Group owner cannot request access to a project of their group

Signed-off-by: Rémy Coutable <remy@rymai.me>

3 files changed, 49 insertions, 9 deletions

diff --git a/app/views/shared/members/_access_request_buttons.html.haml b/app/views/shared/members/_access_request_buttons.html.haml
index ed0a6ebcf84..e0fc9f7af37 100644
--- a/app/views/shared/members/_access_request_buttons.html.haml
+++ b/app/views/shared/members/_access_request_buttons.html.haml
@@ -1,12 +1,14 @@
 - member = source.members.find_by(user_id: current_user.id)
+- group_member = source.group.members.find_by(user_id: current_user.id) if source.try(:group)
 
-- if member
-  - if member.request?
-    = link_to 'Withdraw Access Request', polymorphic_path([:leave, source, :members]),
-              method: :delete,
-              data: { confirm: remove_member_message(member) },
+- unless group_member
+  - if member
+    - if member.request?
+      = link_to 'Withdraw Access Request', polymorphic_path([:leave, source, :members]),
+                method: :delete,
+                data: { confirm: remove_member_message(member) },
+                class: 'btn access-request-button hidden-xs'
+  - else
+    = link_to 'Request Access', polymorphic_path([:request_access, source, :members]),
+              method: :post,
               class: 'btn access-request-button hidden-xs'
-- else
-  = link_to 'Request Access', polymorphic_path([:request_access, source, :members]),
-            method: :post,
-            class: 'btn access-request-button hidden-xs'
diff --git a/spec/features/projects/members/group_owner_cannot_request_access_to_his_group_project_spec.rb b/spec/features/projects/members/group_owner_cannot_request_access_to_his_group_project_spec.rb
new file mode 100644
index 00000000000..c4686ccceff
--- /dev/null
+++ b/spec/features/projects/members/group_owner_cannot_request_access_to_his_group_project_spec.rb
@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+feature 'Projects > Members > Group owner cannot request access to his group project', feature: true do
+  let(:owner) { create(:user) }
+  let(:group) { create(:group) }
+  let(:project) { create(:project, namespace: group) }
+
+  background do
+    group.add_owner(owner)
+    login_as(owner)
+    visit namespace_project_path(project.namespace, project)
+  end
+
+  scenario 'owner does not see the request access button' do
+    expect(page).not_to have_content 'Request Access'
+  end
+end
diff --git a/spec/features/projects/members/group_requester_cannot_request_access_to_project_spec.rb b/spec/features/projects/members/group_requester_cannot_request_access_to_project_spec.rb
new file mode 100644
index 00000000000..c4ed92d2780
--- /dev/null
+++ b/spec/features/projects/members/group_requester_cannot_request_access_to_project_spec.rb
@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+feature 'Projects > Members > Group requester cannot request access to project', feature: true do
+  let(:user) { create(:user) }
+  let(:owner) { create(:user) }
+  let(:group) { create(:group, :public) }
+  let(:project) { create(:project, :public, namespace: group) }
+
+  background do
+    group.add_owner(owner)
+    login_as(user)
+    visit group_path(group)
+    perform_enqueued_jobs { click_link 'Request Access' }
+    visit namespace_project_path(project.namespace, project)
+  end
+
+  scenario 'group requester does not see the request access / withdraw access request button' do
+    expect(page).not_to have_content 'Request Access'
+    expect(page).not_to have_content 'Withdraw Access Request'
+  end
+end