diff options
| -rw-r--r-- | app/models/group.rb | 10 | ||||
| -rw-r--r-- | spec/models/group_spec.rb | 17 |
2 files changed, 21 insertions, 6 deletions
diff --git a/app/models/group.rb b/app/models/group.rb index 480b90b279e..ece68cd3753 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -251,7 +251,15 @@ class Group < Namespace def secret_variables_for(ref, project) list_of_ids = ([self] + ancestors).map { |l| l.id } - variables = Ci::GroupVariable.where("group_id IN (#{list_of_ids.join(", ")})") + + order = list_of_ids.map.with_index do |id, index| + "WHEN #{id} THEN #{index}" + end.join("\n") + + variables = Ci::GroupVariable + .where("group_id IN (#{list_of_ids.join(", ")})") + .order("CASE group_id #{order} END DESC") + project.protected_for?(ref) ? variables : variables.unprotected end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index dab33aa4418..399020953e8 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -466,14 +466,21 @@ describe Group, models: true do it_behaves_like 'ref is protected' end - context 'when group has a child' do - let!(:group_child) { create(:group, :access_requestable, parent: group) } + context 'when group has children' do + let!(:group_child) { create(:group, parent: group) } let!(:variable_child) { create(:ci_group_variable, group: group_child) } - - subject { group_child.secret_variables_for('ref', project) } + let!(:group_child_3) { create(:group, parent: group_child_2) } + let!(:variable_child_3) { create(:ci_group_variable, group: group_child_3) } + let!(:group_child_2) { create(:group, parent: group_child) } + let!(:variable_child_2) { create(:ci_group_variable, group: group_child_2) } it 'returns all variables belong to the group and parent groups' do - is_expected.to contain_exactly(secret_variable, protected_variable, variable_child) + expected_array1 = [protected_variable, secret_variable] + expected_array2 = [variable_child, variable_child_2, variable_child_3] + got_array = group_child_3.secret_variables_for('ref', project).to_a + + expect(got_array.shift(2)).to contain_exactly(*expected_array1) + expect(got_array).to eq(expected_array2) end end end |