spec/features/groups/members/manage_members_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Groups > Members > Manage members' do
  include Spec::Support::Helpers::Features::MembersHelpers
  include Spec::Support::Helpers::Features::InviteMembersModalHelper
  include Spec::Support::Helpers::ModalHelpers

  let_it_be(:user1) { create(:user, name: 'John Doe') }
  let_it_be(:user2) { create(:user, name: 'Mary Jane') }
  let_it_be(:group) { create(:group) }

  before do
    sign_in(user1)
  end

  shared_examples 'includes the correct Invite link' do |should_include|
    it 'includes the modal trigger', :aggregate_failures do
      group.add_owner(user1)

      visit group_group_members_path(group)

      expect(page).to have_selector(should_include)
    end
  end

  it_behaves_like 'includes the correct Invite link', '.js-invite-members-trigger'
  it_behaves_like 'includes the correct Invite link', '.js-invite-group-trigger'

  it 'update user to owner level', :js do
    group.add_owner(user1)
    group.add_developer(user2)

    visit group_group_members_path(group)

    page.within(second_row) do
      click_button('Developer')
      click_button('Owner')

      expect(page).to have_button('Owner')
    end
  end

  it 'remove user from group', :js do
    group.add_owner(user1)
    group.add_developer(user2)

    visit group_group_members_path(group)

    # Open modal
    page.within(second_row) do
      click_button 'Remove member'
    end

    within_modal do
      expect(page).to have_unchecked_field 'Also unassign this user from related issues and merge requests'
      click_button('Remove member')
    end

    wait_for_requests

    aggregate_failures do
      expect(page).not_to have_content(user2.name)
      expect(group.users).not_to include(user2)
    end
  end

  context 'when inviting' do
    it 'add yourself to group when already an owner', :js do
      group.add_owner(user1)

      visit group_group_members_path(group)

      invite_member(user1.name, role: 'Reporter', refresh: false)

      expect(page).to have_selector(invite_modal_selector)
      expect(page).to have_content("not authorized to update member")

      page.refresh

      page.within find_member_row(user1) do
        expect(page).to have_content('Owner')
      end
    end

    it_behaves_like 'inviting members', 'group-members-page' do
      let_it_be(:entity) { group }
      let_it_be(:members_page_path) { group_group_members_path(entity) }
      let_it_be(:subentity) { create(:group, parent: group) }
      let_it_be(:subentity_members_page_path) { group_group_members_path(subentity) }
    end
  end

  context 'when user is a guest' do
    before do
      group.add_guest(user1)
      group.add_developer(user2)

      visit group_group_members_path(group)
    end

    it 'does not include either of the invite members or invite group modal buttons', :aggregate_failures do
      expect(page).not_to have_selector '.js-invite-members-modal'
      expect(page).not_to have_selector '.js-invite-group-modal'
    end

    it 'does not include a button on the members page list to manage or remove the existing member', :js, :aggregate_failures do
      page.within(second_row) do
        # Can not modify user2 role
        expect(page).not_to have_button 'Developer'

        # Can not remove user2
        expect(page).not_to have_selector 'button[title="Remove member"]'
      end
    end
  end

  describe 'member search results', :js do
    before do
      group.add_owner(user1)
    end

    it 'does not disclose email addresses' do
      create(:user, email: 'undisclosed_email@gitlab.com', name: "Jane 'invisible' Doe")

      visit group_group_members_path(group)

      click_on 'Invite members'
      find(member_dropdown_selector).set('@gitlab.com')

      wait_for_requests

      expect(page).to have_content('No matches found')

      find(member_dropdown_selector).set('undisclosed_email@gitlab.com')
      wait_for_requests

      expect(page).to have_content('Invite "undisclosed_email@gitlab.com" by email')
    end

    it 'does not show project_bots', :aggregate_failures do
      internal_project_bot = create(:user, :project_bot, name: '_internal_project_bot_')
      project = create(:project, group: group)
      project.add_maintainer(internal_project_bot)

      external_group = create(:group)
      external_project_bot = create(:user, :project_bot, name: '_external_project_bot_')
      external_project = create(:project, group: external_group)
      external_project.add_maintainer(external_project_bot)
      external_project.add_maintainer(user1)

      visit group_group_members_path(group)

      click_on 'Invite members'

      page.within invite_modal_selector do
        field = find(member_dropdown_selector)
        field.native.send_keys :tab
        field.click

        wait_for_requests

        expect(page).to have_content(user1.name)
        expect(page).to have_content(user2.name)
        expect(page).not_to have_content(internal_project_bot.name)
        expect(page).not_to have_content(external_project_bot.name)
      end
    end
  end
end