diff options
| author | Alejandro RodrÃguez <alejorro70@gmail.com> | 2019-01-15 14:57:17 -0300 |
|---|---|---|
| committer | Alejandro RodrÃguez <alejorro70@gmail.com> | 2019-01-16 14:54:05 -0300 |
| commit | ab94a5a53712740df3836413bf26e4856b5f7cb2 (patch) | |
| tree | b712300e7011586c86a833232b9afed3c0332f96 /spec/requests/api/projects_spec.rb | |
| parent | f821a53b45d4b521ffb734b3b843f48e0d1ecfcd (diff) | |
| download | gitlab-ce-ab94a5a53712740df3836413bf26e4856b5f7cb2.tar.gz | |
Return max group access level in the projects API
Currently if a project is inside a nested group and a user doesn't have
specific permissions for that group but does have permissions on a
parent group the `GET /projects/:id` API call will return the following
permissions:
```json
permissions: { project_access: null, group_access: null }
```
It could also happen that the group specific permissions are of lower
level than the ones the user has in parent groups. This patch makes it
so that the permission returned for `group_access` is the highest from
amongst the hierarchy, which is (ostensibly) the information that the
API user is interested in for that field.
Diffstat (limited to 'spec/requests/api/projects_spec.rb')
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index ffe4512fa6f..0c48c796ceb 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1145,6 +1145,40 @@ describe API::Projects do .to eq(Gitlab::Access::OWNER) end end + + context 'nested group project', :nested_groups do + let(:group) { create(:group) } + let(:nested_group) { create(:group, parent: group) } + let(:project2) { create(:project, group: nested_group) } + + before do + project2.group.parent.add_owner(user) + end + + it 'sets group access and return 200' do + get api("/projects/#{project2.id}", user) + + expect(response).to have_gitlab_http_status(200) + expect(json_response['permissions']['project_access']).to be_nil + expect(json_response['permissions']['group_access']['access_level']) + .to eq(Gitlab::Access::OWNER) + end + + context 'with various access levels across nested groups' do + before do + project2.group.add_maintainer(user) + end + + it 'sets the maximum group access and return 200' do + get api("/projects/#{project2.id}", user) + + expect(response).to have_gitlab_http_status(200) + expect(json_response['permissions']['project_access']).to be_nil + expect(json_response['permissions']['group_access']['access_level']) + .to eq(Gitlab::Access::OWNER) + end + end + end end end end |