Fix access to projects shared with a nested groupdm-nested-group-shared-projects

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

2 files changed, 76 insertions, 2 deletions

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 6356f8b6c92..e86b4a761d9 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1429,7 +1429,7 @@ describe User, models: true do
     it { expect(user.nested_groups).to eq([nested_group]) }
   end
 
-  describe '#nested_projects' do
+  describe '#nested_groups_projects' do
     let!(:user) { create(:user) }
     let!(:group) { create(:group) }
     let!(:nested_group) { create(:group, parent: group) }
@@ -1444,7 +1444,7 @@ describe User, models: true do
       other_project.add_developer(create(:user))
     end
 
-    it { expect(user.nested_projects).to eq([nested_project]) }
+    it { expect(user.nested_groups_projects).to eq([nested_project]) }
   end
 
   describe '#refresh_authorized_projects', redis: true do
diff --git a/spec/services/users/refresh_authorized_projects_service_spec.rb b/spec/services/users/refresh_authorized_projects_service_spec.rb
index 690fe979492..08733d6dcf1 100644
--- a/spec/services/users/refresh_authorized_projects_service_spec.rb
+++ b/spec/services/users/refresh_authorized_projects_service_spec.rb
@@ -131,6 +131,80 @@ describe Users::RefreshAuthorizedProjectsService do
     it 'sets the values to the access levels' do
       expect(hash.values).to eq([Gitlab::Access::MASTER])
     end
+
+    context 'personal projects' do
+      it 'includes the project with the right access level' do
+        expect(hash[project.id]).to eq(Gitlab::Access::MASTER)
+      end
+    end
+
+    context 'projects the user is a member of' do
+      let!(:other_project) { create(:empty_project) }
+
+      before do
+        other_project.team.add_reporter(user)
+      end
+
+      it 'includes the project with the right access level' do
+        expect(hash[other_project.id]).to eq(Gitlab::Access::REPORTER)
+      end
+    end
+
+    context 'projects of groups the user is a member of' do
+      let(:group) { create(:group) }
+      let!(:other_project) { create(:project, group: group) }
+
+      before do
+        group.add_owner(user)
+      end
+
+      it 'includes the project with the right access level' do
+        expect(hash[other_project.id]).to eq(Gitlab::Access::OWNER)
+      end
+    end
+
+    context 'projects of subgroups of groups the user is a member of' do
+      let(:group) { create(:group) }
+      let(:nested_group) { create(:group, parent: group) }
+      let!(:other_project) { create(:project, group: nested_group) }
+
+      before do
+        group.add_master(user)
+      end
+
+      it 'includes the project with the right access level' do
+        expect(hash[other_project.id]).to eq(Gitlab::Access::MASTER)
+      end
+    end
+
+    context 'projects shared with groups the user is a member of' do
+      let(:group) { create(:group) }
+      let(:other_project) { create(:empty_project) }
+      let!(:project_group_link) { create(:project_group_link, project: other_project, group: group, group_access: Gitlab::Access::GUEST) }
+
+      before do
+        group.add_master(user)
+      end
+
+      it 'includes the project with the right access level' do
+        expect(hash[other_project.id]).to eq(Gitlab::Access::GUEST)
+      end
+    end
+
+    context 'projects shared with subgroups of groups the user is a member of' do
+      let(:group) { create(:group) }
+      let(:nested_group) { create(:group, parent: group) }
+      let(:other_project) { create(:empty_project) }
+      let!(:project_group_link) { create(:project_group_link, project: other_project, group: nested_group, group_access: Gitlab::Access::DEVELOPER) }
+
+      before do
+        group.add_master(user)
+      end
+
+      it 'includes the project with the right access level' do
+        expect(hash[other_project.id]).to eq(Gitlab::Access::DEVELOPER)
+      end
+    end
   end
 
   describe '#current_authorizations_per_project' do