Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 15:26:25 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 15:26:25 +0300
commit: a09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree: 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/services/authorized_project_update
parent: 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)
4 files changed, 193 insertions, 3 deletions
diff --git a/spec/services/authorized_project_update/periodic_recalculate_service_spec.rb b/spec/services/authorized_project_update/periodic_recalculate_service_spec.rb
index 020056da36e..c776e013fdf 100644
--- a/spec/services/authorized_project_update/periodic_recalculate_service_spec.rb
+++ b/spec/services/authorized_project_update/periodic_recalculate_service_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe AuthorizedProjectUpdate::PeriodicRecalculateService do
+RSpec.describe AuthorizedProjectUpdate::PeriodicRecalculateService do
   subject(:service) { described_class.new }
 
   describe '#execute' do
diff --git a/spec/services/authorized_project_update/project_create_service_spec.rb b/spec/services/authorized_project_update/project_create_service_spec.rb
index 5b3e36af766..891800bfb87 100644
--- a/spec/services/authorized_project_update/project_create_service_spec.rb
+++ b/spec/services/authorized_project_update/project_create_service_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe AuthorizedProjectUpdate::ProjectCreateService do
+RSpec.describe AuthorizedProjectUpdate::ProjectCreateService do
   let_it_be(:group_parent) { create(:group, :private) }
   let_it_be(:group) { create(:group, :private, parent: group_parent) }
   let_it_be(:group_child) { create(:group, :private, parent: group) }
diff --git a/spec/services/authorized_project_update/project_group_link_create_service_spec.rb b/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
new file mode 100644
index 00000000000..d30d9f1e766
--- /dev/null
+++ b/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe AuthorizedProjectUpdate::ProjectGroupLinkCreateService do
+  let_it_be(:group_parent) { create(:group, :private) }
+  let_it_be(:group) { create(:group, :private, parent: group_parent) }
+  let_it_be(:group_child) { create(:group, :private, parent: group) }
+
+  let_it_be(:parent_group_user) { create(:user) }
+  let_it_be(:group_user) { create(:user) }
+
+  let_it_be(:project) { create(:project, :private, group: create(:group, :private)) }
+
+  let(:access_level) { Gitlab::Access::MAINTAINER }
+
+  subject(:service) { described_class.new(project, group) }
+
+  describe '#perform' do
+    context 'direct group members' do
+      before do
+        create(:group_member, access_level: access_level, group: group, user: group_user)
+        ProjectAuthorization.delete_all
+      end
+
+      it 'creates project authorization' do
+        expect { service.execute }.to(
+          change { ProjectAuthorization.count }.from(0).to(1))
+
+        project_authorization = ProjectAuthorization.where(
+          project_id: project.id,
+          user_id: group_user.id,
+          access_level: access_level)
+
+        expect(project_authorization).to exist
+      end
+    end
+
+    context 'inherited group members' do
+      before do
+        create(:group_member, access_level: access_level, group: group_parent, user: parent_group_user)
+        ProjectAuthorization.delete_all
+      end
+
+      it 'creates project authorization' do
+        expect { service.execute }.to(
+          change { ProjectAuthorization.count }.from(0).to(1))
+
+        project_authorization = ProjectAuthorization.where(
+          project_id: project.id,
+          user_id: parent_group_user.id,
+          access_level: access_level)
+        expect(project_authorization).to exist
+      end
+    end
+
+    context 'membership overrides' do
+      before do
+        create(:group_member, access_level: Gitlab::Access::REPORTER, group: group_parent, user: group_user)
+        create(:group_member, access_level: Gitlab::Access::DEVELOPER, group: group, user: group_user)
+        ProjectAuthorization.delete_all
+      end
+
+      it 'creates project authorization' do
+        expect { service.execute }.to(
+          change { ProjectAuthorization.count }.from(0).to(1))
+
+        project_authorization = ProjectAuthorization.where(
+          project_id: project.id,
+          user_id: group_user.id,
+          access_level: Gitlab::Access::DEVELOPER)
+        expect(project_authorization).to exist
+      end
+    end
+
+    context 'no group member' do
+      it 'does not create project authorization' do
+        expect { service.execute }.not_to(
+          change { ProjectAuthorization.count }.from(0))
+      end
+    end
+
+    context 'unapproved access requests' do
+      before do
+        create(:group_member, :guest, :access_request, user: group_user, group: group)
+      end
+
+      it 'does not create project authorization' do
+        expect { service.execute }.not_to(
+          change { ProjectAuthorization.count }.from(0))
+      end
+    end
+
+    context 'project has more users than BATCH_SIZE' do
+      let(:batch_size) { 2 }
+      let(:users) { create_list(:user, batch_size + 1 ) }
+
+      before do
+        stub_const("#{described_class.name}::BATCH_SIZE", batch_size)
+
+        users.each do |user|
+          create(:group_member, access_level: access_level, group: group_parent, user: user)
+        end
+
+        ProjectAuthorization.delete_all
+      end
+
+      it 'bulk creates project authorizations in batches' do
+        users.each_slice(batch_size) do |batch|
+          attributes = batch.map do |user|
+            { user_id: user.id, project_id: project.id, access_level: access_level }
+          end
+
+          expect(ProjectAuthorization).to(
+            receive(:insert_all).with(array_including(attributes)).and_call_original)
+        end
+
+        expect { service.execute }.to(
+          change { ProjectAuthorization.count }.from(0).to(batch_size + 1))
+      end
+    end
+
+    context 'users have existing project authorizations' do
+      before do
+        create(:group_member, access_level: access_level, group: group, user: group_user)
+        ProjectAuthorization.delete_all
+
+        create(:project_authorization, user_id: group_user.id,
+                                       project_id: project.id,
+                                       access_level: existing_access_level)
+      end
+
+      context 'when access level is the same' do
+        let(:existing_access_level) { access_level }
+
+        it 'does not create project authorization' do
+          project_authorization = ProjectAuthorization.where(
+            project_id: project.id,
+            user_id: group_user.id,
+            access_level: existing_access_level)
+
+          expect(ProjectAuthorization).not_to receive(:insert_all)
+
+          expect { service.execute }.not_to(
+            change { project_authorization.reload.exists? }.from(true))
+        end
+      end
+
+      context 'when existing access level is lower' do
+        let(:existing_access_level) { Gitlab::Access::DEVELOPER }
+
+        it 'creates new project authorization' do
+          project_authorization = ProjectAuthorization.where(
+            project_id: project.id,
+            user_id: group_user.id,
+            access_level: access_level)
+
+          expect { service.execute }.to(
+            change { project_authorization.reload.exists? }.from(false).to(true))
+        end
+
+        it 'deletes previous project authorization' do
+          project_authorization = ProjectAuthorization.where(
+            project_id: project.id,
+            user_id: group_user.id,
+            access_level: existing_access_level)
+
+          expect { service.execute }.to(
+            change { project_authorization.reload.exists? }.from(true).to(false))
+        end
+      end
+
+      context 'when existing access level is higher' do
+        let(:existing_access_level) { Gitlab::Access::OWNER }
+
+        it 'does not create project authorization' do
+          project_authorization = ProjectAuthorization.where(
+            project_id: project.id,
+            user_id: group_user.id,
+            access_level: existing_access_level)
+
+          expect(ProjectAuthorization).not_to receive(:insert_all)
+
+          expect { service.execute }.not_to(
+            change { project_authorization.reload.exists? }.from(true))
+        end
+      end
+    end
+  end
+end
diff --git a/spec/services/authorized_project_update/recalculate_for_user_range_service_spec.rb b/spec/services/authorized_project_update/recalculate_for_user_range_service_spec.rb
index 28cbda6f4fd..a4637b6ba1c 100644
--- a/spec/services/authorized_project_update/recalculate_for_user_range_service_spec.rb
+++ b/spec/services/authorized_project_update/recalculate_for_user_range_service_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe AuthorizedProjectUpdate::RecalculateForUserRangeService do
+RSpec.describe AuthorizedProjectUpdate::RecalculateForUserRangeService do
   describe '#execute' do
     let_it_be(:users) { create_list(:user, 2) }
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 15:26:25 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 15:26:25 +0300
commit	a09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree	2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/services/authorized_project_update
parent	18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)