debian-mirror-gitlab/spec/finders/group_members_finder_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

304 lines
14 KiB
Ruby
Raw Normal View History

2019-12-21 20:55:43 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
require 'spec_helper'
2023-04-23 21:23:45 +05:30
RSpec.describe GroupMembersFinder, '#execute', feature_category: :subgroups do
2022-03-02 08:16:31 +05:30
let_it_be(:group) { create(:group) }
let_it_be(:sub_group) { create(:group, parent: group) }
let_it_be(:sub_sub_group) { create(:group, parent: sub_group) }
let_it_be(:public_shared_group) { create(:group, :public) }
let_it_be(:private_shared_group) { create(:group, :private) }
let_it_be(:user1) { create(:user) }
let_it_be(:user2) { create(:user) }
let_it_be(:user3) { create(:user) }
let_it_be(:user4) { create(:user) }
2023-04-23 21:23:45 +05:30
let_it_be(:user5_2fa) { create(:user, :two_factor_via_otp) }
2022-03-02 08:16:31 +05:30
2023-04-23 21:23:45 +05:30
let_it_be(:link) do
2022-03-02 08:16:31 +05:30
create(:group_group_link, shared_group: group, shared_with_group: public_shared_group)
create(:group_group_link, shared_group: sub_group, shared_with_group: private_shared_group)
end
2021-04-29 21:17:54 +05:30
let(:groups) do
{
2022-10-11 01:57:18 +05:30
group: group,
sub_group: sub_group,
sub_sub_group: sub_sub_group,
public_shared_group: public_shared_group,
2022-03-02 08:16:31 +05:30
private_shared_group: private_shared_group
2021-04-29 21:17:54 +05:30
}
2017-08-17 22:00:37 +05:30
end
2021-04-29 21:17:54 +05:30
context 'relations' do
2023-04-23 21:23:45 +05:30
let_it_be(:members) do
2021-04-29 21:17:54 +05:30
{
2022-10-11 01:57:18 +05:30
user1_sub_sub_group: create(:group_member, :maintainer, group: sub_sub_group, user: user1),
user1_sub_group: create(:group_member, :developer, group: sub_group, user: user1),
user1_group: create(:group_member, :reporter, group: group, user: user1),
user1_public_shared_group: create(:group_member, :maintainer, group: public_shared_group, user: user1),
2022-03-02 08:16:31 +05:30
user1_private_shared_group: create(:group_member, :maintainer, group: private_shared_group, user: user1),
2022-10-11 01:57:18 +05:30
user2_sub_sub_group: create(:group_member, :reporter, group: sub_sub_group, user: user2),
user2_sub_group: create(:group_member, :developer, group: sub_group, user: user2),
user2_group: create(:group_member, :maintainer, group: group, user: user2),
user2_public_shared_group: create(:group_member, :developer, group: public_shared_group, user: user2),
user2_private_shared_group: create(:group_member, :developer, group: private_shared_group, user: user2),
user3_sub_sub_group: create(:group_member, :developer, group: sub_sub_group, user: user3, expires_at: 1.day.from_now),
user3_sub_group: create(:group_member, :developer, group: sub_group, user: user3, expires_at: 2.days.from_now),
user3_group: create(:group_member, :reporter, group: group, user: user3),
user3_public_shared_group: create(:group_member, :reporter, group: public_shared_group, user: user3),
user3_private_shared_group: create(:group_member, :reporter, group: private_shared_group, user: user3),
user4_sub_sub_group: create(:group_member, :reporter, group: sub_sub_group, user: user4),
user4_sub_group: create(:group_member, :developer, group: sub_group, user: user4, expires_at: 1.day.from_now),
user4_group: create(:group_member, :developer, group: group, user: user4, expires_at: 2.days.from_now),
user4_public_shared_group: create(:group_member, :developer, group: public_shared_group, user: user4),
user4_private_shared_group: create(:group_member, :developer, group: private_shared_group, user: user4),
2023-04-23 21:23:45 +05:30
user5_private_shared_group: create(:group_member, :developer, group: private_shared_group, user: user5_2fa)
2021-04-29 21:17:54 +05:30
}
end
2023-06-20 00:43:36 +05:30
shared_examples 'member relations' do
it 'raises an error if a non-supported relation type is used' do
expect do
described_class.new(group).execute(include_relations: [:direct, :invalid_relation_type])
end.to raise_error(ArgumentError, "invalid_relation_type is not a valid relation type. Valid relation types are direct, inherited, descendants, shared_from_groups.")
end
using RSpec::Parameterized::TableSyntax
where(:subject_relations, :subject_group, :expected_members) do
[] | :group | []
GroupMembersFinder::DEFAULT_RELATIONS | :group | [:user1_group, :user2_group, :user3_group, :user4_group]
[:direct] | :group | [:user1_group, :user2_group, :user3_group, :user4_group]
[:inherited] | :group | []
[:descendants] | :group | [:user1_sub_sub_group, :user2_sub_group, :user3_sub_group, :user4_sub_group]
[:shared_from_groups] | :group | [:user1_public_shared_group, :user2_public_shared_group, :user3_public_shared_group, :user4_public_shared_group]
[:direct, :inherited, :descendants, :shared_from_groups] | :group | [:user1_sub_sub_group, :user2_group, :user3_sub_group, :user4_public_shared_group]
[] | :sub_group | []
GroupMembersFinder::DEFAULT_RELATIONS | :sub_group | [:user1_sub_group, :user2_group, :user3_sub_group, :user4_group]
[:direct] | :sub_group | [:user1_sub_group, :user2_sub_group, :user3_sub_group, :user4_sub_group]
[:inherited] | :sub_group | [:user1_group, :user2_group, :user3_group, :user4_group]
[:descendants] | :sub_group | [:user1_sub_sub_group, :user2_sub_sub_group, :user3_sub_sub_group, :user4_sub_sub_group]
[:shared_from_groups] | :sub_group | [:user1_public_shared_group, :user2_public_shared_group, :user3_public_shared_group, :user4_public_shared_group]
[:direct, :inherited, :descendants, :shared_from_groups] | :sub_group | [:user1_sub_sub_group, :user2_group, :user3_sub_group, :user4_public_shared_group]
[] | :sub_sub_group | []
GroupMembersFinder::DEFAULT_RELATIONS | :sub_sub_group | [:user1_sub_sub_group, :user2_group, :user3_sub_group, :user4_group]
[:direct] | :sub_sub_group | [:user1_sub_sub_group, :user2_sub_sub_group, :user3_sub_sub_group, :user4_sub_sub_group]
[:inherited] | :sub_sub_group | [:user1_sub_group, :user2_group, :user3_sub_group, :user4_group]
[:descendants] | :sub_sub_group | []
[:shared_from_groups] | :sub_sub_group | [:user1_public_shared_group, :user2_public_shared_group, :user3_public_shared_group, :user4_public_shared_group]
[:direct, :inherited, :descendants, :shared_from_groups] | :sub_sub_group | [:user1_sub_sub_group, :user2_group, :user3_sub_group, :user4_public_shared_group]
end
with_them do
it 'returns correct members' do
result = described_class.new(groups[subject_group]).execute(include_relations: subject_relations)
2021-10-27 15:23:28 +05:30
2023-06-20 00:43:36 +05:30
expect(result.to_a).to match_array(expected_members.map { |name| members[name] })
end
end
2021-04-29 21:17:54 +05:30
end
2023-06-20 00:43:36 +05:30
it_behaves_like 'member relations'
it 'returns the correct access level of the members shared through group sharing' do
shared_members_access = described_class
.new(groups[:group])
.execute(include_relations: [:shared_from_groups])
.to_a
.map(&:access_level)
2021-04-29 21:17:54 +05:30
2023-06-20 00:43:36 +05:30
correct_access_levels = ([Gitlab::Access::DEVELOPER] * 3) << Gitlab::Access::REPORTER
expect(shared_members_access).to match_array(correct_access_levels)
end
context 'when members_with_shared_group_access feature flag is disabled' do
before do
stub_feature_flags(members_with_shared_group_access: false)
2021-04-29 21:17:54 +05:30
end
2023-06-20 00:43:36 +05:30
it_behaves_like 'member relations'
2021-04-29 21:17:54 +05:30
end
2017-08-17 22:00:37 +05:30
end
2018-11-08 19:23:39 +05:30
2021-04-29 21:17:54 +05:30
context 'search' do
2023-04-23 21:23:45 +05:30
before_all do
2021-04-29 21:17:54 +05:30
group.add_maintainer(user2)
group.add_developer(user3)
2023-04-23 21:23:45 +05:30
end
let_it_be(:maintainer1) { group.add_maintainer(user1) }
2020-01-01 13:55:28 +05:30
2023-04-23 21:23:45 +05:30
it 'returns searched members if requested' do
2021-04-29 21:17:54 +05:30
result = described_class.new(group, params: { search: user1.name }).execute
2020-01-01 13:55:28 +05:30
2023-04-23 21:23:45 +05:30
expect(result.to_a).to match_array([maintainer1])
2021-04-29 21:17:54 +05:30
end
2020-01-01 13:55:28 +05:30
2021-04-29 21:17:54 +05:30
it 'returns nothing if search only in inherited relation' do
result = described_class.new(group, params: { search: user1.name }).execute(include_relations: [:inherited])
2020-01-01 13:55:28 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).to match_array([])
end
2020-01-01 13:55:28 +05:30
2021-04-29 21:17:54 +05:30
it 'returns searched member only from sub_group if search only in inherited relation' do
sub_group.add_maintainer(create(:user, name: user1.name))
2020-03-13 15:44:24 +05:30
2023-04-23 21:23:45 +05:30
result = described_class.new(sub_group, params: { search: maintainer1.user.name }).execute(include_relations: [:inherited])
2020-03-13 15:44:24 +05:30
2023-04-23 21:23:45 +05:30
expect(result.to_a).to contain_exactly(maintainer1)
2021-04-29 21:17:54 +05:30
end
2020-03-13 15:44:24 +05:30
end
2021-04-29 21:17:54 +05:30
context 'filter by two-factor' do
it 'returns members with two-factor auth if requested by owner' do
group.add_owner(user2)
group.add_maintainer(user1)
2023-04-23 21:23:45 +05:30
member = group.add_maintainer(user5_2fa)
2018-11-08 19:23:39 +05:30
2021-04-29 21:17:54 +05:30
result = described_class.new(group, user2, params: { two_factor: 'enabled' }).execute
2018-11-08 19:23:39 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).to contain_exactly(member)
end
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
it 'returns members without two-factor auth if requested by owner' do
member1 = group.add_owner(user2)
member2 = group.add_maintainer(user1)
2023-04-23 21:23:45 +05:30
member_with_2fa = group.add_maintainer(user5_2fa)
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
result = described_class.new(group, user2, params: { two_factor: 'disabled' }).execute
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).not_to include(member_with_2fa)
expect(result.to_a).to match_array([member1, member2])
end
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
it 'returns direct members with two-factor auth if requested by owner' do
group.add_owner(user1)
group.add_maintainer(user2)
sub_group.add_maintainer(user3)
2023-04-23 21:23:45 +05:30
member_with_2fa = sub_group.add_maintainer(user5_2fa)
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
result = described_class.new(sub_group, user1, params: { two_factor: 'enabled' }).execute(include_relations: [:direct])
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).to match_array([member_with_2fa])
end
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
it 'returns inherited members with two-factor auth if requested by owner' do
group.add_owner(user1)
2023-04-23 21:23:45 +05:30
member_with_2fa = group.add_maintainer(user5_2fa)
2021-04-29 21:17:54 +05:30
sub_group.add_maintainer(user2)
sub_group.add_maintainer(user3)
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
result = described_class.new(sub_group, user1, params: { two_factor: 'enabled' }).execute(include_relations: [:inherited])
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).to match_array([member_with_2fa])
end
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
it 'returns direct members without two-factor auth if requested by owner' do
group.add_owner(user1)
group.add_maintainer(user2)
member3 = sub_group.add_maintainer(user3)
2023-04-23 21:23:45 +05:30
sub_group.add_maintainer(user5_2fa)
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
result = described_class.new(sub_group, user1, params: { two_factor: 'disabled' }).execute(include_relations: [:direct])
2020-03-13 15:44:24 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).to match_array([member3])
end
2021-02-22 17:27:13 +05:30
2021-04-29 21:17:54 +05:30
it 'returns inherited members without two-factor auth if requested by owner' do
member1 = group.add_owner(user1)
2023-04-23 21:23:45 +05:30
group.add_maintainer(user5_2fa)
2021-04-29 21:17:54 +05:30
sub_group.add_maintainer(user2)
sub_group.add_maintainer(user3)
2021-02-22 17:27:13 +05:30
2021-04-29 21:17:54 +05:30
result = described_class.new(sub_group, user1, params: { two_factor: 'disabled' }).execute(include_relations: [:inherited])
2021-02-22 17:27:13 +05:30
2021-04-29 21:17:54 +05:30
expect(result.to_a).to match_array([member1])
end
2021-02-22 17:27:13 +05:30
end
2022-07-16 23:28:13 +05:30
context 'filter by access levels' do
2023-04-23 21:23:45 +05:30
let_it_be(:owner1) { group.add_owner(user2) }
let_it_be(:owner2) { group.add_owner(user3) }
let_it_be(:maintainer1) { group.add_maintainer(user4) }
let_it_be(:maintainer2) { group.add_maintainer(user5_2fa) }
2022-07-16 23:28:13 +05:30
subject(:by_access_levels) { described_class.new(group, user1, params: { access_levels: access_levels }).execute }
context 'by owner' do
let(:access_levels) { ::Gitlab::Access::OWNER }
it 'returns owners' do
expect(by_access_levels).to match_array([owner1, owner2])
end
end
context 'by maintainer' do
let(:access_levels) { ::Gitlab::Access::MAINTAINER }
it 'returns owners' do
expect(by_access_levels).to match_array([maintainer1, maintainer2])
end
end
context 'by owner and maintainer' do
let(:access_levels) { [::Gitlab::Access::OWNER, ::Gitlab::Access::MAINTAINER] }
it 'returns owners and maintainers' do
expect(by_access_levels).to match_array([owner1, owner2, maintainer1, maintainer2])
end
end
end
2023-05-27 22:25:52 +05:30
context 'filter by user type' do
subject(:by_user_type) { described_class.new(group, user1, params: { user_type: user_type }).execute }
let_it_be(:service_account) { create(:user, :service_account) }
let_it_be(:project_bot) { create(:user, :project_bot) }
let_it_be(:service_account_member) { group.add_developer(service_account) }
let_it_be(:project_bot_member) { group.add_developer(project_bot) }
context 'when the user is an owner' do
before do
group.add_owner(user1)
end
context 'when filtering by project bots' do
let(:user_type) { 'project_bot' }
it 'returns filtered members' do
expect(by_user_type).to match_array([project_bot_member])
end
end
context 'when filtering by service accounts' do
let(:user_type) { 'service_account' }
it 'returns filtered members' do
expect(by_user_type).to match_array([service_account_member])
end
end
end
context 'when the user is a maintainer' do
let(:user_type) { 'service_account' }
let_it_be(:user1_member) { group.add_maintainer(user1) }
it 'returns unfiltered members' do
expect(by_user_type).to match_array([user1_member, service_account_member, project_bot_member])
end
end
context 'when the user is a developer' do
let(:user_type) { 'service_account' }
let_it_be(:user1_member) { group.add_developer(user1) }
it 'returns unfiltered members' do
expect(by_user_type).to match_array([user1_member, service_account_member, project_bot_member])
end
end
end
2017-08-17 22:00:37 +05:30
end