Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-05 18:10:10 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-05 18:10:10 +0000
commit: ea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree: 5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /app/services/authorized_project_update/project_group_link_create_service.rb
parent: 4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
download: gitlab-ce-ea4766228b5536c83f1917d6058be913472ffa2d.tar.gz
1 files changed, 14 insertions, 4 deletions
diff --git a/app/services/authorized_project_update/project_group_link_create_service.rb b/app/services/authorized_project_update/project_group_link_create_service.rb
index db2db091374..090b22a7820 100644
--- a/app/services/authorized_project_update/project_group_link_create_service.rb
+++ b/app/services/authorized_project_update/project_group_link_create_service.rb
@@ -6,9 +6,10 @@ module AuthorizedProjectUpdate
 
     BATCH_SIZE = 1000
 
-    def initialize(project, group)
+    def initialize(project, group, group_access = nil)
       @project = project
       @group = group
+      @group_access = group_access
     end
 
     def execute
@@ -19,19 +20,20 @@ module AuthorizedProjectUpdate
         user_ids_to_delete = []
 
         members.each do |member|
+          new_access_level = access_level(member.access_level)
           existing_access_level = existing_authorizations[member.user_id]
 
           if existing_access_level
             # User might already have access to the project unrelated to the
             # current project share
-            next if existing_access_level >= member.access_level
+            next if existing_access_level >= new_access_level
 
             user_ids_to_delete << member.user_id
           end
 
           authorizations_to_create << { user_id: member.user_id,
                                         project_id: project.id,
-                                        access_level: member.access_level }
+                                        access_level: new_access_level }
         end
 
         update_authorizations(user_ids_to_delete, authorizations_to_create)
@@ -42,7 +44,15 @@ module AuthorizedProjectUpdate
 
     private
 
-    attr_reader :project, :group
+    attr_reader :project, :group, :group_access
+
+    def access_level(membership_access_level)
+      return membership_access_level unless group_access
+
+      # access level must not be higher than the max access level set when
+      # creating the project share
+      [membership_access_level, group_access].min
+    end
 
     def existing_project_authorizations(members)
       user_ids = members.map(&:user_id)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-05 18:10:10 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-05 18:10:10 +0000
commit	ea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree	5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /app/services/authorized_project_update/project_group_link_create_service.rb
parent	4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
download	gitlab-ce-ea4766228b5536c83f1917d6058be913472ffa2d.tar.gz