside_hierarchy, :new_user_signups_cap].freeze
self.primary_key = :namespace_id self.primary_key = :namespace_id
......
...@@ -156,6 +156,7 @@ class GroupPolicy < BasePolicy ...@@ -156,6 +156,7 @@ class GroupPolicy < BasePolicy
enable :set_note_created_at enable :set_note_created_at
enable :set_emails_disabled enable :set_emails_disabled
enable :change_prevent_sharing_groups_outside_hierarchy enable :change_prevent_sharing_groups_outside_hierarchy
enable :change_new_user_signups_cap
enable :update_default_branch_protection enable :update_default_branch_protection
enable :create_deploy_token enable :create_deploy_token
enable :destroy_deploy_token enable :destroy_deploy_token
......
...@@ -14,7 +14,15 @@ module NamespaceSettings ...@@ -14,7 +14,15 @@ module NamespaceSettings
def execute def execute
validate_resource_access_token_creation_allowed_param validate_resource_access_token_creation_allowed_param
validate_prevent_sharing_groups_outside_hierarchy_param
validate_settings_param_for_root_group(
param_key: :prevent_sharing_groups_outside_hierarchy,
user_policy: :change_prevent_sharing_groups_outside_hierarchy
)
validate_settings_param_for_root_group(
param_key: :new_user_signups_cap,
user_policy: :change_new_user_signups_cap
)
if group.namespace_settings if group.namespace_settings
group.namespace_settings.attributes = settings_params group.namespace_settings.attributes = settings_params
...@@ -34,17 +42,17 @@ module NamespaceSettings ...@@ -34,17 +42,17 @@ module NamespaceSettings
end end
end end
def validate_prevent_sharing_groups_outside_hierarchy_param def validate_settings_param_for_root_group(param_key:, user_policy:)
return if settings_params[:prevent_sharing_groups_outside_hierarchy].nil? return if settings_params[param_key].nil?
unless can?(current_user, :change_prevent_sharing_groups_outside_hierarchy, group) unless can?(current_user, user_policy, group)
settings_params.delete(:prevent_sharing_groups_outside_hierarchy) settings_params.delete(param_key)
group.namespace_settings.errors.add(:prevent_sharing_groups_outside_hierarchy, _('can only be changed by a group admin.')) group.namespace_settings.errors.add(param_key, _('can only be changed by a group admin.'))
end end
unless group.root? unless group.root?
settings_params.delete(:prevent_sharing_groups_outside_hierarchy) settings_params.delete(param_key)
group.namespace_settings.errors.add(:prevent_sharing_groups_outside_hierarchy, _('only available on top-level groups.')) group.namespace_settings.errors.add(param_key, _('only available on top-level groups.'))
end end
end end
end end
......
...@@ -76,50 +76,61 @@ RSpec.describe NamespaceSettings::UpdateService do ...@@ -76,50 +76,61 @@ RSpec.describe NamespaceSettings::UpdateService do
end end
end end
context "updating :prevent_sharing_groups_outside_hierarchy" do describe 'validating settings param for root group' do
let(:settings) { { prevent_sharing_groups_outside_hierarchy: true } } using RSpec::Parameterized::TableSyntax
context 'when user is a group owner' do where(:setting_key, :setting_changes_from, :setting_changes_to) do
before do :prevent_sharing_groups_outside_hierarchy | false | true
group.add_owner(user) :new_user_signups_cap | nil | 100
end
it 'changes settings' do
expect { service.execute }
.to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy }
.from(false).to(true)
end
end end
context 'when user is not a group owner' do with_them do
before do let(:settings) do
group.add_maintainer(user) { setting_key => setting_changes_to }
end end
it 'does not change settings' do context 'when user is not a group owner' do
expect { service.execute }.not_to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy } before do
end group.add_maintainer(user)
end
it 'returns the group owner error' do it 'does not change settings' do
service.execute expect { service.execute }.not_to change { group.namespace_settings.public_send(setting_key) }
end
it 'returns the group owner error' do
service.execute
expect(group.namespace_settings.errors.messages[:prevent_sharing_groups_outside_hierarchy]).to include('can only be changed by a group admin.') expect(group.namespace_settings.errors.messages[setting_key]).to include('can only be changed by a group admin.')
end
end end
end
context 'with a subgroup' do context 'with a subgroup' do
let(:subgroup) { create(:group, parent: group) } let(:subgroup) { create(:group, parent: group) }
before do before do
group.add_owner(user) group.add_owner(user)
end end
it 'does not change settings' do
service = described_class.new(user, subgroup, settings)
it 'does not change settings' do expect { service.execute }.not_to change { group.namespace_settings.public_send(setting_key) }
service = described_class.new(user, subgroup, settings)
expect(subgroup.namespace_settings.errors.messages[setting_key]).to include('only available on top-level groups.')
end
end
expect { service.execute }.not_to change { group.namespace_settings.prevent_sharing_groups_outside_hierarchy } context 'when user is a group owner' do
before do
group.add_owner(user)
end
expect(subgroup.namespace_settings.errors.messages[:prevent_sharing_groups_outside_hierarchy]).to include('only available on top-level groups.') it 'changes settings' do
expect { service.execute }
.to change { group.namespace_settings.public_send(setting_key) }
.from(setting_changes_from).to(setting_changes_to)
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment