Add specs and add visibility level to admin groups

9 files changed, 110 insertions, 29 deletions

diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb
index 668396a0f20..8e2a981be7c 100644
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -59,6 +59,6 @@ class Admin::GroupsController < Admin::ApplicationController
   end
 
   def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar)
+    params.require(:group).permit(:name, :description, :path, :avatar, :visibility_level)
   end
 end
diff --git a/app/finders/group_projects_finder.rb b/app/finders/group_projects_finder.rb
index 2470af7c685..3b9a421b118 100644
--- a/app/finders/group_projects_finder.rb
+++ b/app/finders/group_projects_finder.rb
@@ -1,19 +1,18 @@
 class GroupProjectsFinder < UnionFinder
   def initialize(group, options = {})
-    @group = group
+    @group   = group
     @options = options
   end
 
   def execute(current_user = nil)
     segments = group_projects(current_user)
-
     find_union(segments, Project)
   end
 
   private
 
   def group_projects(current_user)
-    only_owned = @options.fetch(:only_owned, false)
+    only_owned  = @options.fetch(:only_owned, false)
     only_shared = @options.fetch(:only_shared, false)
 
     projects = []
diff --git a/app/views/admin/groups/_form.html.haml b/app/views/admin/groups/_form.html.haml
index 198026a1f75..7f2b1cd235d 100644
--- a/app/views/admin/groups/_form.html.haml
+++ b/app/views/admin/groups/_form.html.haml
@@ -10,6 +10,8 @@
     .col-sm-10
       = render 'shared/choose_group_avatar_button', f: f
 
+  = render 'shared/visibility_level', f: f, visibility_level: @group.visibility_level, can_change_visibility_level: can_change_group_visibility_level?(@group), form_model: @group
+
   - if @group.new_record?
     .form-group
       .col-sm-offset-2.col-sm-10
diff --git a/app/views/admin/groups/index.html.haml b/app/views/admin/groups/index.html.haml
index 118d3cfea07..6bdc885a312 100644
--- a/app/views/admin/groups/index.html.haml
+++ b/app/views/admin/groups/index.html.haml
@@ -46,6 +46,9 @@
 
         %h4
           = link_to [:admin, group] do
+            %span{ class: visibility_level_color(group.visibility_level) }
+              = visibility_level_icon(group.visibility_level)
+
             %i.fa.fa-folder
             = group.name
 
diff --git a/app/views/admin/groups/show.html.haml b/app/views/admin/groups/show.html.haml
index 264fa1bf0cd..f309e80a39a 100644
--- a/app/views/admin/groups/show.html.haml
+++ b/app/views/admin/groups/show.html.haml
@@ -28,6 +28,11 @@
             = @group.description
 
         %li
+          %span.light Visibility level:
+          %strong
+            = visibility_level_label(@group.visibility_level)
+
+        %li
           %span.light Created on:
           %strong
             = @group.created_at.to_s(:medium)
diff --git a/db/migrate/20160301124843_add_visibility_level_to_groups.rb b/db/migrate/20160301124843_add_visibility_level_to_groups.rb
index cef553981e7..89b5ac19983 100644
--- a/db/migrate/20160301124843_add_visibility_level_to_groups.rb
+++ b/db/migrate/20160301124843_add_visibility_level_to_groups.rb
@@ -1,6 +1,12 @@
 class AddVisibilityLevelToGroups < ActiveRecord::Migration
   def change
     #All groups public by default
-    add_column :namespaces, :visibility_level, :integer, null: false, default: 20
+    add_column :namespaces, :visibility_level, :integer, null: false, default: allowed_visibility_level
+  end
+
+  def allowed_visibility_level
+    # TODO: Don't use `current_application_settings`
+    allowed_levels = Gitlab::VisibilityLevel.values - current_application_settings.restricted_visibility_levels
+    allowed_levels.max
   end
 end
diff --git a/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb b/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb
deleted file mode 100644
index 62d96907c8f..00000000000
--- a/db/migrate/20160308212903_add_default_group_visibility_to_application_settings.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-#Create visibility level field on DB
-#Sets default_visibility_level to value on settings if not restricted
-#If value is restricted takes higher visibility level allowed
-
-class AddDefaultGroupVisibilityToApplicationSettings < ActiveRecord::Migration
-  def up
-    add_column :application_settings, :default_group_visibility, :integer
-    execute("UPDATE application_settings SET default_group_visibility = #{allowed_visibility_level}")
-  end
-
-  def down
-    remove_column :application_settings, :default_group_visibility
-  end
-
-  private
-
-  def allowed_visibility_level
-    # TODO: Don't use `current_application_settings`
-    allowed_levels = Gitlab::VisibilityLevel.values - current_application_settings.restricted_visibility_levels
-    allowed_levels.max
-  end
-end
diff --git a/db/schema.rb b/db/schema.rb
index 11ae4815801..8537e5729a7 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -77,7 +77,6 @@ ActiveRecord::Schema.define(version: 20160320204112) do
     t.boolean  "akismet_enabled",                   default: false
     t.string   "akismet_api_key"
     t.boolean  "email_author_in_body",              default: false
-    t.integer  "default_group_visibility"
   end
 
   create_table "audit_events", force: :cascade do |t|
@@ -417,7 +416,7 @@ ActiveRecord::Schema.define(version: 20160320204112) do
     t.string   "state"
     t.integer  "iid"
     t.integer  "updated_by_id"
-    t.boolean  "confidential",              default: false
+    t.boolean  "confidential",  default: false
   end
 
   add_index "issues", ["assignee_id"], name: "index_issues_on_assignee_id", using: :btree
diff --git a/spec/finders/group_projects_finder_spec.rb b/spec/finders/group_projects_finder_spec.rb
new file mode 100644
index 00000000000..fdd3849816f
--- /dev/null
+++ b/spec/finders/group_projects_finder_spec.rb
@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe GroupProjectsFinder do
+  let(:group) { create(:group) }
+  let(:current_user) { create(:user) }
+
+  let(:finder) { described_class.new(source_user) }
+
+  let!(:public_project) { create(:project, :public, group: group, path: '1') }
+  let!(:private_project) { create(:project, :private, group: group, path: '2') }
+  let!(:shared_project_1) { create(:project, :public, path: '3') }
+  let!(:shared_project_2) { create(:project, :private, path: '4') }
+  let!(:shared_project_3) { create(:project, :internal, path: '5') }
+
+
+  before do
+    shared_project_1.project_group_links.create(group_access: Gitlab::Access::MASTER, group: group)
+    shared_project_2.project_group_links.create(group_access: Gitlab::Access::MASTER, group: group)
+    shared_project_3.project_group_links.create(group_access: Gitlab::Access::MASTER, group: group)
+  end
+
+
+  describe 'with a group member current user' do
+    before  { group.add_user(current_user, Gitlab::Access::MASTER) }
+
+    context "only shared" do
+      subject { described_class.new(group, only_shared: true).execute(current_user) }
+      it      { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
+    end
+
+    context "only owned" do
+      subject { described_class.new(group, only_owned: true).execute(current_user) }
+      it      { is_expected.to eq([private_project, public_project]) }
+    end
+
+    context "all" do
+      subject { described_class.new(group).execute(current_user) }
+      it      { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, private_project, public_project]) }
+    end
+  end
+
+  describe 'without group member current_user' do
+    before { shared_project_2.team << [current_user, Gitlab::Access::MASTER] }
+
+    context "only shared" do
+      context "without external user" do
+        subject { described_class.new(group, only_shared: true).execute(current_user) }
+        it      { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
+      end
+
+      context "with external user" do
+        before  { current_user.update_attributes(external: true) }
+        subject { described_class.new(group, only_shared: true).execute(current_user) }
+        it      { is_expected.to eq([shared_project_2, shared_project_1]) }
+      end
+    end
+
+    context "only owned" do
+      context "without external user" do
+        before  { private_project.team << [current_user, Gitlab::Access::MASTER] }
+        subject { described_class.new(group, only_owned: true).execute(current_user) }
+        it      { is_expected.to eq([private_project, public_project]) }
+      end
+
+      context "with external user" do
+        before  { current_user.update_attributes(external: true) }
+        subject { described_class.new(group, only_owned: true).execute(current_user) }
+        it      { is_expected.to eq([public_project]) }
+      end
+
+      context "all" do
+        subject { described_class.new(group).execute(current_user) }
+        it      { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, public_project]) }
+      end
+    end
+  end
+
+  describe "no user" do
+    context "only shared" do
+      subject { described_class.new(group, only_shared: true).execute(current_user) }
+      it      { is_expected.to eq([shared_project_3, shared_project_1]) }
+    end
+
+    context "only owned" do
+      subject { described_class.new(group, only_owned: true).execute(current_user) }
+      it      { is_expected.to eq([public_project]) }
+    end
+  end
+end