Merge branch 'feature/oidc-groups-claim' into 'master'

Add groups to OpenID Connect claims See merge request gitlab-org/gitlab-ce!16929
author: Douwe Maan <douwe@gitlab.com> 2018-02-08 17:26:18 +0300
committer: Douwe Maan <douwe@gitlab.com> 2018-02-08 17:26:18 +0300
commit: bbb3e58bc7143df31355baddc970670e1e64503d (patch)
tree: 712b159ad384f7c349416f7de8e8feb9afe9b43a /app/models/user.rb
parent: 15eb0ab0f8ec1bef02065949cade065956c9d4d1 (diff)
parent: 583ef9458c5e5c32a14629f5754bc53ed0ad8a33 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 05c93d3cb17..4097fe2b5dc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -551,7 +551,7 @@ class User < ActiveRecord::Base
     gpg_keys.each(&:update_invalid_gpg_signatures)
   end
 
-  # Returns the groups a user has access to
+  # Returns the groups a user has access to, either through a membership or a project authorization
   def authorized_groups
     union = Gitlab::SQL::Union
       .new([groups.select(:id), authorized_projects.select(:namespace_id)])
@@ -559,6 +559,11 @@ class User < ActiveRecord::Base
     Group.where("namespaces.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
   end
 
+  # Returns the groups a user is a member of, either directly or through a parent group
+  def membership_groups
+    Gitlab::GroupHierarchy.new(groups).base_and_descendants
+  end
+
   # Returns a relation of groups the user has access to, including their parent
   # and child groups (recursively).
   def all_expanded_groups
author	Douwe Maan <douwe@gitlab.com>	2018-02-08 17:26:18 +0300
committer	Douwe Maan <douwe@gitlab.com>	2018-02-08 17:26:18 +0300
commit	bbb3e58bc7143df31355baddc970670e1e64503d (patch)
tree	712b159ad384f7c349416f7de8e8feb9afe9b43a /app/models/user.rb
parent	15eb0ab0f8ec1bef02065949cade065956c9d4d1 (diff)
parent	583ef9458c5e5c32a14629f5754bc53ed0ad8a33 (diff)