Remove explicit audit event log in MembershipActions

Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2017-10-11 16:47:08 +0200
committer: Rémy Coutable <remy@rymai.me> 2018-02-27 16:02:22 +0100
commit: bf41063679b25371b2e64542f2f469b38502edf6 (patch)
tree: bc7363df6d75c628f593b29426b59ba05b10a223 /spec/services
parent: 3bf448267b117e79f08ab2f4b769d24a705a5f0f (diff)
download: gitlab-ce-bf41063679b25371b2e64542f2f469b38502edf6.tar.gz
4 files changed, 144 insertions, 103 deletions
diff --git a/spec/services/members/approve_access_request_service_spec.rb b/spec/services/members/approve_access_request_service_spec.rb
index b3018169a1c..90c81c413a4 100644
--- a/spec/services/members/approve_access_request_service_spec.rb
+++ b/spec/services/members/approve_access_request_service_spec.rb
@@ -1,70 +1,57 @@
 require 'spec_helper'
 
 describe Members::ApproveAccessRequestService do
-  let(:user) { create(:user) }
-  let(:access_requester) { create(:user) }
   let(:project) { create(:project, :public, :access_requestable) }
   let(:group) { create(:group, :public, :access_requestable) }
+  let(:current_user) { create(:user) }
+  let(:access_requester_user) { create(:user) }
+  let(:access_requester) { source.requesters.find_by!(user_id: access_requester_user.id) }
+  let(:params) { {} }
   let(:opts) { {} }
 
   shared_examples 'a service raising ActiveRecord::RecordNotFound' do
     it 'raises ActiveRecord::RecordNotFound' do
-      expect { described_class.new(source, user, params).execute(opts) }.to raise_error(ActiveRecord::RecordNotFound)
+      expect { described_class.new(source, current_user, params).execute(access_requester, opts) }.to raise_error(ActiveRecord::RecordNotFound)
     end
   end
 
   shared_examples 'a service raising Gitlab::Access::AccessDeniedError' do
     it 'raises Gitlab::Access::AccessDeniedError' do
-      expect { described_class.new(source, user, params).execute(opts) }.to raise_error(Gitlab::Access::AccessDeniedError)
+      expect { described_class.new(source, current_user, params).execute(access_requester, opts) }.to raise_error(Gitlab::Access::AccessDeniedError)
     end
   end
 
   shared_examples 'a service approving an access request' do
     it 'succeeds' do
-      expect { described_class.new(source, user, params).execute(opts) }.to change { source.requesters.count }.by(-1)
+      expect { described_class.new(source, current_user, params).execute(access_requester, opts) }.to change { source.requesters.count }.by(-1)
     end
 
     it 'returns a <Source>Member' do
-      member = described_class.new(source, user, params).execute(opts)
+      member = described_class.new(source, current_user, params).execute(access_requester, opts)
 
       expect(member).to be_a "#{source.class}Member".constantize
       expect(member.requested_at).to be_nil
     end
 
     context 'with a custom access level' do
-      let(:params2) { params.merge(user_id: access_requester.id, access_level: Gitlab::Access::MASTER) }
-
       it 'returns a ProjectMember with the custom access level' do
-        member = described_class.new(source, user, params2).execute(opts)
+        member = described_class.new(source, current_user, params.merge(access_level: Gitlab::Access::MASTER)).execute(access_requester, opts)
 
-        expect(member.access_level).to eq Gitlab::Access::MASTER
+        expect(member.access_level).to eq(Gitlab::Access::MASTER)
       end
     end
   end
 
-  context 'when no access requester are found' do
-    let(:params) { { user_id: 42 } }
-
-    it_behaves_like 'a service raising ActiveRecord::RecordNotFound' do
-      let(:source) { project }
-    end
-
-    it_behaves_like 'a service raising ActiveRecord::RecordNotFound' do
-      let(:source) { group }
-    end
-  end
-
   context 'when an access requester is found' do
     before do
-      project.request_access(access_requester)
-      group.request_access(access_requester)
+      project.request_access(access_requester_user)
+      group.request_access(access_requester_user)
     end
-    let(:params) { { user_id: access_requester.id } }
 
     context 'when current user is nil' do
       let(:user) { nil }
 
-      context 'and :force option is not given' do
+      context 'and :ldap option is not given' do
         it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
           let(:source) { project }
         end
@@ -74,8 +61,8 @@ describe Members::ApproveAccessRequestService do
         end
       end
 
-      context 'and :force option is false' do
-        let(:opts) { { force: false } }
+      context 'and :ldap option is false' do
+        let(:opts) { { ldap: false } }
 
         it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
           let(:source) { project }
@@ -86,8 +73,8 @@ describe Members::ApproveAccessRequestService do
         end
       end
 
-      context 'and :force option is true' do
-        let(:opts) { { force: true } }
+      context 'and :ldap option is true' do
+        let(:opts) { { ldap: true } }
 
         it_behaves_like 'a service approving an access request' do
           let(:source) { project }
@@ -98,8 +85,8 @@ describe Members::ApproveAccessRequestService do
         end
       end
 
-      context 'and :force param is true' do
-        let(:params) { { user_id: access_requester.id, force: true } }
+      context 'and :ldap param is true' do
+        let(:params) { { ldap: true } }
 
         it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
           let(:source) { project }
@@ -123,8 +110,8 @@ describe Members::ApproveAccessRequestService do
 
     context 'when current user can approve access request to the project' do
       before do
-        project.add_master(user)
-        group.add_owner(user)
+        project.add_master(current_user)
+        group.add_owner(current_user)
       end
 
       it_behaves_like 'a service approving an access request' do
@@ -134,14 +121,6 @@ describe Members::ApproveAccessRequestService do
       it_behaves_like 'a service approving an access request' do
         let(:source) { group }
       end
-
-      context 'when given a :id' do
-        let(:params) { { id: project.requesters.find_by!(user_id: access_requester.id).id } }
-
-        it_behaves_like 'a service approving an access request' do
-          let(:source) { project }
-        end
-      end
     end
   end
 end
diff --git a/spec/services/members/authorized_destroy_service_spec.rb b/spec/services/members/authorized_destroy_service_spec.rb
index 9cf6f64a078..db3435398bd 100644
--- a/spec/services/members/authorized_destroy_service_spec.rb
+++ b/spec/services/members/authorized_destroy_service_spec.rb
@@ -17,7 +17,7 @@ describe Members::AuthorizedDestroyService do
 
       member = create :project_member, :invited, project: project
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .to change { Member.count }.from(3).to(2)
     end
 
@@ -26,7 +26,7 @@ describe Members::AuthorizedDestroyService do
 
       member = create :project_member, :invited, project: project
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .not_to change { NotificationSetting.count }
     end
 
@@ -35,7 +35,7 @@ describe Members::AuthorizedDestroyService do
 
       member = create :group_member, :invited, group: group
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .to change { Member.count }.from(2).to(1)
     end
 
@@ -44,7 +44,7 @@ describe Members::AuthorizedDestroyService do
 
       member = create :group_member, :invited, group: group
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .not_to change { NotificationSetting.count }
     end
   end
@@ -53,7 +53,7 @@ describe Members::AuthorizedDestroyService do
     it "doesn't destroy member notification_settings" do
       member = create(:project_member, user: member_user, requested_at: Time.now)
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .not_to change { NotificationSetting.count }
     end
   end
@@ -71,7 +71,7 @@ describe Members::AuthorizedDestroyService do
       merge_request = create :merge_request, target_project: group_project, source_project: group_project, assignee: member_user
       create :merge_request, target_project: project, source_project: project, assignee: member_user
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .to change { number_of_assigned_issuables(member_user) }.from(4).to(2)
 
       expect(issue.reload.assignee_ids).to be_empty
@@ -82,7 +82,7 @@ describe Members::AuthorizedDestroyService do
       group.add_developer(member_user)
       member = group.members.find_by(user_id: member_user.id)
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .to change { member_user.notification_settings.count }.by(-1)
     end
   end
@@ -98,12 +98,12 @@ describe Members::AuthorizedDestroyService do
       create :issue, project: project, assignees: [member_user]
       create :merge_request, target_project: project, source_project: project, assignee: member_user
 
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .to change { number_of_assigned_issuables(member_user) }.from(2).to(0)
     end
 
     it 'destroys member notification_settings' do
-      expect { described_class.new(member, member_user).execute }
+      expect { described_class.new(member_user).execute(member) }
         .to change { member_user.notification_settings.count }.by(-1)
     end
   end
diff --git a/spec/services/members/destroy_service_spec.rb b/spec/services/members/destroy_service_spec.rb
index 91152df3ad9..7464d73fd26 100644
--- a/spec/services/members/destroy_service_spec.rb
+++ b/spec/services/members/destroy_service_spec.rb
@@ -1,80 +1,55 @@
 require 'spec_helper'
 
 describe Members::DestroyService do
-  let(:user) { create(:user) }
+  let(:current_user) { create(:user) }
   let(:member_user) { create(:user) }
   let(:project) { create(:project, :public) }
   let(:group) { create(:group, :public) }
 
   shared_examples 'a service raising ActiveRecord::RecordNotFound' do
     it 'raises ActiveRecord::RecordNotFound' do
-      expect { described_class.new(source, user, params).execute }.to raise_error(ActiveRecord::RecordNotFound)
+      expect { described_class.new(source, current_user).execute(member) }.to raise_error(ActiveRecord::RecordNotFound)
     end
   end
 
   shared_examples 'a service raising Gitlab::Access::AccessDeniedError' do
     it 'raises Gitlab::Access::AccessDeniedError' do
-      expect { described_class.new(source, user, params).execute }.to raise_error(Gitlab::Access::AccessDeniedError)
+      expect { described_class.new(source, current_user).execute(member) }.to raise_error(Gitlab::Access::AccessDeniedError)
     end
   end
 
   shared_examples 'a service destroying a member' do
     it 'destroys the member' do
-      expect { described_class.new(source, user, params).execute }.to change { source.members.count }.by(-1)
+      expect { described_class.new(source, current_user).execute(member) }.to change { source.members.count }.by(-1)
     end
+  end
 
-    context 'when the given member is an access requester' do
-      before do
-        source.members.find_by(user_id: member_user).destroy
-        source.update_attributes(request_access_enabled: true)
-        source.request_access(member_user)
-      end
-      let(:access_requester) { source.requesters.find_by(user_id: member_user) }
-
-      it_behaves_like 'a service raising ActiveRecord::RecordNotFound'
-
-      %i[requesters all].each do |scope|
-        context "and #{scope} scope is passed" do
-          it 'destroys the access requester' do
-            expect { described_class.new(source, user, params).execute(scope) }.to change { source.requesters.count }.by(-1)
-          end
-
-          it 'calls Member#after_decline_request' do
-            expect_any_instance_of(NotificationService).to receive(:decline_access_request).with(access_requester)
-
-            described_class.new(source, user, params).execute(scope)
-          end
-
-          context 'when current user is the member' do
-            it 'does not call Member#after_decline_request' do
-              expect_any_instance_of(NotificationService).not_to receive(:decline_access_request).with(access_requester)
-
-              described_class.new(source, member_user, params).execute(scope)
-            end
-          end
-        end
-      end
+  shared_examples 'a service destroying an access requester' do
+    it 'destroys the access requester' do
+      expect { described_class.new(source, current_user).execute(access_requester) }.to change { source.requesters.count }.by(-1)
     end
-  end
 
-  context 'when no member are found' do
-    let(:params) { { user_id: 42 } }
+    it 'calls Member#after_decline_request' do
+      expect_any_instance_of(NotificationService).to receive(:decline_access_request).with(access_requester)
 
-    it_behaves_like 'a service raising ActiveRecord::RecordNotFound' do
-      let(:source) { project }
+      described_class.new(source, current_user).execute(access_requester)
     end
 
-    it_behaves_like 'a service raising ActiveRecord::RecordNotFound' do
-      let(:source) { group }
+    context 'when current user is the member' do
+      it 'does not call Member#after_decline_request' do
+        expect_any_instance_of(NotificationService).not_to receive(:decline_access_request).with(access_requester)
+
+        described_class.new(source, member_user).execute(access_requester)
+      end
     end
   end
 
-  context 'when a member is found' do
+  context 'with a member' do
     before do
       project.add_developer(member_user)
       group.add_developer(member_user)
     end
-    let(:params) { { user_id: member_user.id } }
+    let(:member) { source.members.find_by(user_id: member_user.id) }
 
     context 'when current user cannot destroy the given member' do
       it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
@@ -88,8 +63,8 @@ describe Members::DestroyService do
 
     context 'when current user can destroy the given member' do
       before do
-        project.add_master(user)
-        group.add_owner(user)
+        project.add_master(current_user)
+        group.add_owner(current_user)
       end
 
       it_behaves_like 'a service destroying a member' do
@@ -99,14 +74,42 @@ describe Members::DestroyService do
       it_behaves_like 'a service destroying a member' do
         let(:source) { group }
       end
+    end
+  end
 
-      context 'when given a :id' do
-        let(:params) { { id: project.members.find_by!(user_id: user.id).id } }
+  context 'with an access requester' do
+    before do
+      project.update_attributes(request_access_enabled: true)
+      group.update_attributes(request_access_enabled: true)
+      project.request_access(member_user)
+      group.request_access(member_user)
+    end
+    let(:access_requester) { source.requesters.find_by(user_id: member_user.id) }
 
-        it 'destroys the member' do
-          expect { described_class.new(project, user, params).execute }
-            .to change { project.members.count }.by(-1)
-        end
+    context 'when current user cannot destroy the given access requester' do
+      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
+        let(:source) { project }
+        let(:member) { access_requester }
+      end
+
+      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
+        let(:source) { group }
+        let(:member) { access_requester }
+      end
+    end
+
+    context 'when current user can destroy the given access requester' do
+      before do
+        project.add_master(current_user)
+        group.add_owner(current_user)
+      end
+
+      it_behaves_like 'a service destroying an access requester' do
+        let(:source) { project }
+      end
+
+      it_behaves_like 'a service destroying an access requester' do
+        let(:source) { group }
       end
     end
   end
diff --git a/spec/services/members/update_service_spec.rb b/spec/services/members/update_service_spec.rb
new file mode 100644
index 00000000000..17c5f643f23
--- /dev/null
+++ b/spec/services/members/update_service_spec.rb
@@ -0,0 +1,59 @@
+require 'spec_helper'
+
+describe Members::UpdateService do
+  let(:project) { create(:project, :public) }
+  let(:group) { create(:group, :public) }
+  let(:current_user) { create(:user) }
+  let(:member_user) { create(:user) }
+  let(:permission) { :update }
+  let(:member) { source.members_and_requesters.find_by!(user_id: member_user.id) }
+  let(:params) do
+    { access_level: Gitlab::Access::MASTER }
+  end
+
+  shared_examples 'a service raising Gitlab::Access::AccessDeniedError' do
+    it 'raises Gitlab::Access::AccessDeniedError' do
+      expect { described_class.new(source, current_user, params).execute(member, permission: permission) }
+        .to raise_error(Gitlab::Access::AccessDeniedError)
+    end
+  end
+
+  shared_examples 'a service updating a member' do
+    it 'updates the member' do
+      updated_member = described_class.new(source, current_user, params).execute(member, permission: permission)
+
+      expect(updated_member).to be_valid
+      expect(updated_member.access_level).to eq(Gitlab::Access::MASTER)
+    end
+  end
+
+  before do
+    project.add_developer(member_user)
+    group.add_developer(member_user)
+  end
+
+  context 'when current user cannot update the given member' do
+    it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
+      let(:source) { project }
+    end
+
+    it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
+      let(:source) { group }
+    end
+  end
+
+  context 'when current user can update the given member' do
+    before do
+      project.add_master(current_user)
+      group.add_owner(current_user)
+    end
+
+    it_behaves_like 'a service updating a member' do
+      let(:source) { project }
+    end
+
+    it_behaves_like 'a service updating a member' do
+      let(:source) { group }
+    end
+  end
+end
author	Rémy Coutable <remy@rymai.me>	2017-10-11 16:47:08 +0200
committer	Rémy Coutable <remy@rymai.me>	2018-02-27 16:02:22 +0100
commit	bf41063679b25371b2e64542f2f469b38502edf6 (patch)
tree	bc7363df6d75c628f593b29426b59ba05b10a223 /spec/services
parent	3bf448267b117e79f08ab2f4b769d24a705a5f0f (diff)
download	gitlab-ce-bf41063679b25371b2e64542f2f469b38502edf6.tar.gz