diff options
author | Roger Rüttimann <ror@panter.ch> | 2019-02-06 15:08:39 +0100 |
---|---|---|
committer | Roger Meier <r.meier@siemens.com> | 2019-06-13 08:43:14 +0200 |
commit | 34a03d90c3a0a8ebda2143fcdca5d37a9b71db6e (patch) | |
tree | 03a26d417dd43edd2c062e15a43c41da288cc11c | |
parent | 2a1c2c673f25aa1329e045bd907babbea037a9f1 (diff) | |
download | gitlab-ce-34a03d90c3a0a8ebda2143fcdca5d37a9b71db6e.tar.gz |
require update_two_factor_requirement on all sub-entities users
-rw-r--r-- | app/models/group.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 3 | ||||
-rw-r--r-- | spec/models/group_spec.rb | 11 |
3 files changed, 13 insertions, 3 deletions
diff --git a/app/models/group.rb b/app/models/group.rb index cdb4e6e87f6..5e58b48a366 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -423,7 +423,7 @@ class Group < Namespace def update_two_factor_requirement return unless saved_change_to_require_two_factor_authentication? || saved_change_to_two_factor_grace_period? - users.find_each(&:update_two_factor_requirement) + User.from_union([users_with_descendants, project_users_with_descendants]).find_each(&:update_two_factor_requirement) end def path_changed_hook diff --git a/app/models/user.rb b/app/models/user.rb index 2eb5c63a4cc..916a0aa74f0 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -728,7 +728,8 @@ class User < ApplicationRecord end def expanded_groups_requiring_two_factor_authentication - all_expanded_groups.where(require_two_factor_authentication: true) + Group.from_union([all_expanded_groups.where(require_two_factor_authentication: true), + authorized_groups.where(require_two_factor_authentication: true)]) end # rubocop: disable CodeReuse/ServiceClass diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 551d85bda6c..15ec672f165 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -654,7 +654,16 @@ describe Group do it 'calls #update_two_factor_requirement on each child project member' do project = create(:project, group: group) project_user = create(:user) - project.add_user(project_user, GroupMember::OWNER) + project.add_developer(project_user) + + expects_other_user_to_require_two_factors + end + + it 'calls #update_two_factor_requirement on each subgroups child project member' do + subgroup = create(:group, :nested, parent: group) + project = create(:project, group: subgroup) + project_user = create(:user) + project.add_developer(project_user) expects_other_user_to_require_two_factors end |