From 47a4357018b79c834971be02fb549206150121c9 Mon Sep 17 00:00:00 2001 From: Dylan Griffith Date: Fri, 6 Dec 2019 12:31:28 +1100 Subject: Trigger Elasticsearch indexing when public group moved to private This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is caused by the fact that we leave the stale permissions data in the index after a group is moved to another group. --- app/services/groups/transfer_service.rb | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/app/services/groups/transfer_service.rb b/app/services/groups/transfer_service.rb index 24813f6ddf9..4e7875e0491 100644 --- a/app/services/groups/transfer_service.rb +++ b/app/services/groups/transfer_service.rb @@ -39,9 +39,15 @@ module Groups ensure_ownership end + post_update_hooks(@updated_project_ids) + true end + # Overridden in EE + def post_update_hooks(updated_project_ids) + end + def ensure_allowed_transfer raise_transfer_error(:group_is_already_root) if group_is_already_root? raise_transfer_error(:same_parent_as_current) if same_parent? @@ -96,9 +102,16 @@ module Groups .where(id: descendants.select(:id)) .update_all(visibility_level: @new_parent_group.visibility_level) - @group + projects_to_update = @group .all_projects .where("visibility_level > ?", @new_parent_group.visibility_level) + + # Used in post_update_hooks in EE. Must use pluck (and not select) + # here as after we perform the update below we won't be able to find + # these records again. + @updated_project_ids = projects_to_update.pluck(:id) + + projects_to_update .update_all(visibility_level: @new_parent_group.visibility_level) end # rubocop: enable CodeReuse/ActiveRecord -- cgit v1.2.1