Resolve "Can add an existing group member into a group project with new permissions but permissions are not overridden"

author: James Lopez <james@gitlab.com> 2018-12-06 16:15:29 +0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2018-12-06 16:15:29 +0300
commit: 64c11f104ceffdb7699686445ddc16c894dbe0c5 (patch)
tree: d4331a41db06511c3f4daaa6ec853110f31b4260 /spec/requests
parent: 39c769aee8af82cd755a4c666a22eb5d6bec808e (diff)
2 files changed, 32 insertions, 1 deletions
diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb
index 93e1c3a2294..bb32d581176 100644
--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -224,6 +224,37 @@ describe API::Members do
         end
       end
 
+      context 'access levels' do
+        it 'does not create the member if group level is higher', :nested_groups do
+          parent = create(:group)
+
+          group.update(parent: parent)
+          project.update(group: group)
+          parent.add_developer(stranger)
+
+          post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
+               user_id: stranger.id, access_level: Member::REPORTER
+
+          expect(response).to have_gitlab_http_status(400)
+          expect(json_response['message']['access_level']).to eq(["should be higher than Developer inherited membership from group #{parent.name}"])
+        end
+
+        it 'creates the member if group level is lower', :nested_groups do
+          parent = create(:group)
+
+          group.update(parent: parent)
+          project.update(group: group)
+          parent.add_developer(stranger)
+
+          post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
+               user_id: stranger.id, access_level: Member::MAINTAINER
+
+          expect(response).to have_gitlab_http_status(201)
+          expect(json_response['id']).to eq(stranger.id)
+          expect(json_response['access_level']).to eq(Member::MAINTAINER)
+        end
+      end
+
       it "returns 409 if member already exists" do
         post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
              user_id: maintainer.id, access_level: Member::MAINTAINER
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 62b6a3ce42e..e40db55cd20 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -1906,7 +1906,7 @@ describe API::Projects do
     let(:group) { create(:group) }
     let(:group2) do
       group = create(:group, name: 'group2_name')
-      group.add_owner(user2)
+      group.add_maintainer(user2)
       group
     end
author	James Lopez <james@gitlab.com>	2018-12-06 16:15:29 +0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2018-12-06 16:15:29 +0300
commit	64c11f104ceffdb7699686445ddc16c894dbe0c5 (patch)
tree	d4331a41db06511c3f4daaa6ec853110f31b4260 /spec/requests
parent	39c769aee8af82cd755a4c666a22eb5d6bec808e (diff)