refactor: do not apply setting "require 2FA" for ancestor group members

author: Roger Meier <r.meier@siemens.com> 2019-06-13 12:36:54 +0000
committer: Roger Meier <r.meier@siemens.com> 2019-06-13 14:57:18 +0200
commit: 7bfc4f999231385f2dc24cbb2d34b09cf5ae96c1 (patch)
tree: a0a01d2daa479943f5a9cdca946a666bd4d50cc6
parent: 35d928c4a9fe7c8545f2ad1866a45ff28c1ef5d3 (diff)
download: gitlab-ce-7bfc4f999231385f2dc24cbb2d34b09cf5ae96c1.tar.gz
3 files changed, 4 insertions, 4 deletions
diff --git a/app/models/group.rb b/app/models/group.rb
index ba9f6221567..dbec211935d 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -423,7 +423,7 @@ class Group < Namespace
   def update_two_factor_requirement
     return unless saved_change_to_require_two_factor_authentication? || saved_change_to_two_factor_grace_period?
 
-    direct_and_indirect_members.find_each(&:update_two_factor_requirement)
+    members_with_descendants.find_each(&:update_two_factor_requirement)
   end
 
   def path_changed_hook
diff --git a/changelogs/unreleased/feature-require-2fa-for-all-entities-in-group.yml b/changelogs/unreleased/feature-require-2fa-for-all-entities-in-group.yml
index ff04f99c1bb..0abe777fb69 100644
--- a/changelogs/unreleased/feature-require-2fa-for-all-entities-in-group.yml
+++ b/changelogs/unreleased/feature-require-2fa-for-all-entities-in-group.yml
@@ -1,4 +1,4 @@
-title: Apply the group setting "require 2FA" across all subgroup and ancestor group members as well when changing the group setting
+title: Apply the group setting "require 2FA" across all subgroup members as well when changing the group setting
 merge_request: 24965
 author: rroger
 type: changed
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 074aec3eb07..d7accbef6bd 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -662,14 +662,14 @@ describe Group do
           expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy
         end
 
-        it 'enables two_factor_requirement for ancestor group member' do
+        it 'does not enable two_factor_requirement for ancestor group member' do
           ancestor_group = create(:group)
           ancestor_group.add_user(indirect_user, GroupMember::OWNER)
           group.update!(parent: ancestor_group)
 
           group.update!(require_two_factor_authentication: true)
 
-          expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_truthy
+          expect(indirect_user.reload.require_two_factor_authentication_from_group).to be_falsey
         end
       end
author	Roger Meier <r.meier@siemens.com>	2019-06-13 12:36:54 +0000
committer	Roger Meier <r.meier@siemens.com>	2019-06-13 14:57:18 +0200
commit	7bfc4f999231385f2dc24cbb2d34b09cf5ae96c1 (patch)
tree	a0a01d2daa479943f5a9cdca946a666bd4d50cc6
parent	35d928c4a9fe7c8545f2ad1866a45ff28c1ef5d3 (diff)
download	gitlab-ce-7bfc4f999231385f2dc24cbb2d34b09cf5ae96c1.tar.gz