Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-06 00:09:40 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-06 00:09:40 +0300
commit: ad9eb72915f1be40da3ebe287274fe2bae62e46b (patch)
tree: e5a029b2edbce0e84a54b6ff4d18e8240680c4c4 /app/services/authorized_project_update
parent: f8d20b20be74c283fe8bfe81abfd2d132a500968 (diff)
1 files changed, 14 insertions, 4 deletions
diff --git a/app/services/authorized_project_update/project_group_link_create_service.rb b/app/services/authorized_project_update/project_group_link_create_service.rb
index db2db091374..090b22a7820 100644
--- a/app/services/authorized_project_update/project_group_link_create_service.rb
+++ b/app/services/authorized_project_update/project_group_link_create_service.rb
@@ -6,9 +6,10 @@ module AuthorizedProjectUpdate
 
     BATCH_SIZE = 1000
 
-    def initialize(project, group)
+    def initialize(project, group, group_access = nil)
       @project = project
       @group = group
+      @group_access = group_access
     end
 
     def execute
@@ -19,19 +20,20 @@ module AuthorizedProjectUpdate
         user_ids_to_delete = []
 
         members.each do |member|
+          new_access_level = access_level(member.access_level)
           existing_access_level = existing_authorizations[member.user_id]
 
           if existing_access_level
             # User might already have access to the project unrelated to the
             # current project share
-            next if existing_access_level >= member.access_level
+            next if existing_access_level >= new_access_level
 
             user_ids_to_delete << member.user_id
           end
 
           authorizations_to_create << { user_id: member.user_id,
                                         project_id: project.id,
-                                        access_level: member.access_level }
+                                        access_level: new_access_level }
         end
 
         update_authorizations(user_ids_to_delete, authorizations_to_create)
@@ -42,7 +44,15 @@ module AuthorizedProjectUpdate
 
     private
 
-    attr_reader :project, :group
+    attr_reader :project, :group, :group_access
+
+    def access_level(membership_access_level)
+      return membership_access_level unless group_access
+
+      # access level must not be higher than the max access level set when
+      # creating the project share
+      [membership_access_level, group_access].min
+    end
 
     def existing_project_authorizations(members)
       user_ids = members.map(&:user_id)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-06 00:09:40 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-06 00:09:40 +0300
commit	ad9eb72915f1be40da3ebe287274fe2bae62e46b (patch)
tree	e5a029b2edbce0e84a54b6ff4d18e8240680c4c4 /app/services/authorized_project_update
parent	f8d20b20be74c283fe8bfe81abfd2d132a500968 (diff)