diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2018-04-09 10:21:01 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2018-04-09 10:21:01 +0000 |
commit | f22df3e9c1c590874cea8d50ab10f28467baaf18 (patch) | |
tree | 3c1342b3339099dd71c4ef3323ff52d15c784f7f | |
parent | 52440755dfe483b3c047856c91cece12fef114f0 (diff) | |
parent | f45b8888fc1a2694b8e2da64512137ab54a09a66 (diff) | |
download | gitlab-ce-f22df3e9c1c590874cea8d50ab10f28467baaf18.tar.gz |
Merge branch '41981-allow-group-owner-to-enable-runners-from-subgroups' into 'master'
Resolve "Group owner cannot enable/disable specific-runners which was registered in a project under a subgroup"
Closes #41981
See merge request gitlab-org/gitlab-ce!18009
-rw-r--r-- | app/models/user.rb | 11 | ||||
-rw-r--r-- | changelogs/unreleased/41981-allow-group-owner-to-enable-runners-from-subgroups.yml | 5 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 15 |
3 files changed, 21 insertions, 10 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 2b95be3f888..42bb27d4753 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -993,7 +993,7 @@ class User < ActiveRecord::Base def ci_authorized_runners @ci_authorized_runners ||= begin runner_ids = Ci::RunnerProject - .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection + .where(project: authorized_projects(Gitlab::Access::MASTER)) .select(:runner_id) Ci::Runner.specific.where(id: runner_ids) end @@ -1204,15 +1204,6 @@ class User < ActiveRecord::Base ], remove_duplicates: false) end - def ci_projects_union - scope = { access_level: [Gitlab::Access::MASTER, Gitlab::Access::OWNER] } - groups = groups_projects.where(members: scope) - other = projects.where(members: scope) - - Gitlab::SQL::Union.new([personal_projects.select(:id), groups.select(:id), - other.select(:id)]) - end - # Added according to https://github.com/plataformatec/devise/blob/7df57d5081f9884849ca15e4fde179ef164a575f/README.md#activejob-integration def send_devise_notification(notification, *args) return true unless can?(:receive_notifications) diff --git a/changelogs/unreleased/41981-allow-group-owner-to-enable-runners-from-subgroups.yml b/changelogs/unreleased/41981-allow-group-owner-to-enable-runners-from-subgroups.yml new file mode 100644 index 00000000000..30481e7af84 --- /dev/null +++ b/changelogs/unreleased/41981-allow-group-owner-to-enable-runners-from-subgroups.yml @@ -0,0 +1,5 @@ +--- +title: 'Allow group owner to enable runners from subgroups (#41981)' +merge_request: 18009 +author: +type: fixed diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 73266c0085f..35db7616efb 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1850,6 +1850,21 @@ describe User do it_behaves_like :member end + + context 'with subgroup with different owner for project runner', :nested_groups do + let(:group) { create(:group) } + let(:another_user) { create(:user) } + let(:subgroup) { create(:group, parent: group) } + let(:project) { create(:project, group: subgroup) } + + def add_user(access) + group.add_user(user, access) + group.add_user(another_user, :owner) + subgroup.add_user(another_user, :owner) + end + + it_behaves_like :member + end end describe '#projects_with_reporter_access_limited_to' do |