Trigger Elasticsearch indexing when public group moved to private

This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is
caused by the fact that we leave the stale permissions data in the index
after a group is moved to another group.

1 files changed, 14 insertions, 1 deletions

diff --git a/app/services/groups/transfer_service.rb b/app/services/groups/transfer_service.rb
index 24813f6ddf9..4e7875e0491 100644
--- a/app/services/groups/transfer_service.rb
+++ b/app/services/groups/transfer_service.rb
@@ -39,9 +39,15 @@ module Groups
         ensure_ownership
       end
 
+      post_update_hooks(@updated_project_ids)
+
       true
     end
 
+    # Overridden in EE
+    def post_update_hooks(updated_project_ids)
+    end
+
     def ensure_allowed_transfer
       raise_transfer_error(:group_is_already_root) if group_is_already_root?
       raise_transfer_error(:same_parent_as_current) if same_parent?
@@ -96,9 +102,16 @@ module Groups
         .where(id: descendants.select(:id))
         .update_all(visibility_level: @new_parent_group.visibility_level)
 
-      @group
+      projects_to_update = @group
         .all_projects
         .where("visibility_level > ?", @new_parent_group.visibility_level)
+
+      # Used in post_update_hooks in EE. Must use pluck (and not select)
+      # here as after we perform the update below we won't be able to find
+      # these records again.
+      @updated_project_ids = projects_to_update.pluck(:id)
+
+      projects_to_update
         .update_all(visibility_level: @new_parent_group.visibility_level)
     end
     # rubocop: enable CodeReuse/ActiveRecord