Ensure group/project owners can see their members' access_level

When you are the last owner of a group or the owner of a project,
you don't have the :update_<source>_member / :destroy_<source>_member
abilities, but you do have the :admin_<source>_member so you should
be able to see your members access levels.

Signed-off-by: Rémy Coutable <remy@rymai.me>

3 files changed, 55 insertions, 2 deletions

diff --git a/app/helpers/members_helper.rb b/app/helpers/members_helper.rb
index 877c77050be..3897cfa2e10 100644
--- a/app/helpers/members_helper.rb
+++ b/app/helpers/members_helper.rb
@@ -6,6 +6,12 @@ module MembersHelper
     "#{action}_#{member.type.underscore}".to_sym
   end
 
+  def default_show_roles(member)
+    can?(current_user, action_member_permission(:update, member), member) ||
+    can?(current_user, action_member_permission(:destroy, member), member) ||
+    can?(current_user, action_member_permission(:admin, member), member.source)
+  end
+
   def remove_member_message(member, user: nil)
     user = current_user if defined?(current_user)
 
diff --git a/app/views/shared/members/_member.html.haml b/app/views/shared/members/_member.html.haml
index 0191814849a..a884e78e6e7 100644
--- a/app/views/shared/members/_member.html.haml
+++ b/app/views/shared/members/_member.html.haml
@@ -1,5 +1,4 @@
-- default_show_roles = can?(current_user, action_member_permission(:update, member), member) || can?(current_user, action_member_permission(:destroy, member), member)
-- show_roles = local_assigns.fetch(:show_roles, default_show_roles)
+- show_roles = local_assigns.fetch(:show_roles, default_show_roles(member))
 - show_controls = local_assigns.fetch(:show_controls, true)
 - user = member.user
 
diff --git a/spec/helpers/members_helper_spec.rb b/spec/helpers/members_helper_spec.rb
index 7998209b7b0..f75fdb739f6 100644
--- a/spec/helpers/members_helper_spec.rb
+++ b/spec/helpers/members_helper_spec.rb
@@ -9,6 +9,54 @@ describe MembersHelper do
     it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member }
   end
 
+  describe '#default_show_roles' do
+    let(:user) { double }
+    let(:member) { build(:project_member) }
+
+    before do
+      allow(helper).to receive(:current_user).and_return(user)
+      allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(false)
+      allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(false)
+      allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(false)
+    end
+
+    context 'when the current cannot update, destroy or admin the passed member' do
+      it 'returns false' do
+        expect(helper.default_show_roles(member)).to be_falsy
+      end
+    end
+
+    context 'when the current can update the passed member' do
+      before do
+        allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(true)
+      end
+
+      it 'returns true' do
+        expect(helper.default_show_roles(member)).to be_truthy
+      end
+    end
+
+    context 'when the current can destroy the passed member' do
+      before do
+        allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(true)
+      end
+
+      it 'returns true' do
+        expect(helper.default_show_roles(member)).to be_truthy
+      end
+    end
+
+    context 'when the current can admin the passed member source' do
+      before do
+        allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(true)
+      end
+
+      it 'returns true' do
+        expect(helper.default_show_roles(member)).to be_truthy
+      end
+    end
+  end
+
   describe '#remove_member_message' do
     let(:requester) { build(:user) }
     let(:project) { create(:project) }