Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/finders
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-05-05 18:08:47 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2022-05-05 18:08:47 +0300
commitdad16033c2b7cfd54ffe20ca5cc1d844e9e41be6 (patch)
tree8010601f9b7066e07166d997624b723ea4c3f816 /spec/finders
parent3c86701bc89302550abb9bbaa060132fdcd52480 (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/finders')
-rw-r--r--spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb73
-rw-r--r--spec/finders/personal_access_tokens_finder_spec.rb18
2 files changed, 73 insertions, 18 deletions
diff --git a/spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb b/spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb
new file mode 100644
index 00000000000..8cdfa13ba3a
--- /dev/null
+++ b/spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb
@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Groups::ProjectsRequiringAuthorizationsRefresh::OnDirectMembershipFinder do
+ # rubocop:disable Layout/LineLength
+
+ # Group X Group A ------shared with-------------> Group B Group C
+ # | Group X_subgroup_1 | | |
+ # | | Project X_subgroup_1 ---shared with----->| Group A_subgroup_1 | Group B_subgroup_1 <--shared with--------- | Group C_subgroup_1
+ # | | | Project A_subgroup_1 | | Project B_subgroup_1 | | Project C_subgroup_1
+ # | Group A_subgroup_2 | Group B_subgroup_2 <----shared with ------- Project C
+ # | |Project A_subgroup_2 | | Project B_subgroup_2
+
+ # rubocop:enable Layout/LineLength
+
+ let_it_be(:group_x) { create(:group) }
+ let_it_be(:group_a) { create(:group) }
+ let_it_be(:group_b) { create(:group) }
+ let_it_be(:group_c) { create(:group) }
+ let_it_be(:group_x_subgroup_1) { create(:group, parent: group_x) }
+ let_it_be(:group_a_subgroup_1) { create(:group, parent: group_a) }
+ let_it_be(:group_a_subgroup_2) { create(:group, parent: group_a) }
+ let_it_be(:group_b_subgroup_1) { create(:group, parent: group_b) }
+ let_it_be(:group_b_subgroup_2) { create(:group, parent: group_b) }
+ let_it_be(:group_c_subgroup_1) { create(:group, parent: group_c) }
+ let_it_be(:project_x_subgroup_1) { create(:project, group: group_x_subgroup_1, name: 'project_x_subgroup_1') }
+ let_it_be(:project_a_subgroup_1) { create(:project, group: group_a_subgroup_1, name: 'project_a_subgroup_1') }
+ let_it_be(:project_a_subgroup_2) { create(:project, group: group_a_subgroup_2, name: 'project_a_subgroup_2') }
+ let_it_be(:project_b_subgroup_1) { create(:project, group: group_b_subgroup_1, name: 'project_b_subgroup_1') }
+ let_it_be(:project_b_subgroup_2) { create(:project, group: group_b_subgroup_2, name: 'project_b_subgroup_2') }
+ let_it_be(:project_c_subgroup_1) { create(:project, group: group_c_subgroup_1, name: 'project_c_subgroup_1') }
+ let_it_be(:project_c) { create(:project, group: group_c, name: 'project_c') }
+
+ describe '#execute' do
+ context 'projects affected when a new member is added to a specific group (here, `Group B`)' do
+ subject(:result) { described_class.new(group_b).execute }
+
+ before do
+ create(:project_group_link, project: project_x_subgroup_1, group: group_a_subgroup_1)
+ create(:project_group_link, project: project_c, group: group_b_subgroup_2)
+ create(:group_group_link, shared_group: group_a, shared_with_group: group_b)
+ create(:group_group_link, shared_group: group_c_subgroup_1, shared_with_group: group_b_subgroup_1)
+ end
+
+ it 'returns all projects IDs where authorizations need to be created for the user'\
+ 'due to their new membership being created in `Group B`' do
+ new_user = create(:user)
+ group_b.add_maintainer(new_user)
+
+ expect(result).to match_array(new_user.authorized_projects.ids)
+ end
+
+ it 'includes only the expected projects' do
+ expected_projects = Project.id_in(
+ [
+ project_b_subgroup_1, # direct member of Group B gets access to this project due to group hierarchy
+ project_b_subgroup_2, # direct member of Group B gets access to this project due to group hierarchy
+ project_c, # direct member of Group B gets access to this project via project-group share
+ project_a_subgroup_1, # direct member of Group B gets access to this project via group share
+ project_a_subgroup_2, # direct member of Group B gets access to this project via group share
+
+ # direct member of Group B gets access to any projects shared with groups within its shared groups.
+ project_x_subgroup_1
+ ]
+ )
+ # project_c_subgroup_1 is not included in the list because only 'direct' members of
+ # `group_b_subgroup_1` gets access to that project via the group-group share.
+ expect(result).to match_array(expected_projects.ids)
+ end
+ end
+ end
+end
diff --git a/spec/finders/personal_access_tokens_finder_spec.rb b/spec/finders/personal_access_tokens_finder_spec.rb
index 7607d08dc64..f22bff62082 100644
--- a/spec/finders/personal_access_tokens_finder_spec.rb
+++ b/spec/finders/personal_access_tokens_finder_spec.rb
@@ -286,24 +286,6 @@ RSpec.describe PersonalAccessTokensFinder do
end
end
- describe 'with active or expired state' do
- before do
- params[:state] = 'active_or_expired'
- end
-
- it 'includes active tokens' do
- is_expected.to include(active_personal_access_token, active_impersonation_token)
- end
-
- it 'includes expired tokens' do
- is_expected.to include(expired_personal_access_token, expired_impersonation_token)
- end
-
- it 'does not include revoked tokens' do
- is_expected.not_to include(revoked_personal_access_token, revoked_impersonation_token)
- end
- end
-
describe 'with id' do
subject { finder(params).find_by_id(active_personal_access_token.id) }
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 11:09:09 +0300