debian-mirror-gitlab/spec/features/projects/members/list_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Project members list', :js do
  include Spec::Support::Helpers::Features::MembersHelpers
  include Spec::Support::Helpers::Features::InviteMembersModalHelper

  let_it_be(:user1) { create(:user, name: 'John Doe') }
  let_it_be(:user2) { create(:user, name: 'Mary Jane') }
  let_it_be(:group) { create(:group) }
  let_it_be(:project) { create(:project, :internal, namespace: group) }

  before do
    sign_in(user1)
    group.add_owner(user1)
  end

  it 'show members from project and group', :aggregate_failures do
    project.add_developer(user2)

    visit_members_page

    expect(first_row).to have_content(user1.name)
    expect(second_row).to have_content(user2.name)
  end

  it 'show user once if member of both group and project', :aggregate_failures do
    project.add_developer(user1)

    visit_members_page

    expect(first_row).to have_content(user1.name)
    expect(second_row).to be_blank
  end

  it 'update user access level' do
    project.add_developer(user2)

    visit_members_page

    page.within find_member_row(user2) do
      click_button('Developer')
      click_button('Reporter')

      expect(page).to have_button('Reporter')
    end
  end

  it 'add user to project', :snowplow, :aggregate_failures do
    visit_members_page

    invite_member(user2.name, role: 'Reporter')

    page.within find_member_row(user2) do
      expect(page).to have_button('Reporter')
    end

    expect_snowplow_event(
      category: 'Members::CreateService',
      action: 'create_member',
      label: 'project-members-page',
      property: 'existing_user',
      user: user1
    )
  end

  it 'uses ProjectMember access_level_roles for the invite members modal access option', :aggregate_failures do
    visit_members_page

    click_on 'Invite members'

    click_on 'Guest'
    wait_for_requests

    page.within '.dropdown-menu' do
      expect(page).to have_button('Guest')
      expect(page).to have_button('Reporter')
      expect(page).to have_button('Developer')
      expect(page).to have_button('Maintainer')
      expect(page).not_to have_button('Owner')
    end
  end

  it 'remove user from project' do
    other_user = create(:user)
    project.add_developer(other_user)

    visit_members_page

    # Open modal
    page.within find_member_row(other_user) do
      click_button 'Remove member'
    end

    page.within('[role="dialog"]') do
      expect(page).to have_unchecked_field 'Also unassign this user from related issues and merge requests'
      click_button('Remove member')
    end

    wait_for_requests

    expect(members_table).not_to have_content(other_user.name)
  end

  it 'invite user to project', :snowplow, :aggregate_failures do
    visit_members_page

    invite_member('test@example.com', role: 'Reporter')

    click_link 'Invited'

    page.within find_invited_member_row('test@example.com') do
      expect(page).to have_button('Reporter')
    end

    expect_snowplow_event(
      category: 'Members::InviteService',
      action: 'create_member',
      label: 'project-members-page',
      property: 'net_new_user',
      user: user1
    )
  end

  context 'as a signed out visitor viewing a public project' do
    let_it_be(:project) { create(:project, :public) }

    before do
      sign_out(user1)
    end

    it 'does not show the Invite members button when not signed in' do
      visit_members_page

      expect(page).not_to have_button('Invite members')
    end
  end

  context 'project bots' do
    let(:project_bot) { create(:user, :project_bot, name: 'project_bot') }

    before do
      project.add_maintainer(project_bot)
    end

    it 'does not show form used to change roles and "Expiration date" or the remove user button', :aggregate_failures do
      visit_members_page

      page.within find_member_row(project_bot) do
        expect(page).not_to have_button('Maintainer')
        expect(page).to have_field('Expiration date', disabled: true)
        expect(page).not_to have_button('Remove member')
      end
    end
  end

  describe 'when user has 2FA enabled' do
    let_it_be(:admin) { create(:admin) }
    let_it_be(:user_with_2fa) { create(:user, :two_factor_via_otp) }

    before do
      project.add_guest(user_with_2fa)
    end

    it 'shows 2FA badge to user with "Maintainer" access level' do
      project.add_maintainer(user1)

      visit_members_page

      expect(find_member_row(user_with_2fa)).to have_content('2FA')
    end

    it 'shows 2FA badge to admins' do
      sign_in(admin)
      gitlab_enable_admin_mode_sign_in(admin)

      visit_members_page

      expect(find_member_row(user_with_2fa)).to have_content('2FA')
    end

    it 'does not show 2FA badge to users with access level below "Maintainer"' do
      group.add_developer(user1)

      visit_members_page

      expect(find_member_row(user_with_2fa)).not_to have_content('2FA')
    end

    it 'shows 2FA badge to themselves' do
      sign_in(user_with_2fa)

      visit_members_page

      expect(find_member_row(user_with_2fa)).to have_content('2FA')
    end
  end

  private

  def visit_members_page
    visit project_project_members_path(project)
  end
end
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`# frozen_string_literal: true`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`require 'spec_helper'`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`RSpec.describe 'Project members list', :js do`
			`include Spec::Support::Helpers::Features::MembersHelpers`
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`include Spec::Support::Helpers::Features::InviteMembersModalHelper`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`let_it_be(:user1) { create(:user, name: 'John Doe') }`
			`let_it_be(:user2) { create(:user, name: 'Mary Jane') }`
			`let_it_be(:group) { create(:group) }`
			`let_it_be(:project) { create(:project, :internal, namespace: group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`before do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`sign_in(user1)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`group.add_owner(user1)`
			`end`

New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`it 'show members from project and group', :aggregate_failures do`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`project.add_developer(user2)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(first_row).to have_content(user1.name)`
			`expect(second_row).to have_content(user2.name)`
			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`it 'show user once if member of both group and project', :aggregate_failures do`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`project.add_developer(user1)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(first_row).to have_content(user1.name)`
			`expect(second_row).to be_blank`
			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`it 'update user access level' do`
			`project.add_developer(user2)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`page.within find_member_row(user2) do`
			`click_button('Developer')`
			`click_button('Reporter')`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(page).to have_button('Reporter')`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`it 'add user to project', :snowplow, :aggregate_failures do`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`invite_member(user2.name, role: 'Reporter')`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`page.within find_member_row(user2) do`
			`expect(page).to have_button('Reporter')`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30
			`expect_snowplow_event(`
			`category: 'Members::CreateService',`
			`action: 'create_member',`
			`label: 'project-members-page',`
			`property: 'existing_user',`
			`user: user1`
			`)`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`it 'uses ProjectMember access_level_roles for the invite members modal access option', :aggregate_failures do`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`click_on 'Invite members'`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`click_on 'Guest'`
			`wait_for_requests`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`page.within '.dropdown-menu' do`
			`expect(page).to have_button('Guest')`
			`expect(page).to have_button('Reporter')`
			`expect(page).to have_button('Developer')`
			`expect(page).to have_button('Maintainer')`
			`expect(page).not_to have_button('Owner')`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`end`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`it 'remove user from project' do`
			`other_user = create(:user)`
			`project.add_developer(other_user)`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`# Open modal`
			`page.within find_member_row(other_user) do`
			`click_button 'Remove member'`
			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`page.within('[role="dialog"]') do`
			`expect(page).to have_unchecked_field 'Also unassign this user from related issues and merge requests'`
			`click_button('Remove member')`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`wait_for_requests`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(members_table).not_to have_content(other_user.name)`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`it 'invite user to project', :snowplow, :aggregate_failures do`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`invite_member('test@example.com', role: 'Reporter')`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30
			`click_link 'Invited'`

			`page.within find_invited_member_row('test@example.com') do`
			`expect(page).to have_button('Reporter')`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30
			`expect_snowplow_event(`
			`category: 'Members::InviteService',`
			`action: 'create_member',`
			`label: 'project-members-page',`
			`property: 'net_new_user',`
			`user: user1`
			`)`
			`end`

			`context 'as a signed out visitor viewing a public project' do`
			`let_it_be(:project) { create(:project, :public) }`

			`before do`
			`sign_out(user1)`
			`end`

			`it 'does not show the Invite members button when not signed in' do`
			`visit_members_page`

			`expect(page).not_to have_button('Invite members')`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`context 'project bots' do`
			`let(:project_bot) { create(:user, :project_bot, name: 'project_bot') }`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30
			`before do`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`project.add_maintainer(project_bot)`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`

New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`it 'does not show form used to change roles and "Expiration date" or the remove user button', :aggregate_failures do`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`visit_members_page`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`page.within find_member_row(project_bot) do`
			`expect(page).not_to have_button('Maintainer')`
			`expect(page).to have_field('Expiration date', disabled: true)`
			`expect(page).not_to have_button('Remove member')`
			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`describe 'when user has 2FA enabled' do`
			`let_it_be(:admin) { create(:admin) }`
			`let_it_be(:user_with_2fa) { create(:user, :two_factor_via_otp) }`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`before do`
			`project.add_guest(user_with_2fa)`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`end`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`it 'shows 2FA badge to user with "Maintainer" access level' do`
			`project.add_maintainer(user1)`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
			`visit_members_page`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(find_member_row(user_with_2fa)).to have_content('2FA')`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`it 'shows 2FA badge to admins' do`
			`sign_in(admin)`
			`gitlab_enable_admin_mode_sign_in(admin)`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(find_member_row(user_with_2fa)).to have_content('2FA')`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`it 'does not show 2FA badge to users with access level below "Maintainer"' do`
			`group.add_developer(user1)`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
			`visit_members_page`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(find_member_row(user_with_2fa)).not_to have_content('2FA')`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`it 'shows 2FA badge to themselves' do`
			`sign_in(user_with_2fa)`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`visit_members_page`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`expect(find_member_row(user_with_2fa)).to have_content('2FA')`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`end`
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`end`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`private`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def visit_members_page`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`visit project_project_members_path(project)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`end`