diff options
-rw-r--r-- | app/models/project.rb | 15 | ||||
-rw-r--r-- | lib/api/entities/project.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/background_migration/user_mentions/models/group.rb | 4 | ||||
-rw-r--r-- | spec/lib/api/entities/project_spec.rb | 39 | ||||
-rw-r--r-- | spec/requests/api/projects_spec.rb | 2 |
5 files changed, 62 insertions, 2 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 6eb19b4462c..00a572b775d 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2714,8 +2714,23 @@ class Project < ApplicationRecord self.errors.add(:base, _("Could not change HEAD: branch '%{branch}' does not exist") % { branch: branch }) end + def visible_group_links(for_user:) + user = for_user + links = project_group_links_with_preload + user.max_member_access_for_group_ids(links.map(&:group_id)) if user && links.any? + + DeclarativePolicy.user_scope do + links.select { Ability.allowed?(user, :read_group, _1.group) } + end + end + private + # overridden in EE + def project_group_links_with_preload + project_group_links + end + def save_topics return if @topic_list.nil? diff --git a/lib/api/entities/project.rb b/lib/api/entities/project.rb index df0c1d7a4c5..41320d184f9 100644 --- a/lib/api/entities/project.rb +++ b/lib/api/entities/project.rb @@ -100,7 +100,9 @@ module API expose :build_coverage_regex expose :ci_config_path, if: -> (project, options) { Ability.allowed?(options[:current_user], :download_code, project) } expose :shared_with_groups do |project, options| - SharedGroupWithProject.represent(project.project_group_links, options) + user = options[:current_user] + + SharedGroupWithProject.represent(project.visible_group_links(for_user: user), options) end expose :only_allow_merge_if_pipeline_succeeds expose :allow_merge_on_skipped_pipeline diff --git a/lib/gitlab/background_migration/user_mentions/models/group.rb b/lib/gitlab/background_migration/user_mentions/models/group.rb index a8b4b59b06c..310723570c2 100644 --- a/lib/gitlab/background_migration/user_mentions/models/group.rb +++ b/lib/gitlab/background_migration/user_mentions/models/group.rb @@ -11,6 +11,10 @@ module Gitlab has_one :saml_provider + def root_saml_provider + root_ancestor.saml_provider + end + def self.declarative_policy_class "GroupPolicy" end diff --git a/spec/lib/api/entities/project_spec.rb b/spec/lib/api/entities/project_spec.rb new file mode 100644 index 00000000000..8d1c3aa878d --- /dev/null +++ b/spec/lib/api/entities/project_spec.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ::API::Entities::Project do + let(:project) { create(:project, :public) } + let(:current_user) { create(:user) } + let(:options) { { current_user: current_user } } + + let(:entity) do + ::API::Entities::Project.new(project, options) + end + + subject(:json) { entity.as_json } + + describe '.shared_with_groups' do + let(:group) { create(:group, :private) } + + before do + project.project_group_links.create!(group: group) + end + + context 'when the current user does not have access to the group' do + it 'is empty' do + expect(json[:shared_with_groups]).to be_empty + end + end + + context 'when the current user has access to the group' do + before do + group.add_guest(current_user) + end + + it 'contains information about the shared group' do + expect(json[:shared_with_groups]).to contain_exactly(include(group_id: group.id)) + end + end + end +end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index b5d3dcee804..9b23c008ae7 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -990,7 +990,7 @@ RSpec.describe API::Projects do expect do get api('/projects', admin) - end.not_to exceed_query_limit(control.count) + end.not_to exceed_query_limit(control) end end end |