From 32ddc3fed616b9eebdd7b5553d4aa08c0572ff1d Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 30 Apr 2019 11:39:15 -0700 Subject: Allow a member to have an access level equal to parent group Suppose you have this configuration: 1. Subgroup `hello/world` 2. Subgroup `hello/mergers`. 3. Project `hello/world/my-project` has invited group `hello/world` to access protected branches. 4. The rule allows the group to merge but no one can push. 5. User `newuser` has Owner access to the parent group `hello`. Previously, there was no way for the user `newuser` to be added to the `hello/mergers` group since the validation only allowed a user to be added at a higher access level. Since membership in a subgroup confers certain access rights, such as being able to merge or push code to protected branches, we have to loosen the validation and allow someone to be added at an equal level granted by the parent group. Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/11323 --- spec/support/shared_examples/models/member_shared_examples.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/support/shared_examples') diff --git a/spec/support/shared_examples/models/member_shared_examples.rb b/spec/support/shared_examples/models/member_shared_examples.rb index 77376496854..e5375bc8280 100644 --- a/spec/support/shared_examples/models/member_shared_examples.rb +++ b/spec/support/shared_examples/models/member_shared_examples.rb @@ -41,7 +41,7 @@ shared_examples_for 'inherited access level as a member of entity' do member.update(access_level: Gitlab::Access::REPORTER) - expect(member.errors.full_messages).to eq(["Access level should be higher than Developer inherited membership from group #{parent_entity.name}"]) + expect(member.errors.full_messages).to eq(["Access level should be greater than or equal to Developer inherited membership from group #{parent_entity.name}"]) end it 'allows changing the level from a non existing member' do -- cgit v1.2.1