debian-mirror-gitlab/spec/features/projects/members/manage_members_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

296 lines
8.2 KiB
Ruby
Raw Normal View History

2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
require 'spec_helper'
2023-03-04 22:38:38 +05:30
RSpec.describe 'Projects > Members > Manage members', :js, feature_category: :onboarding do
2021-04-17 20:07:23 +05:30
include Spec::Support::Helpers::Features::MembersHelpers
2021-06-08 01:23:25 +05:30
include Spec::Support::Helpers::Features::InviteMembersModalHelper
2022-01-26 12:08:38 +05:30
include Spec::Support::Helpers::ModalHelpers
2017-08-17 22:00:37 +05:30
2021-09-04 01:27:46 +05:30
let_it_be(:user1) { create(:user, name: 'John Doe') }
let_it_be(:user2) { create(:user, name: 'Mary Jane') }
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :internal, namespace: group) }
2017-08-17 22:00:37 +05:30
2022-08-27 11:52:29 +05:30
let(:project_owner) { create(:user, name: "ProjectOwner", username: "project_owner") }
let(:project_maintainer) { create(:user, name: "ProjectMaintainer", username: "project_maintainer") }
let(:group_owner) { user1 }
let(:project_developer) { user2 }
2018-11-08 19:23:39 +05:30
before do
2022-08-27 11:52:29 +05:30
project.add_maintainer(project_maintainer)
project.add_owner(project_owner)
group.add_owner(group_owner)
sign_in(group_owner)
2017-08-17 22:00:37 +05:30
end
2021-09-04 01:27:46 +05:30
it 'show members from project and group', :aggregate_failures do
2022-08-27 11:52:29 +05:30
project.add_developer(project_developer)
2017-08-17 22:00:37 +05:30
2021-04-17 20:07:23 +05:30
visit_members_page
2017-08-17 22:00:37 +05:30
2022-08-27 11:52:29 +05:30
expect(first_row).to have_content(group_owner.name)
expect(second_row).to have_content(project_developer.name)
2021-04-17 20:07:23 +05:30
end
2021-03-11 19:13:27 +05:30
2021-09-04 01:27:46 +05:30
it 'show user once if member of both group and project', :aggregate_failures do
2022-08-27 11:52:29 +05:30
group.add_reporter(project_maintainer)
2017-08-17 22:00:37 +05:30
2021-04-17 20:07:23 +05:30
visit_members_page
2021-03-11 19:13:27 +05:30
2022-08-27 11:52:29 +05:30
expect(first_row).to have_content(group_owner.name)
expect(second_row).to have_content(project_maintainer.name)
expect(third_row).to have_content(project_owner.name)
expect(all_rows[3]).to be_blank
2021-04-17 20:07:23 +05:30
end
2021-03-11 19:13:27 +05:30
2022-08-27 11:52:29 +05:30
context 'update user access level' do
before do
sign_in(current_user)
end
context 'as maintainer' do
let(:current_user) { project_maintainer }
2017-08-17 22:00:37 +05:30
2022-08-27 11:52:29 +05:30
it 'can update a non-Owner member' do
project.add_developer(project_developer)
2017-08-17 22:00:37 +05:30
2022-08-27 11:52:29 +05:30
visit_members_page
page.within find_member_row(project_developer) do
click_button('Developer')
page.within '.dropdown-menu' do
expect(page).not_to have_button('Owner')
end
click_button('Reporter')
expect(page).to have_button('Reporter')
end
end
2017-08-17 22:00:37 +05:30
2022-08-27 11:52:29 +05:30
it 'cannot update an Owner member' do
visit_members_page
page.within find_member_row(project_owner) do
expect(page).not_to have_button('Owner')
end
end
2017-08-17 22:00:37 +05:30
end
2022-08-27 11:52:29 +05:30
context 'as owner' do
let(:current_user) { group_owner }
2022-07-23 23:45:48 +05:30
2022-08-27 11:52:29 +05:30
it 'can update a project Owner member' do
visit_members_page
2022-07-23 23:45:48 +05:30
2022-08-27 11:52:29 +05:30
page.within find_member_row(project_owner) do
click_button('Owner')
click_button('Reporter')
2022-07-23 23:45:48 +05:30
2022-08-27 11:52:29 +05:30
expect(page).to have_button('Reporter')
end
2022-07-23 23:45:48 +05:30
end
end
end
2020-07-28 23:09:34 +05:30
2022-08-27 11:52:29 +05:30
context 'uses ProjectMember valid_access_level_roles for the invite members modal options', :aggregate_failures do
2022-07-23 23:45:48 +05:30
before do
2022-08-27 11:52:29 +05:30
sign_in(current_user)
2018-03-17 18:26:18 +05:30
2022-07-23 23:45:48 +05:30
visit_members_page
click_on 'Invite members'
wait_for_requests
2022-08-27 11:52:29 +05:30
end
2022-07-23 23:45:48 +05:30
2022-08-27 11:52:29 +05:30
context 'when owner' do
let(:current_user) { project_owner }
it 'shows Owner in the dropdown' do
2023-03-04 22:38:38 +05:30
expect(page).to have_select('Select a role', options: %w[Guest Reporter Developer Maintainer Owner])
2022-08-27 11:52:29 +05:30
end
end
context 'when maintainer' do
let(:current_user) { project_maintainer }
it 'does not show the Owner option' do
2023-03-04 22:38:38 +05:30
expect(page).to have_select('Select a role', options: %w[Guest Reporter Developer Maintainer])
expect(page).not_to have_select('Select a role', options: %w[Owner])
2022-07-23 23:45:48 +05:30
end
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
end
2018-03-17 18:26:18 +05:30
2022-08-27 11:52:29 +05:30
describe 'remove user from project' do
before do
project.add_developer(project_developer)
2021-03-11 19:13:27 +05:30
2022-08-27 11:52:29 +05:30
sign_in(current_user)
2021-03-11 19:13:27 +05:30
2022-08-27 11:52:29 +05:30
visit_members_page
2021-04-17 20:07:23 +05:30
end
2021-03-11 19:13:27 +05:30
2022-08-27 11:52:29 +05:30
context 'when maintainer' do
let(:current_user) { project_maintainer }
it 'can only remove non-Owner members' do
page.within find_member_row(project_owner) do
2023-03-17 16:20:25 +05:30
expect(page).not_to have_selector user_action_dropdown
2022-08-27 11:52:29 +05:30
end
2023-03-17 16:20:25 +05:30
show_actions_for_username(project_developer)
click_button _('Remove member')
2022-08-27 11:52:29 +05:30
within_modal do
expect(page).to have_unchecked_field 'Also unassign this user from related issues and merge requests'
2023-03-17 16:20:25 +05:30
click_button _('Remove member')
2022-08-27 11:52:29 +05:30
end
wait_for_requests
expect(members_table).not_to have_content(project_developer.name)
expect(members_table).to have_content(project_owner.name)
end
2021-03-11 19:13:27 +05:30
end
2018-03-17 18:26:18 +05:30
2022-08-27 11:52:29 +05:30
context 'when owner' do
let(:current_user) { group_owner }
it 'can remove any direct member' do
2023-03-17 16:20:25 +05:30
show_actions_for_username(project_owner)
click_button _('Remove member')
2017-08-17 22:00:37 +05:30
2022-08-27 11:52:29 +05:30
within_modal do
expect(page).to have_unchecked_field 'Also unassign this user from related issues and merge requests'
2023-03-17 16:20:25 +05:30
click_button _('Remove member')
2022-08-27 11:52:29 +05:30
end
wait_for_requests
expect(members_table).not_to have_content(project_owner.name)
end
end
2021-04-17 20:07:23 +05:30
end
2017-08-17 22:00:37 +05:30
2022-06-21 17:19:12 +05:30
it_behaves_like 'inviting members', 'project-members-page' do
let_it_be(:entity) { project }
let_it_be(:members_page_path) { project_project_members_path(entity) }
let_it_be(:subentity) { project }
let_it_be(:subentity_members_page_path) { project_project_members_path(entity) }
end
2021-03-08 18:12:59 +05:30
2022-06-21 17:19:12 +05:30
describe 'member search results' do
it 'does not show project_bots', :aggregate_failures do
internal_project_bot = create(:user, :project_bot, name: '_internal_project_bot_')
project.add_maintainer(internal_project_bot)
2021-04-17 20:07:23 +05:30
2022-06-21 17:19:12 +05:30
external_group = create(:group)
external_project_bot = create(:user, :project_bot, name: '_external_project_bot_')
external_project = create(:project, group: external_group)
external_project.add_maintainer(external_project_bot)
2022-08-27 11:52:29 +05:30
external_project.add_maintainer(group_owner)
2021-04-17 20:07:23 +05:30
2022-06-21 17:19:12 +05:30
visit_members_page
click_on 'Invite members'
2021-09-04 01:27:46 +05:30
2022-06-21 17:19:12 +05:30
page.within invite_modal_selector do
field = find(member_dropdown_selector)
field.native.send_keys :tab
field.click
wait_for_requests
2022-08-27 11:52:29 +05:30
expect(page).to have_content(group_owner.name)
expect(page).to have_content(project_developer.name)
2022-06-21 17:19:12 +05:30
expect(page).not_to have_content(internal_project_bot.name)
expect(page).not_to have_content(external_project_bot.name)
end
end
2021-09-04 01:27:46 +05:30
end
context 'as a signed out visitor viewing a public project' do
let_it_be(:project) { create(:project, :public) }
before do
2022-08-27 11:52:29 +05:30
sign_out(group_owner)
2021-09-04 01:27:46 +05:30
end
it 'does not show the Invite members button when not signed in' do
visit_members_page
expect(page).not_to have_button('Invite members')
end
2017-08-17 22:00:37 +05:30
end
2021-04-17 20:07:23 +05:30
context 'project bots' do
let(:project_bot) { create(:user, :project_bot, name: 'project_bot') }
2020-05-24 23:13:21 +05:30
before do
2021-04-17 20:07:23 +05:30
project.add_maintainer(project_bot)
2021-03-11 19:13:27 +05:30
end
2021-09-04 01:27:46 +05:30
it 'does not show form used to change roles and "Expiration date" or the remove user button', :aggregate_failures do
2021-03-11 19:13:27 +05:30
visit_members_page
2021-12-07 22:27:20 +05:30
page.within find_username_row(project_bot) do
2021-04-17 20:07:23 +05:30
expect(page).not_to have_button('Maintainer')
expect(page).to have_field('Expiration date', disabled: true)
expect(page).not_to have_button('Remove member')
end
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
end
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
describe 'when user has 2FA enabled' do
let_it_be(:admin) { create(:admin) }
let_it_be(:user_with_2fa) { create(:user, :two_factor_via_otp) }
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
before do
project.add_guest(user_with_2fa)
2020-05-24 23:13:21 +05:30
end
2021-04-17 20:07:23 +05:30
it 'shows 2FA badge to user with "Maintainer" access level' do
2022-08-27 11:52:29 +05:30
sign_in(project_maintainer)
2021-03-11 19:13:27 +05:30
visit_members_page
2021-04-17 20:07:23 +05:30
expect(find_member_row(user_with_2fa)).to have_content('2FA')
2021-03-11 19:13:27 +05:30
end
2020-05-24 23:13:21 +05:30
2021-04-17 20:07:23 +05:30
it 'shows 2FA badge to admins' do
sign_in(admin)
gitlab_enable_admin_mode_sign_in(admin)
2020-05-24 23:13:21 +05:30
2021-04-17 20:07:23 +05:30
visit_members_page
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
expect(find_member_row(user_with_2fa)).to have_content('2FA')
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
it 'does not show 2FA badge to users with access level below "Maintainer"' do
2022-08-27 11:52:29 +05:30
group.add_developer(group_owner)
2021-03-11 19:13:27 +05:30
visit_members_page
2021-04-17 20:07:23 +05:30
expect(find_member_row(user_with_2fa)).not_to have_content('2FA')
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
it 'shows 2FA badge to themselves' do
sign_in(user_with_2fa)
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
visit_members_page
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
expect(find_member_row(user_with_2fa)).to have_content('2FA')
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
end
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
private
2021-03-11 19:13:27 +05:30
2017-08-17 22:00:37 +05:30
def visit_members_page
2020-06-23 00:09:42 +05:30
visit project_project_members_path(project)
2017-08-17 22:00:37 +05:30
end
end