summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSean McGivern <sean@mcgivern.me.uk>2016-10-21 12:51:44 +0000
committerSean McGivern <sean@mcgivern.me.uk>2016-10-21 12:51:44 +0000
commit6c09fbd889a2259f8e2db1927c4e0a3d4cdb01b4 (patch)
treed14b2910c41bb7cef16f1b07fc623b77bd75da67
parent1e66061b1ec5fb11457abca0845c13551afa8258 (diff)
parent168197cd5a179c961301225626ac1a175f892782 (diff)
downloadgitlab-ce-6c09fbd889a2259f8e2db1927c4e0a3d4cdb01b4.tar.gz
Merge branch 'fix_project_member_access_levels' into 'master'
Fix project member access levels Migrate invalid project members (owner -> master) Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18616 See merge request !6957
-rw-r--r--CHANGELOG.md1
-rw-r--r--db/migrate/20161018124658_make_project_owners_masters.rb15
-rw-r--r--db/schema.rb2
-rw-r--r--spec/controllers/projects/project_members_controller_spec.rb36
-rw-r--r--spec/requests/api/members_spec.rb11
5 files changed, 64 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1c5c96c4528..518d0362d07 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -146,6 +146,7 @@ Please view this file on the master branch, on stable branches it's out of date.
- Fix buggy iOS tooltip layering behavior.
- Make guests unable to view MRs on private projects
- Fix broken Project API docs (Takuya Noguchi)
+ - Migrate invalid project members (owner -> master)
## 8.12.7
diff --git a/db/migrate/20161018124658_make_project_owners_masters.rb b/db/migrate/20161018124658_make_project_owners_masters.rb
new file mode 100644
index 00000000000..a576bb7b622
--- /dev/null
+++ b/db/migrate/20161018124658_make_project_owners_masters.rb
@@ -0,0 +1,15 @@
+class MakeProjectOwnersMasters < ActiveRecord::Migration
+ include Gitlab::Database::MigrationHelpers
+
+ DOWNTIME = false
+
+ def up
+ update_column_in_batches(:members, :access_level, 40) do |table, query|
+ query.where(table[:access_level].eq(50).and(table[:source_type].eq('Project')))
+ end
+ end
+
+ def down
+ # do nothing
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index a3c7fc2fd57..f5c01511195 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -843,7 +843,7 @@ ActiveRecord::Schema.define(version: 20161019213545) do
t.integer "builds_access_level"
t.datetime "created_at"
t.datetime "updated_at"
- t.integer "repository_access_level", default: 20, null: false
+ t.integer "repository_access_level", default: 20, null: false
end
add_index "project_features", ["project_id"], name: "index_project_features_on_project_id", using: :btree
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index 8519ebc1d5f..5e487241d07 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -228,4 +228,40 @@ describe Projects::ProjectMembersController do
end
end
end
+
+ describe 'POST create' do
+ let(:stranger) { create(:user) }
+
+ context 'when creating owner' do
+ before do
+ project.team << [user, :master]
+ sign_in(user)
+ end
+
+ it 'does not create a member' do
+ expect do
+ post :create, user_ids: stranger.id,
+ namespace_id: project.namespace,
+ access_level: Member::OWNER,
+ project_id: project
+ end.to change { project.members.count }.by(0)
+ end
+ end
+
+ context 'when create master' do
+ before do
+ project.team << [user, :master]
+ sign_in(user)
+ end
+
+ it 'creates a member' do
+ expect do
+ post :create, user_ids: stranger.id,
+ namespace_id: project.namespace,
+ access_level: Member::MASTER,
+ project_id: project
+ end.to change { project.members.count }.by(1)
+ end
+ end
+ end
end
diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb
index d22e0595788..493c0a893d1 100644
--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -328,4 +328,15 @@ describe API::Members, api: true do
it_behaves_like 'DELETE /:sources/:id/members/:user_id', 'group' do
let(:source) { group }
end
+
+ context 'Adding owner to project' do
+ it 'returns 403' do
+ expect do
+ post api("/projects/#{project.id}/members", master),
+ user_id: stranger.id, access_level: Member::OWNER
+
+ expect(response).to have_http_status(422)
+ end.to change { project.members.count }.by(0)
+ end
+ end
end