From dad16033c2b7cfd54ffe20ca5cc1d844e9e41be6 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 5 May 2022 15:08:47 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .../on_direct_membership_finder_spec.rb | 73 ++++++++++++++++++++++ spec/finders/personal_access_tokens_finder_spec.rb | 18 ------ 2 files changed, 73 insertions(+), 18 deletions(-) create mode 100644 spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb (limited to 'spec/finders') diff --git a/spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb b/spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb new file mode 100644 index 00000000000..8cdfa13ba3a --- /dev/null +++ b/spec/finders/groups/projects_requiring_authorizations_refresh/on_direct_membership_finder_spec.rb @@ -0,0 +1,73 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Groups::ProjectsRequiringAuthorizationsRefresh::OnDirectMembershipFinder do + # rubocop:disable Layout/LineLength + + # Group X Group A ------shared with-------------> Group B Group C + # | Group X_subgroup_1 | | | + # | | Project X_subgroup_1 ---shared with----->| Group A_subgroup_1 | Group B_subgroup_1 <--shared with--------- | Group C_subgroup_1 + # | | | Project A_subgroup_1 | | Project B_subgroup_1 | | Project C_subgroup_1 + # | Group A_subgroup_2 | Group B_subgroup_2 <----shared with ------- Project C + # | |Project A_subgroup_2 | | Project B_subgroup_2 + + # rubocop:enable Layout/LineLength + + let_it_be(:group_x) { create(:group) } + let_it_be(:group_a) { create(:group) } + let_it_be(:group_b) { create(:group) } + let_it_be(:group_c) { create(:group) } + let_it_be(:group_x_subgroup_1) { create(:group, parent: group_x) } + let_it_be(:group_a_subgroup_1) { create(:group, parent: group_a) } + let_it_be(:group_a_subgroup_2) { create(:group, parent: group_a) } + let_it_be(:group_b_subgroup_1) { create(:group, parent: group_b) } + let_it_be(:group_b_subgroup_2) { create(:group, parent: group_b) } + let_it_be(:group_c_subgroup_1) { create(:group, parent: group_c) } + let_it_be(:project_x_subgroup_1) { create(:project, group: group_x_subgroup_1, name: 'project_x_subgroup_1') } + let_it_be(:project_a_subgroup_1) { create(:project, group: group_a_subgroup_1, name: 'project_a_subgroup_1') } + let_it_be(:project_a_subgroup_2) { create(:project, group: group_a_subgroup_2, name: 'project_a_subgroup_2') } + let_it_be(:project_b_subgroup_1) { create(:project, group: group_b_subgroup_1, name: 'project_b_subgroup_1') } + let_it_be(:project_b_subgroup_2) { create(:project, group: group_b_subgroup_2, name: 'project_b_subgroup_2') } + let_it_be(:project_c_subgroup_1) { create(:project, group: group_c_subgroup_1, name: 'project_c_subgroup_1') } + let_it_be(:project_c) { create(:project, group: group_c, name: 'project_c') } + + describe '#execute' do + context 'projects affected when a new member is added to a specific group (here, `Group B`)' do + subject(:result) { described_class.new(group_b).execute } + + before do + create(:project_group_link, project: project_x_subgroup_1, group: group_a_subgroup_1) + create(:project_group_link, project: project_c, group: group_b_subgroup_2) + create(:group_group_link, shared_group: group_a, shared_with_group: group_b) + create(:group_group_link, shared_group: group_c_subgroup_1, shared_with_group: group_b_subgroup_1) + end + + it 'returns all projects IDs where authorizations need to be created for the user'\ + 'due to their new membership being created in `Group B`' do + new_user = create(:user) + group_b.add_maintainer(new_user) + + expect(result).to match_array(new_user.authorized_projects.ids) + end + + it 'includes only the expected projects' do + expected_projects = Project.id_in( + [ + project_b_subgroup_1, # direct member of Group B gets access to this project due to group hierarchy + project_b_subgroup_2, # direct member of Group B gets access to this project due to group hierarchy + project_c, # direct member of Group B gets access to this project via project-group share + project_a_subgroup_1, # direct member of Group B gets access to this project via group share + project_a_subgroup_2, # direct member of Group B gets access to this project via group share + + # direct member of Group B gets access to any projects shared with groups within its shared groups. + project_x_subgroup_1 + ] + ) + # project_c_subgroup_1 is not included in the list because only 'direct' members of + # `group_b_subgroup_1` gets access to that project via the group-group share. + expect(result).to match_array(expected_projects.ids) + end + end + end +end diff --git a/spec/finders/personal_access_tokens_finder_spec.rb b/spec/finders/personal_access_tokens_finder_spec.rb index 7607d08dc64..f22bff62082 100644 --- a/spec/finders/personal_access_tokens_finder_spec.rb +++ b/spec/finders/personal_access_tokens_finder_spec.rb @@ -286,24 +286,6 @@ RSpec.describe PersonalAccessTokensFinder do end end - describe 'with active or expired state' do - before do - params[:state] = 'active_or_expired' - end - - it 'includes active tokens' do - is_expected.to include(active_personal_access_token, active_impersonation_token) - end - - it 'includes expired tokens' do - is_expected.to include(expired_personal_access_token, expired_impersonation_token) - end - - it 'does not include revoked tokens' do - is_expected.not_to include(revoked_personal_access_token, revoked_impersonation_token) - end - end - describe 'with id' do subject { finder(params).find_by_id(active_personal_access_token.id) } -- cgit v1.2.3