From 56861a19a3466342ed8a489b417c3630c9d61fed Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:13:24 -0700 Subject: Add changelog --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/maintainers-can-create-subgroup.yml diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml new file mode 100644 index 00000000000..b537862c8af --- /dev/null +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -0,0 +1,5 @@ +--- +title: Maintainers can crete subgroups +merge_request: 29718 +author: Fabio Papa +type: changed -- cgit v1.2.1 From 1f07faa95a60983e4623845f451e89a5b2c92bbe Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:16:55 -0700 Subject: Add failing feature spec detailing a maintainer creating a subgroup - Change the two existing feature examples that create a subgroup to elucidate that the owner is creating the subgroup - Nest two more specs inside the 'subgroup support' context detailing what happens when a maintainer attempts to add a subgroup (one with subgroup support, and one without) --- spec/features/groups/show_spec.rb | 61 ++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9671a4d8c49..2654d06cd8c 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,32 +56,67 @@ describe 'Group show page' do end context 'subgroup support' do - let(:user) { create(:user) } + let(:owner) { create(:user) } + let(:maintainer) { create(:user) } before do - group.add_owner(user) - sign_in(user) + group.add_owner(owner) + group.add_maintainer(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'for owners' do before do - allow(Group).to receive(:supports_nested_objects?) { true } - visit path + sign_in(owner) end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end - context 'when subgroups are not supported' do + context 'for maintainers' do before do - allow(Group).to receive(:supports_nested_objects?) { false } - visit path + sign_in(maintainer) + end + + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end end - it 'allows creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end end -- cgit v1.2.1 From 3cc3cf978f60b1a0f2c627345deef6f5e82254a0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..b4b09d3295f 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 66b18427755fcc771267a9e3ca87c6d58db4496d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 12:23:56 -0700 Subject: Update the group policy to allow >= maintainer to create subgroups All specs passing --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..d92bcded19d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 60a4cdc2e2cdb0a2de061a36ac83ff53e703cb16 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/requests/api/groups_spec.rb | 4 ++-- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4b09d3295f..a40d3087f6e 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From a113c5caba4007ff132f6cba01658b9e4cfc64b6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 18:15:56 +0000 Subject: Apply suggestion to changelogs/unreleased/maintainers-can-create-subgroup.yml --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml index b537862c8af..180f0f7247f 100644 --- a/changelogs/unreleased/maintainers-can-create-subgroup.yml +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -1,5 +1,5 @@ --- -title: Maintainers can crete subgroups +title: Maintainers can create subgroups merge_request: 29718 author: Fabio Papa type: changed -- cgit v1.2.1 From a3064967327f7bf3069f3903bd20120d2d3a9ed9 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/controllers/admin/groups_controller_spec.rb | 6 ++ spec/factories/groups.rb | 1 + spec/features/groups/group_settings_spec.rb | 8 +++ spec/models/group_spec.rb | 8 +++ spec/policies/group_policy_spec.rb | 70 ++++++++++++++++++++++ .../policies/group_policy_shared_context.rb | 16 ++--- 6 files changed, 99 insertions(+), 10 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 509d8944e3a..df11321537f 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -68,5 +68,11 @@ describe Admin::GroupsController do post :update, params: { id: group.to_param, group: { project_creation_level: ::Gitlab::Access::NO_ONE_PROJECT_ACCESS } } end.to change { group.reload.project_creation_level }.to(::Gitlab::Access::NO_ONE_PROJECT_ACCESS) end + + it 'updates the subgroup_creation_level successfully' do + expect do + post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 18a0c2ec731..2f50fbfe2fa 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 5cef5f0521f..95534d5a2ba 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -85,6 +85,14 @@ describe 'Edit group settings' do end end + describe 'subgroup creation level menu' do + it 'shows the selection menu' do + visit edit_group_path(group) + + expect(page).to have_content('Allowed to create subgroups') + end + end + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index d7accbef6bd..426e2526a01 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -1023,4 +1023,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'outputs the default one if it is nil' do + group = create(:group, subgroup_creation_level: nil) + + expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 59f3a961d50..aed9a8e34ff 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -163,6 +163,18 @@ describe GroupPolicy do expect_allowed(*updated_owner_permissions) end end + + context 'maintainer' do + let(:current_user) { maintainer } + + it 'allows every maintainer permission except creating subgroups' do + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + + expect_disallowed(*create_subgroup_permission) + expect_allowed(*updated_maintainer_permissions) + end + end end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do @@ -461,6 +473,64 @@ describe GroupPolicy do end end + context "create_subgroup" do + context 'when group has subgroup creation level set to owner' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + + context 'when group has subgroup creation level set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + end + it_behaves_like 'clusterable policies' do let(:clusterable) { create(:group) } let(:cluster) do diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index a40d3087f6e..b4808ac0068 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From a1b9ace31ee0d9c602cb266e9bf94f2e37b14ce7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:46:48 -0700 Subject: Reset group policy to only allow >= owners to create subgroups --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index d92bcded19d..ea86858181d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { maintainer & nested_groups_supported }.enable :create_subgroup + rule { owner & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 521d4c76db6d18468bdee6d28d5dc408c7c7a09f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:49:27 -0700 Subject: Add a subgroup_creation_level column to the namespaces table --- ...6175626_add_group_creation_level_to_namespaces.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb new file mode 100644 index 00000000000..b0ea74d4765 --- /dev/null +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + disable_ddl_transaction! + + def up + unless column_exists?(:namespaces, :subgroup_creation_level) + add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + end + end + + def down + if column_exists?(:namespaces, :subgroup_creation_level) + remove_column(:namespaces, :subgroup_creation_level) + end + end +end -- cgit v1.2.1 From 58e4c7fea3a4ffcccac77290bd54f1b59475af0e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:39:04 -0700 Subject: Add constants representing Owner and Maintainer group access levels --- lib/gitlab/access.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 6eb08f674c2..77076ead47a 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -29,6 +29,10 @@ module Gitlab MAINTAINER_PROJECT_ACCESS = 1 DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2 + # Default subgroup creation level + OWNER_SUBGROUP_ACCESS = 0 + MAINTAINER_SUBGROUP_ACCESS = 1 + class << self delegate :values, to: :options -- cgit v1.2.1 From 5f9bc7992d042eebd425ae3e0a6a3f35b73a7804 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:45:58 -0700 Subject: Add subgroup_creation_level to the list of allowed group params For both groups_controller and admin/groups_controller --- app/controllers/admin/groups_controller.rb | 3 ++- app/controllers/groups_controller.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 15f7ef881c8..6317fa7c8d1 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -90,7 +90,8 @@ class Admin::GroupsController < Admin::ApplicationController :visibility_level, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index e936d771502..6bb72476959 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -188,7 +188,8 @@ class GroupsController < Groups::ApplicationController :chat_team_name, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end -- cgit v1.2.1 From 50bd9ddf2ec67594eb8c28f2c8fb5b262be2c515 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:11:09 -0700 Subject: Add "allowed to create subgroups" dropdown to group settings form --- app/views/groups/settings/_permissions.html.haml | 1 + app/views/groups/settings/_subgroup_creation_level.html.haml | 3 +++ lib/gitlab/access.rb | 7 +++++++ 3 files changed, 11 insertions(+) create mode 100644 app/views/groups/settings/_subgroup_creation_level.html.haml diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 0a14830c666..b5562198984 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -19,6 +19,7 @@ = render 'groups/settings/lfs', f: f = render 'groups/settings/project_creation_level', f: f, group: @group + = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/two_factor_auth', f: f = render_if_exists 'groups/member_lock_setting', f: f, group: @group diff --git a/app/views/groups/settings/_subgroup_creation_level.html.haml b/app/views/groups/settings/_subgroup_creation_level.html.haml new file mode 100644 index 00000000000..f36ad192bad --- /dev/null +++ b/app/views/groups/settings/_subgroup_creation_level.html.haml @@ -0,0 +1,3 @@ +.form-group + = f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold' + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control' diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 77076ead47a..7ef9f7ef630 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -110,6 +110,13 @@ module Gitlab def project_creation_level_name(name) project_creation_options.key(name) end + + def subgroup_creation_options + { + s_('SubgroupCreationlevel|Owners') => OWNER_SUBGROUP_ACCESS, + s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS + } + end end def human_access -- cgit v1.2.1 From 7bf0ce2283334752bd88a8eb63aa16e5b4b33864 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:17:24 -0700 Subject: Make the group model return maintainer level when it is not set --- app/models/group.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index dbec211935d..f32312c6f43 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -418,6 +418,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement -- cgit v1.2.1 From 075a6328813ee3733e23254d8e7540b59ec789c0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 15:53:46 -0700 Subject: Add policy to allow maintainers to create subgroups when enabled --- app/policies/group_policy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..bd1eb02ca1f 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -43,6 +43,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -110,6 +114,7 @@ class GroupPolicy < BasePolicy end rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 9caf32698110f9c3b7a861db86b994ddab8308a7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 08:35:09 -0700 Subject: Add feature examples specing maintainers creating subgroups Both with subgroup_creation_level set to owners and to maintainers. Also fixed the naming of some other examples in the same spec as they were contradicting what they were actually performing in the test. These examples were probably copy/pasted, and not renamed. --- spec/features/groups/show_spec.rb | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 2654d06cd8c..68fa3f4e817 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -86,7 +86,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end @@ -103,8 +103,22 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroup_creation_level is set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it 'allows creating subgroups' do + visit path + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroup_creation_level is set to owners' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + it 'does not allow creating subgroups' do + visit path + expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + end end end @@ -114,7 +128,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end -- cgit v1.2.1 From e1d0a30b57ea8c225e719670a6a89f48e413ce9d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 09:22:10 -0700 Subject: Update schema --- db/schema.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/db/schema.rb b/db/schema.rb index 4ed7c0cb248..29367551efb 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20190611161641) do +ActiveRecord::Schema.define(version: 20190626175626) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -1442,6 +1442,7 @@ ActiveRecord::Schema.define(version: 20190611161641) do t.integer "project_creation_level" t.boolean "auto_devops_enabled" t.datetime_with_timezone "last_ci_minutes_notification_at" + t.integer "subgroup_creation_level", default: 0, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["name", "parent_id"], name: "index_namespaces_on_name_and_parent_id", unique: true, using: :btree t.index ["name"], name: "index_namespaces_on_name_trigram", using: :gin, opclasses: {"name"=>"gin_trgm_ops"} -- cgit v1.2.1 From 65d4843421c7bdc1b571f2b72f8db1a64cf0834f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- ...75626_add_group_creation_level_to_namespaces.rb | 7 +++++-- spec/controllers/admin/groups_controller_spec.rb | 9 ++++++-- spec/features/groups/group_settings_spec.rb | 2 +- spec/features/groups/show_spec.rb | 24 +++++++++++++++------- spec/models/group_spec.rb | 3 ++- spec/policies/group_policy_spec.rb | 21 ++++++++++++++----- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 8 files changed, 52 insertions(+), 22 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index b0ea74d4765..eed0ba25f27 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -5,10 +5,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] DOWNTIME = false disable_ddl_transaction! - + def up unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + add_column_with_default(:namespaces, + :subgroup_creation_level, + :integer, + default: 0) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index df11321537f..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,9 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do - post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + post :update, + params: { id: group.to_param, + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 95534d5a2ba..676769c25fe 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -92,7 +92,7 @@ describe 'Edit group settings' do expect(page).to have_content('Allowed to create subgroups') end end - + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 68fa3f4e817..163906010fa 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -76,7 +76,8 @@ describe 'Group show page' do end it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -87,7 +88,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end @@ -104,8 +106,11 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + it 'allows creating subgroups' do visit path expect(page).to have_css("li[data-text='New subgroup']", visible: false) @@ -113,11 +118,15 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to owners' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end it 'does not allow creating subgroups' do visit path - expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_css("li[data-text='New subgroup']", visible: false) end end end @@ -129,7 +138,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 426e2526a01..2b85b281d33 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -1028,7 +1028,8 @@ describe Group do it 'outputs the default one if it is nil' do group = create(:group, subgroup_creation_level: nil) - expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index aed9a8e34ff..da186f63eca 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -145,7 +145,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -157,7 +158,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -169,7 +171,8 @@ describe GroupPolicy do it 'allows every maintainer permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + updated_maintainer_permissions = + maintainer_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_maintainer_permissions) @@ -475,7 +478,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } @@ -503,7 +510,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 3a1d9ce3a1ed86eb169c48896d290b9bf9a91af9 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 14:06:50 -0700 Subject: Remove an example that is no longer necessary --- spec/models/group_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 2b85b281d33..d7accbef6bd 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -1023,13 +1023,4 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end - - describe 'subgroup_creation_level' do - it 'outputs the default one if it is nil' do - group = create(:group, subgroup_creation_level: nil) - - expect(group.subgroup_creation_level) - .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) - end - end end -- cgit v1.2.1 From d9c6efceda827de6fa0b23bd9b4940b7914d646b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- spec/models/group_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index f32312c6f43..f8be5f33be8 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -418,10 +420,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -451,4 +449,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index d7accbef6bd..3a5ae14ab46 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -1023,4 +1023,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'defaults to maintainers' do + group = create (:group) + + expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end -- cgit v1.2.1 From f21c03c8e27932d957086a1ec2465d468fb387da Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- ...75626_add_group_creation_level_to_namespaces.rb | 1 + db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 7 ++-- spec/factories/groups.rb | 5 ++- spec/features/groups/show_spec.rb | 17 ++++++--- spec/models/group_spec.rb | 5 +-- spec/policies/group_policy_spec.rb | 43 ++++++++++++++++++---- spec/requests/api/groups_spec.rb | 4 +- .../policies/group_policy_shared_context.rb | 2 +- 9 files changed, 61 insertions(+), 25 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index eed0ba25f27..85ac89af46e 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] :subgroup_creation_level, :integer, default: 0) + change_column_default(:namespaces, :subgroup_creation_level, 1) end end diff --git a/db/schema.rb b/db/schema.rb index 29367551efb..683ee685372 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -1442,7 +1442,7 @@ ActiveRecord::Schema.define(version: 20190626175626) do t.integer "project_creation_level" t.boolean "auto_devops_enabled" t.datetime_with_timezone "last_ci_minutes_notification_at" - t.integer "subgroup_creation_level", default: 0, null: false + t.integer "subgroup_creation_level", default: 1, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["name", "parent_id"], name: "index_namespaces_on_name_and_parent_id", unique: true, using: :btree t.index ["name"], name: "index_namespaces_on_name_trigram", using: :gin, opclasses: {"name"=>"gin_trgm_ops"} diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 2f50fbfe2fa..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner @@ -46,5 +45,9 @@ FactoryBot.define do trait :auto_devops_disabled do auto_devops_enabled false end + + trait :owner_subgroup_creation_only do + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS + end end end diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 163906010fa..48ba9064327 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -72,10 +72,11 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -84,10 +85,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -102,10 +104,9 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end - context 'when subgroup_creation_level is set to maintainer' do + context 'when subgroup_creation_level is set to maintainers' do let(:group) do create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) @@ -113,7 +114,9 @@ describe 'Group show page' do it 'allows creating subgroups' do visit path - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -125,6 +128,7 @@ describe 'Group show page' do it 'does not allow creating subgroups' do visit path + expect(page) .not_to have_css("li[data-text='New subgroup']", visible: false) end @@ -134,10 +138,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 3a5ae14ab46..12b3bfdf015 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -1026,9 +1026,8 @@ describe Group do describe 'subgroup_creation_level' do it 'defaults to maintainers' do - group = create (:group) - - expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index da186f63eca..7fba62d2aa8 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -98,12 +98,38 @@ describe GroupPolicy do context 'maintainer' do let(:current_user) { maintainer } - it do - expect_allowed(*guest_permissions) - expect_allowed(*reporter_permissions) - expect_allowed(*developer_permissions) - expect_allowed(*maintainer_permissions) - expect_disallowed(*owner_permissions) + context 'with subgroup_creation level set to maintainer' do + let(:group) { create(:group, + :private, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = + maintainer_permissions + create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*updated_maintainer_permissions) + expect_disallowed(*updated_owner_permissions) + end + end + + context 'with subgroup_creation_level set to owner' do + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end end end @@ -181,7 +207,10 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, :private, parent: group) } + let(:nested_group) { create(:group, + :private, + :owner_subgroup_creation_only, + parent: group) } before do nested_group.add_guest(guest) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do let(:maintainer) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } - let(:group) { create(:group, :private) } + let(:group) { create(:group, :private, :owner_subgroup_creation_only) } let(:guest_permissions) do %i[ -- cgit v1.2.1 From 8309221555347d537cef74aad83ede4afc855074 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index f8be5f33be8..dbec211935d 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -449,8 +447,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From fe438d0287ead7f07d9281261b5b079fd11147be Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 48ba9064327..ef0e885ee5f 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,27 +56,28 @@ describe 'Group show page' do end context 'subgroup support' do + let(:restricted_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:relaxed_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } let(:owner) { create(:user) } let(:maintainer) { create(:user) } - before do - group.add_owner(owner) - group.add_maintainer(maintainer) - end - context 'for owners' do + let(:path) { group_path(restricted_group) } + before do + restricted_group.add_owner(owner) sign_in(owner) end context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -85,11 +86,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -107,30 +107,30 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainers' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + before do + relaxed_group.add_maintainer(maintainer) + path = group_path(relaxed_group) + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end end context 'when subgroup_creation_level is set to owners' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + before do + restricted_group.add_maintainer(maintainer) end it 'does not allow creating subgroups' do + path = group_path(restricted_group) visit path expect(page) - .not_to have_css("li[data-text='New subgroup']", visible: false) + .not_to have_selector("li[data-text='New subgroup']", + visible: false) end end end -- cgit v1.2.1 From a5175d618c11a62c97f16e484fd26cb5bae8153d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From ca6640d2b28e1ec1049576fe2ae4a954cc598988 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:56:02 -0700 Subject: Add descriptions to examples --- spec/policies/group_policy_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 7fba62d2aa8..020b51f776e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -103,7 +103,7 @@ describe GroupPolicy do :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - it do + it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) create_subgroup_permission = [:create_subgroup] @@ -121,7 +121,7 @@ describe GroupPolicy do end context 'with subgroup_creation_level set to owner' do - it do + it 'allows every maintainer permission' do allow(Group).to receive(:supports_nested_objects?).and_return(true) expect_allowed(*guest_permissions) -- cgit v1.2.1 From f72757f808fc818da6faa5ae38e2cbab56558e2d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:13:24 -0700 Subject: Add changelog --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/maintainers-can-create-subgroup.yml diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml new file mode 100644 index 00000000000..b537862c8af --- /dev/null +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -0,0 +1,5 @@ +--- +title: Maintainers can crete subgroups +merge_request: 29718 +author: Fabio Papa +type: changed -- cgit v1.2.1 From c32b477ed876950593c82f06a6ed9d8cea69c170 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:16:55 -0700 Subject: Add failing feature spec detailing a maintainer creating a subgroup - Change the two existing feature examples that create a subgroup to elucidate that the owner is creating the subgroup - Nest two more specs inside the 'subgroup support' context detailing what happens when a maintainer attempts to add a subgroup (one with subgroup support, and one without) --- spec/features/groups/show_spec.rb | 61 ++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9671a4d8c49..2654d06cd8c 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,32 +56,67 @@ describe 'Group show page' do end context 'subgroup support' do - let(:user) { create(:user) } + let(:owner) { create(:user) } + let(:maintainer) { create(:user) } before do - group.add_owner(user) - sign_in(user) + group.add_owner(owner) + group.add_maintainer(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'for owners' do before do - allow(Group).to receive(:supports_nested_objects?) { true } - visit path + sign_in(owner) end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end - context 'when subgroups are not supported' do + context 'for maintainers' do before do - allow(Group).to receive(:supports_nested_objects?) { false } - visit path + sign_in(maintainer) + end + + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end end - it 'allows creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end end -- cgit v1.2.1 From 97404196e0d89a2a72d96c127c0d6b9e8e450822 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..b4b09d3295f 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From eb27c2b164418da3ed75052657b364b740505b51 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 12:23:56 -0700 Subject: Update the group policy to allow >= maintainer to create subgroups All specs passing --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..d92bcded19d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From e5f7ef0e77c5ab11f753347711088c8117b5b5dd Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/requests/api/groups_spec.rb | 4 ++-- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4b09d3295f..a40d3087f6e 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 0239fb86ae4ca77ce93555ca60a09ba6abd61b7d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/controllers/admin/groups_controller_spec.rb | 6 ++ spec/factories/groups.rb | 1 + spec/features/groups/group_settings_spec.rb | 8 +++ spec/models/group_spec.rb | 8 +++ spec/policies/group_policy_spec.rb | 70 ++++++++++++++++++++++ .../policies/group_policy_shared_context.rb | 16 ++--- 6 files changed, 99 insertions(+), 10 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 509d8944e3a..df11321537f 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -68,5 +68,11 @@ describe Admin::GroupsController do post :update, params: { id: group.to_param, group: { project_creation_level: ::Gitlab::Access::NO_ONE_PROJECT_ACCESS } } end.to change { group.reload.project_creation_level }.to(::Gitlab::Access::NO_ONE_PROJECT_ACCESS) end + + it 'updates the subgroup_creation_level successfully' do + expect do + post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 18a0c2ec731..2f50fbfe2fa 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 5cef5f0521f..95534d5a2ba 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -85,6 +85,14 @@ describe 'Edit group settings' do end end + describe 'subgroup creation level menu' do + it 'shows the selection menu' do + visit edit_group_path(group) + + expect(page).to have_content('Allowed to create subgroups') + end + end + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..fd40061dd3a 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'outputs the default one if it is nil' do + group = create(:group, subgroup_creation_level: nil) + + expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 59f3a961d50..aed9a8e34ff 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -163,6 +163,18 @@ describe GroupPolicy do expect_allowed(*updated_owner_permissions) end end + + context 'maintainer' do + let(:current_user) { maintainer } + + it 'allows every maintainer permission except creating subgroups' do + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + + expect_disallowed(*create_subgroup_permission) + expect_allowed(*updated_maintainer_permissions) + end + end end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do @@ -461,6 +473,64 @@ describe GroupPolicy do end end + context "create_subgroup" do + context 'when group has subgroup creation level set to owner' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + + context 'when group has subgroup creation level set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + end + it_behaves_like 'clusterable policies' do let(:clusterable) { create(:group) } let(:cluster) do diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index a40d3087f6e..b4808ac0068 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From 58c627c2dbba1b2e1bd80d688a77872dc341caeb Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:46:48 -0700 Subject: Reset group policy to only allow >= owners to create subgroups --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index d92bcded19d..ea86858181d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { maintainer & nested_groups_supported }.enable :create_subgroup + rule { owner & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From e55c85af81e9002ac48e7f7ea8235edc559b09ed Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:49:27 -0700 Subject: Add a subgroup_creation_level column to the namespaces table --- ...6175626_add_group_creation_level_to_namespaces.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb new file mode 100644 index 00000000000..b0ea74d4765 --- /dev/null +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + disable_ddl_transaction! + + def up + unless column_exists?(:namespaces, :subgroup_creation_level) + add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + end + end + + def down + if column_exists?(:namespaces, :subgroup_creation_level) + remove_column(:namespaces, :subgroup_creation_level) + end + end +end -- cgit v1.2.1 From 1dbcc55b10ebba2a71afa0071128139b2118e576 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:39:04 -0700 Subject: Add constants representing Owner and Maintainer group access levels --- lib/gitlab/access.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 6eb08f674c2..77076ead47a 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -29,6 +29,10 @@ module Gitlab MAINTAINER_PROJECT_ACCESS = 1 DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2 + # Default subgroup creation level + OWNER_SUBGROUP_ACCESS = 0 + MAINTAINER_SUBGROUP_ACCESS = 1 + class << self delegate :values, to: :options -- cgit v1.2.1 From 3991a992f49ddd6abd1f0ca317bfd21b190b9422 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:45:58 -0700 Subject: Add subgroup_creation_level to the list of allowed group params For both groups_controller and admin/groups_controller --- app/controllers/admin/groups_controller.rb | 3 ++- app/controllers/groups_controller.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 15f7ef881c8..6317fa7c8d1 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -90,7 +90,8 @@ class Admin::GroupsController < Admin::ApplicationController :visibility_level, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 797833e3f91..aff418faae5 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -192,7 +192,8 @@ class GroupsController < Groups::ApplicationController :chat_team_name, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end -- cgit v1.2.1 From 26c6e75d9ef48217eef4ce9ce3b09642e5a73a28 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:11:09 -0700 Subject: Add "allowed to create subgroups" dropdown to group settings form --- app/views/groups/settings/_permissions.html.haml | 1 + app/views/groups/settings/_subgroup_creation_level.html.haml | 3 +++ lib/gitlab/access.rb | 7 +++++++ 3 files changed, 11 insertions(+) create mode 100644 app/views/groups/settings/_subgroup_creation_level.html.haml diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 0da1f1ba7f5..d3375e00bad 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -20,6 +20,7 @@ = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group = render 'groups/settings/lfs', f: f = render 'groups/settings/project_creation_level', f: f, group: @group + = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/two_factor_auth', f: f = render_if_exists 'groups/member_lock_setting', f: f, group: @group diff --git a/app/views/groups/settings/_subgroup_creation_level.html.haml b/app/views/groups/settings/_subgroup_creation_level.html.haml new file mode 100644 index 00000000000..f36ad192bad --- /dev/null +++ b/app/views/groups/settings/_subgroup_creation_level.html.haml @@ -0,0 +1,3 @@ +.form-group + = f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold' + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control' diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 77076ead47a..7ef9f7ef630 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -110,6 +110,13 @@ module Gitlab def project_creation_level_name(name) project_creation_options.key(name) end + + def subgroup_creation_options + { + s_('SubgroupCreationlevel|Owners') => OWNER_SUBGROUP_ACCESS, + s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS + } + end end def human_access -- cgit v1.2.1 From d4b2ff2e2295d8a40b019c4c3bc1e9669c89ed82 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:17:24 -0700 Subject: Make the group model return maintainer level when it is not set --- app/models/group.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index 8e89c7ecfb1..44bc6c8288a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -414,6 +414,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement -- cgit v1.2.1 From 6d6897219af7bb3bea66c012c33e2588248cecb8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 15:53:46 -0700 Subject: Add policy to allow maintainers to create subgroups when enabled --- app/policies/group_policy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..bd1eb02ca1f 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -43,6 +43,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -110,6 +114,7 @@ class GroupPolicy < BasePolicy end rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 9a6cf8338ab8a98d49cc1c0612b04bb5f746a146 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 18:15:56 +0000 Subject: Apply suggestion to changelogs/unreleased/maintainers-can-create-subgroup.yml --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml index b537862c8af..180f0f7247f 100644 --- a/changelogs/unreleased/maintainers-can-create-subgroup.yml +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -1,5 +1,5 @@ --- -title: Maintainers can crete subgroups +title: Maintainers can create subgroups merge_request: 29718 author: Fabio Papa type: changed -- cgit v1.2.1 From 6dd6f98143f29695e7e4c767149f3a99beac7573 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 08:35:09 -0700 Subject: Add feature examples specing maintainers creating subgroups Both with subgroup_creation_level set to owners and to maintainers. Also fixed the naming of some other examples in the same spec as they were contradicting what they were actually performing in the test. These examples were probably copy/pasted, and not renamed. --- spec/features/groups/show_spec.rb | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 2654d06cd8c..68fa3f4e817 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -86,7 +86,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end @@ -103,8 +103,22 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroup_creation_level is set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it 'allows creating subgroups' do + visit path + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroup_creation_level is set to owners' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + it 'does not allow creating subgroups' do + visit path + expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + end end end @@ -114,7 +128,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end -- cgit v1.2.1 From 582495df08c4e8ba5efb0b63a96741da9a0b1869 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 09:22:10 -0700 Subject: Update schema --- db/schema.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/schema.rb b/db/schema.rb index 8876be1cb34..4b2bb95d413 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2112,6 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do t.integer "extra_shared_runners_minutes_limit" t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false + t.integer "subgroup_creation_level", default: 0, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree -- cgit v1.2.1 From 9470dc25d8639499dafbbd366eda00b359cbd417 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- ...75626_add_group_creation_level_to_namespaces.rb | 7 +++++-- spec/controllers/admin/groups_controller_spec.rb | 9 ++++++-- spec/features/groups/group_settings_spec.rb | 2 +- spec/features/groups/show_spec.rb | 24 +++++++++++++++------- spec/models/group_spec.rb | 3 ++- spec/policies/group_policy_spec.rb | 21 ++++++++++++++----- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 8 files changed, 52 insertions(+), 22 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index b0ea74d4765..eed0ba25f27 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -5,10 +5,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] DOWNTIME = false disable_ddl_transaction! - + def up unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + add_column_with_default(:namespaces, + :subgroup_creation_level, + :integer, + default: 0) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index df11321537f..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,9 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do - post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + post :update, + params: { id: group.to_param, + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 95534d5a2ba..676769c25fe 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -92,7 +92,7 @@ describe 'Edit group settings' do expect(page).to have_content('Allowed to create subgroups') end end - + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 68fa3f4e817..163906010fa 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -76,7 +76,8 @@ describe 'Group show page' do end it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -87,7 +88,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end @@ -104,8 +106,11 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + it 'allows creating subgroups' do visit path expect(page).to have_css("li[data-text='New subgroup']", visible: false) @@ -113,11 +118,15 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to owners' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end it 'does not allow creating subgroups' do visit path - expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_css("li[data-text='New subgroup']", visible: false) end end end @@ -129,7 +138,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index fd40061dd3a..6627177ad61 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -999,7 +999,8 @@ describe Group do it 'outputs the default one if it is nil' do group = create(:group, subgroup_creation_level: nil) - expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index aed9a8e34ff..da186f63eca 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -145,7 +145,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -157,7 +158,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -169,7 +171,8 @@ describe GroupPolicy do it 'allows every maintainer permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + updated_maintainer_permissions = + maintainer_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_maintainer_permissions) @@ -475,7 +478,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } @@ -503,7 +510,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 23c549d4a38efc15a54ff7cc57e38a9aefb632f8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 14:06:50 -0700 Subject: Remove an example that is no longer necessary --- spec/models/group_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 6627177ad61..470ce65707d 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,13 +994,4 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end - - describe 'subgroup_creation_level' do - it 'outputs the default one if it is nil' do - group = create(:group, subgroup_creation_level: nil) - - expect(group.subgroup_creation_level) - .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) - end - end end -- cgit v1.2.1 From a781822664a4f9c8edffaa1d75fec856b13bbb1a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- spec/models/group_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 44bc6c8288a..47e7bf34ec8 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -414,10 +416,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -447,4 +445,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..9ae18d7bab7 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'defaults to maintainers' do + group = create (:group) + + expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end -- cgit v1.2.1 From e93df68a442486dc08887773c4e96b055f013c57 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- ...75626_add_group_creation_level_to_namespaces.rb | 1 + db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 7 ++-- spec/factories/groups.rb | 5 ++- spec/features/groups/show_spec.rb | 17 ++++++--- spec/models/group_spec.rb | 5 +-- spec/policies/group_policy_spec.rb | 43 ++++++++++++++++++---- spec/requests/api/groups_spec.rb | 4 +- .../policies/group_policy_shared_context.rb | 2 +- 9 files changed, 61 insertions(+), 25 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index eed0ba25f27..85ac89af46e 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] :subgroup_creation_level, :integer, default: 0) + change_column_default(:namespaces, :subgroup_creation_level, 1) end end diff --git a/db/schema.rb b/db/schema.rb index 4b2bb95d413..e777cc575c0 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2112,7 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do t.integer "extra_shared_runners_minutes_limit" t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false - t.integer "subgroup_creation_level", default: 0, null: false + t.integer "subgroup_creation_level", default: 1, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 2f50fbfe2fa..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner @@ -46,5 +45,9 @@ FactoryBot.define do trait :auto_devops_disabled do auto_devops_enabled false end + + trait :owner_subgroup_creation_only do + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS + end end end diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 163906010fa..48ba9064327 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -72,10 +72,11 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -84,10 +85,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -102,10 +104,9 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end - context 'when subgroup_creation_level is set to maintainer' do + context 'when subgroup_creation_level is set to maintainers' do let(:group) do create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) @@ -113,7 +114,9 @@ describe 'Group show page' do it 'allows creating subgroups' do visit path - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -125,6 +128,7 @@ describe 'Group show page' do it 'does not allow creating subgroups' do visit path + expect(page) .not_to have_css("li[data-text='New subgroup']", visible: false) end @@ -134,10 +138,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 9ae18d7bab7..c7fb0f51075 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -997,9 +997,8 @@ describe Group do describe 'subgroup_creation_level' do it 'defaults to maintainers' do - group = create (:group) - - expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index da186f63eca..7fba62d2aa8 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -98,12 +98,38 @@ describe GroupPolicy do context 'maintainer' do let(:current_user) { maintainer } - it do - expect_allowed(*guest_permissions) - expect_allowed(*reporter_permissions) - expect_allowed(*developer_permissions) - expect_allowed(*maintainer_permissions) - expect_disallowed(*owner_permissions) + context 'with subgroup_creation level set to maintainer' do + let(:group) { create(:group, + :private, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = + maintainer_permissions + create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*updated_maintainer_permissions) + expect_disallowed(*updated_owner_permissions) + end + end + + context 'with subgroup_creation_level set to owner' do + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end end end @@ -181,7 +207,10 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, :private, parent: group) } + let(:nested_group) { create(:group, + :private, + :owner_subgroup_creation_only, + parent: group) } before do nested_group.add_guest(guest) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do let(:maintainer) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } - let(:group) { create(:group, :private) } + let(:group) { create(:group, :private, :owner_subgroup_creation_only) } let(:guest_permissions) do %i[ -- cgit v1.2.1 From 832a598cf05b70cdff2eb081cd02e410849c39e2 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 47e7bf34ec8..8e89c7ecfb1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -445,8 +443,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From 128b5e33dbd4729f25bd3146c967861e814be9e6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 48ba9064327..ef0e885ee5f 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,27 +56,28 @@ describe 'Group show page' do end context 'subgroup support' do + let(:restricted_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:relaxed_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } let(:owner) { create(:user) } let(:maintainer) { create(:user) } - before do - group.add_owner(owner) - group.add_maintainer(maintainer) - end - context 'for owners' do + let(:path) { group_path(restricted_group) } + before do + restricted_group.add_owner(owner) sign_in(owner) end context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -85,11 +86,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -107,30 +107,30 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainers' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + before do + relaxed_group.add_maintainer(maintainer) + path = group_path(relaxed_group) + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end end context 'when subgroup_creation_level is set to owners' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + before do + restricted_group.add_maintainer(maintainer) end it 'does not allow creating subgroups' do + path = group_path(restricted_group) visit path expect(page) - .not_to have_css("li[data-text='New subgroup']", visible: false) + .not_to have_selector("li[data-text='New subgroup']", + visible: false) end end end -- cgit v1.2.1 From 849e87e8d2c955d91f55c38911b20574c839035a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 71822fc5de60f073e6f43507b0419c6d52540c8d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:56:02 -0700 Subject: Add descriptions to examples --- spec/policies/group_policy_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 7fba62d2aa8..020b51f776e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -103,7 +103,7 @@ describe GroupPolicy do :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - it do + it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) create_subgroup_permission = [:create_subgroup] @@ -121,7 +121,7 @@ describe GroupPolicy do end context 'with subgroup_creation_level set to owner' do - it do + it 'allows every maintainer permission' do allow(Group).to receive(:supports_nested_objects?).and_return(true) expect_allowed(*guest_permissions) -- cgit v1.2.1 From b0196e855a6c82ffa96b384e1063df77f2b42249 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ app/views/groups/_group_admin_settings.html.haml | 6 ++++++ ...190626175626_add_group_creation_level_to_namespaces.rb | 15 +++++---------- db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 6 ++---- spec/features/admin/admin_groups_spec.rb | 9 +++++++++ spec/features/groups/show_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 9 --------- 8 files changed, 29 insertions(+), 26 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8e89c7ecfb1..44bc6c8288a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -414,6 +414,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml index b8f632d11d3..733cb36cc3d 100644 --- a/app/views/groups/_group_admin_settings.html.haml +++ b/app/views/groups/_group_admin_settings.html.haml @@ -16,6 +16,12 @@ .col-sm-10 = f.select :project_creation_level, options_for_select(::Gitlab::Access.project_creation_options, @group.project_creation_level), {}, class: 'form-control' +.form-group.row + .col-sm-2.col-form-label + = f.label s_('SubgroupCreationlevel|Allowed to create subgroups') + .col-sm-10 + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, @group.subgroup_creation_level), {}, class: 'form-control' + .form-group.row .col-sm-2.col-form-label.pt-0 = f.label :require_two_factor_authentication, 'Two-factor authentication' diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 85ac89af46e..867ec3b7c91 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -7,18 +7,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] disable_ddl_transaction! def up - unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, - :subgroup_creation_level, - :integer, - default: 0) - change_column_default(:namespaces, :subgroup_creation_level, 1) - end + add_column(:namespaces, :subgroup_creation_level, :integer) + change_column_default(:namespaces, + :subgroup_creation_level, + ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end def down - if column_exists?(:namespaces, :subgroup_creation_level) - remove_column(:namespaces, :subgroup_creation_level) - end + remove_column(:namespaces, :subgroup_creation_level) end end diff --git a/db/schema.rb b/db/schema.rb index e777cc575c0..56f66b45595 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2112,7 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do t.integer "extra_shared_runners_minutes_limit" t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false - t.integer "subgroup_creation_level", default: 1, null: false + t.integer "subgroup_creation_level", default: 1 t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 398f587bafe..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,13 +70,11 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: OWNER } } - end.to change { group.reload.subgroup_creation_level }.to(OWNER) + group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end end end diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 735ca60f7da..35c384dd458 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -102,6 +102,15 @@ describe 'Admin Groups' do expect_selected_visibility(group.visibility_level) end + it 'shows the subgroup creation level dropdown populated with the group subgroup_creation_level value' do + group = create(:group, :private, :owner_subgroup_creation_only) + + visit admin_group_edit_path(group) + + expect(page).to have_select("group_subgroup_creation_level", + selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + end + it 'edit group path does not change group name', :js do group = create(:group, :private) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index ef0e885ee5f..5096abadb79 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -71,7 +71,7 @@ describe 'Group show page' do sign_in(owner) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } visit path @@ -101,7 +101,7 @@ describe 'Group show page' do sign_in(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From 142a39437eb76c957a984204bc79b0bf5db5be35 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:29:54 -0700 Subject: Adjust the documentation on subgroups --- doc/user/group/subgroups/index.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 1c6cca049c5..e3f7539a9b6 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -75,13 +75,16 @@ structure. ## Creating a subgroup NOTE: **Note:** -You must be an Owner of a group to create a subgroup. For -more information check the [permissions table](../../permissions.md#group-members-permissions). +In order to create a subgroup you must either be an Owner or a Maintainer of the +group, depending on the group's setting. By default groups allow both Owners and +Maintainers to create subgroups, but this can be changed by an Owner or +Administrator to only allow Owners to create subgroups. For more information +check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). -Users can always create subgroups if they are explicitly added as an Owner to -a parent group, even if group creation is disabled by an administrator in their -settings. +[reserved names](../../reserved_names.md). Users can always create subgroups if +they are explicitly added as an Owner (or Maintainer, if that setting is +enabled) to a parent group, even if group creation is disabled by an +administrator in their settings. To create a subgroup: -- cgit v1.2.1 From 650b88fc41d51f3d313e74bb94cbd211ca54003b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:39:43 -0700 Subject: Adjust the documentation on subgroup permissions --- doc/user/permissions.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 03abef9fc62..20b23b75cb9 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,13 +209,15 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | +| Create subgroup | | | | ✓* | ✓ | | Edit group | | | | | ✓ | -| Create subgroup | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | +*Groups can be set to allow either Owners or Owners and maintainers to create subgroups + ### Subgroup permissions When you add a member to a subgroup, they inherit the membership and -- cgit v1.2.1 From 0f659a0da634bf61378766d6ec247cc49595becf Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 16:27:49 -0700 Subject: Fix some code style issues --- spec/features/groups/show_spec.rb | 12 ++++++++---- spec/policies/group_policy_spec.rb | 13 ++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 5096abadb79..f1501181432 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,10 +56,14 @@ describe 'Group show page' do end context 'subgroup support' do - let(:restricted_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } - let(:relaxed_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:restricted_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end + + let(:relaxed_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + let(:owner) { create(:user) } let(:maintainer) { create(:user) } diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 020b51f776e..dc3675a7b9e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -99,9 +99,9 @@ describe GroupPolicy do let(:current_user) { maintainer } context 'with subgroup_creation level set to maintainer' do - let(:group) { create(:group, - :private, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) @@ -207,10 +207,9 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, - :private, - :owner_subgroup_creation_only, - parent: group) } + let(:nested_group) do + create(:group, :private, :owner_subgroup_creation_only, parent: group) + end before do nested_group.add_guest(guest) -- cgit v1.2.1 From a0485e75005e7930acba832089d830744d6cbb14 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- ...190626175626_add_group_creation_level_to_namespaces.rb | 1 - spec/features/admin/admin_groups_spec.rb | 3 +-- spec/features/groups/show_spec.rb | 15 +++++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 867ec3b7c91..3b75c92e518 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -4,7 +4,6 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] include Gitlab::Database::MigrationHelpers DOWNTIME = false - disable_ddl_transaction! def up add_column(:namespaces, :subgroup_creation_level, :integer) diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 35c384dd458..c1ad73779c9 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -107,8 +107,7 @@ describe 'Admin Groups' do visit admin_group_edit_path(group) - expect(page).to have_select("group_subgroup_creation_level", - selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + expect(page).to have_content('Allowed to create subgroups') end it 'edit group path does not change group name', :js do diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index f1501181432..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -57,11 +57,11 @@ describe 'Group show page' do context 'subgroup support' do let(:restricted_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end let(:relaxed_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end let(:owner) { create(:user) } @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -113,11 +115,12 @@ describe 'Group show page' do context 'when subgroup_creation_level is set to maintainers' do before do relaxed_group.add_maintainer(maintainer) - path = group_path(relaxed_group) - visit path end it 'allows creating subgroups' do + path = group_path(relaxed_group) + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From bab77650eae67d40ec4070597f83bcc1d406697a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:13:24 -0700 Subject: Add changelog --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/maintainers-can-create-subgroup.yml diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml new file mode 100644 index 00000000000..b537862c8af --- /dev/null +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -0,0 +1,5 @@ +--- +title: Maintainers can crete subgroups +merge_request: 29718 +author: Fabio Papa +type: changed -- cgit v1.2.1 From 467ed9d4e79b27557f6407ed4fd567473b83ab76 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:16:55 -0700 Subject: Add failing feature spec detailing a maintainer creating a subgroup - Change the two existing feature examples that create a subgroup to elucidate that the owner is creating the subgroup - Nest two more specs inside the 'subgroup support' context detailing what happens when a maintainer attempts to add a subgroup (one with subgroup support, and one without) --- spec/features/groups/show_spec.rb | 61 ++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9671a4d8c49..2654d06cd8c 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,32 +56,67 @@ describe 'Group show page' do end context 'subgroup support' do - let(:user) { create(:user) } + let(:owner) { create(:user) } + let(:maintainer) { create(:user) } before do - group.add_owner(user) - sign_in(user) + group.add_owner(owner) + group.add_maintainer(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'for owners' do before do - allow(Group).to receive(:supports_nested_objects?) { true } - visit path + sign_in(owner) end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end - context 'when subgroups are not supported' do + context 'for maintainers' do before do - allow(Group).to receive(:supports_nested_objects?) { false } - visit path + sign_in(maintainer) + end + + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end end - it 'allows creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end end -- cgit v1.2.1 From 6d50040c9469d2b1b6c137897b5d7403f3e3b7d5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..b4b09d3295f 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From e520893b3450d6b9da4fbe74da943fbfcc24fedd Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 12:23:56 -0700 Subject: Update the group policy to allow >= maintainer to create subgroups All specs passing --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..d92bcded19d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 90abe7189177e9d6ecc41c3a3d77a3181904ae8e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/requests/api/groups_spec.rb | 4 ++-- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4b09d3295f..a40d3087f6e 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From ae703dbc4a8cc58ee44a4f99e789636c867c7267 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/controllers/admin/groups_controller_spec.rb | 6 ++ spec/factories/groups.rb | 1 + spec/features/groups/group_settings_spec.rb | 8 +++ spec/models/group_spec.rb | 8 +++ spec/policies/group_policy_spec.rb | 70 ++++++++++++++++++++++ .../policies/group_policy_shared_context.rb | 16 ++--- 6 files changed, 99 insertions(+), 10 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 509d8944e3a..df11321537f 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -68,5 +68,11 @@ describe Admin::GroupsController do post :update, params: { id: group.to_param, group: { project_creation_level: ::Gitlab::Access::NO_ONE_PROJECT_ACCESS } } end.to change { group.reload.project_creation_level }.to(::Gitlab::Access::NO_ONE_PROJECT_ACCESS) end + + it 'updates the subgroup_creation_level successfully' do + expect do + post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 18a0c2ec731..2f50fbfe2fa 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 5cef5f0521f..95534d5a2ba 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -85,6 +85,14 @@ describe 'Edit group settings' do end end + describe 'subgroup creation level menu' do + it 'shows the selection menu' do + visit edit_group_path(group) + + expect(page).to have_content('Allowed to create subgroups') + end + end + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..fd40061dd3a 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'outputs the default one if it is nil' do + group = create(:group, subgroup_creation_level: nil) + + expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 59f3a961d50..aed9a8e34ff 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -163,6 +163,18 @@ describe GroupPolicy do expect_allowed(*updated_owner_permissions) end end + + context 'maintainer' do + let(:current_user) { maintainer } + + it 'allows every maintainer permission except creating subgroups' do + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + + expect_disallowed(*create_subgroup_permission) + expect_allowed(*updated_maintainer_permissions) + end + end end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do @@ -461,6 +473,64 @@ describe GroupPolicy do end end + context "create_subgroup" do + context 'when group has subgroup creation level set to owner' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + + context 'when group has subgroup creation level set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + end + it_behaves_like 'clusterable policies' do let(:clusterable) { create(:group) } let(:cluster) do diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index a40d3087f6e..b4808ac0068 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From b6ce065f4b0476933845ba265e0fe92fb24d1e6e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:46:48 -0700 Subject: Reset group policy to only allow >= owners to create subgroups --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index d92bcded19d..ea86858181d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { maintainer & nested_groups_supported }.enable :create_subgroup + rule { owner & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 1f4d2ab096284187d92d00f40ebea4df961b2c8e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:49:27 -0700 Subject: Add a subgroup_creation_level column to the namespaces table --- ...6175626_add_group_creation_level_to_namespaces.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb new file mode 100644 index 00000000000..b0ea74d4765 --- /dev/null +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + disable_ddl_transaction! + + def up + unless column_exists?(:namespaces, :subgroup_creation_level) + add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + end + end + + def down + if column_exists?(:namespaces, :subgroup_creation_level) + remove_column(:namespaces, :subgroup_creation_level) + end + end +end -- cgit v1.2.1 From 83a7545554fc3ccd44cd6c6d620b860d1d4aeb08 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:39:04 -0700 Subject: Add constants representing Owner and Maintainer group access levels --- lib/gitlab/access.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 6eb08f674c2..77076ead47a 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -29,6 +29,10 @@ module Gitlab MAINTAINER_PROJECT_ACCESS = 1 DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2 + # Default subgroup creation level + OWNER_SUBGROUP_ACCESS = 0 + MAINTAINER_SUBGROUP_ACCESS = 1 + class << self delegate :values, to: :options -- cgit v1.2.1 From 65e9fd31d5ca0e0e6eb2b44599f18c333a366a47 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:45:58 -0700 Subject: Add subgroup_creation_level to the list of allowed group params For both groups_controller and admin/groups_controller --- app/controllers/admin/groups_controller.rb | 3 ++- app/controllers/groups_controller.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 15f7ef881c8..6317fa7c8d1 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -90,7 +90,8 @@ class Admin::GroupsController < Admin::ApplicationController :visibility_level, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 797833e3f91..aff418faae5 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -192,7 +192,8 @@ class GroupsController < Groups::ApplicationController :chat_team_name, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end -- cgit v1.2.1 From 84c1455c5b26017ad28ad0f48433d8f41d8b95d3 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:11:09 -0700 Subject: Add "allowed to create subgroups" dropdown to group settings form --- app/views/groups/settings/_permissions.html.haml | 1 + app/views/groups/settings/_subgroup_creation_level.html.haml | 3 +++ lib/gitlab/access.rb | 7 +++++++ 3 files changed, 11 insertions(+) create mode 100644 app/views/groups/settings/_subgroup_creation_level.html.haml diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 0da1f1ba7f5..d3375e00bad 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -20,6 +20,7 @@ = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group = render 'groups/settings/lfs', f: f = render 'groups/settings/project_creation_level', f: f, group: @group + = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/two_factor_auth', f: f = render_if_exists 'groups/member_lock_setting', f: f, group: @group diff --git a/app/views/groups/settings/_subgroup_creation_level.html.haml b/app/views/groups/settings/_subgroup_creation_level.html.haml new file mode 100644 index 00000000000..f36ad192bad --- /dev/null +++ b/app/views/groups/settings/_subgroup_creation_level.html.haml @@ -0,0 +1,3 @@ +.form-group + = f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold' + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control' diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 77076ead47a..7ef9f7ef630 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -110,6 +110,13 @@ module Gitlab def project_creation_level_name(name) project_creation_options.key(name) end + + def subgroup_creation_options + { + s_('SubgroupCreationlevel|Owners') => OWNER_SUBGROUP_ACCESS, + s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS + } + end end def human_access -- cgit v1.2.1 From 6175ff7a9b6bc97929a0b81bfe70ff39eaffb58c Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:17:24 -0700 Subject: Make the group model return maintainer level when it is not set --- app/models/group.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index 8e89c7ecfb1..44bc6c8288a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -414,6 +414,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement -- cgit v1.2.1 From 806088d72e9ec7b1d1ef97db43d76b248dd19186 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 15:53:46 -0700 Subject: Add policy to allow maintainers to create subgroups when enabled --- app/policies/group_policy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..bd1eb02ca1f 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -43,6 +43,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -110,6 +114,7 @@ class GroupPolicy < BasePolicy end rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 7c7a94f2088ee2687bc21434371c6b27ae56bd1b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 18:15:56 +0000 Subject: Apply suggestion to changelogs/unreleased/maintainers-can-create-subgroup.yml --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml index b537862c8af..180f0f7247f 100644 --- a/changelogs/unreleased/maintainers-can-create-subgroup.yml +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -1,5 +1,5 @@ --- -title: Maintainers can crete subgroups +title: Maintainers can create subgroups merge_request: 29718 author: Fabio Papa type: changed -- cgit v1.2.1 From 770e3de7d613d2c87c33bbc993ca5cec1eda4635 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 08:35:09 -0700 Subject: Add feature examples specing maintainers creating subgroups Both with subgroup_creation_level set to owners and to maintainers. Also fixed the naming of some other examples in the same spec as they were contradicting what they were actually performing in the test. These examples were probably copy/pasted, and not renamed. --- spec/features/groups/show_spec.rb | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 2654d06cd8c..68fa3f4e817 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -86,7 +86,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end @@ -103,8 +103,22 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroup_creation_level is set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it 'allows creating subgroups' do + visit path + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroup_creation_level is set to owners' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + it 'does not allow creating subgroups' do + visit path + expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + end end end @@ -114,7 +128,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end -- cgit v1.2.1 From 8547d6d2b4840bca951d708b3f949f665b2760e5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 09:22:10 -0700 Subject: Update schema --- db/schema.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/schema.rb b/db/schema.rb index 7948f919c57..2c6f577c784 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2112,6 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do t.integer "extra_shared_runners_minutes_limit" t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false + t.integer "subgroup_creation_level", default: 0, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree -- cgit v1.2.1 From ba836a046df0f805686f95cc73598db9211612e2 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- ...75626_add_group_creation_level_to_namespaces.rb | 7 +++++-- spec/controllers/admin/groups_controller_spec.rb | 9 ++++++-- spec/features/groups/group_settings_spec.rb | 2 +- spec/features/groups/show_spec.rb | 24 +++++++++++++++------- spec/models/group_spec.rb | 3 ++- spec/policies/group_policy_spec.rb | 21 ++++++++++++++----- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 8 files changed, 52 insertions(+), 22 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index b0ea74d4765..eed0ba25f27 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -5,10 +5,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] DOWNTIME = false disable_ddl_transaction! - + def up unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + add_column_with_default(:namespaces, + :subgroup_creation_level, + :integer, + default: 0) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index df11321537f..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,9 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do - post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + post :update, + params: { id: group.to_param, + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 95534d5a2ba..676769c25fe 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -92,7 +92,7 @@ describe 'Edit group settings' do expect(page).to have_content('Allowed to create subgroups') end end - + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 68fa3f4e817..163906010fa 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -76,7 +76,8 @@ describe 'Group show page' do end it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -87,7 +88,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end @@ -104,8 +106,11 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + it 'allows creating subgroups' do visit path expect(page).to have_css("li[data-text='New subgroup']", visible: false) @@ -113,11 +118,15 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to owners' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end it 'does not allow creating subgroups' do visit path - expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_css("li[data-text='New subgroup']", visible: false) end end end @@ -129,7 +138,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index fd40061dd3a..6627177ad61 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -999,7 +999,8 @@ describe Group do it 'outputs the default one if it is nil' do group = create(:group, subgroup_creation_level: nil) - expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index aed9a8e34ff..da186f63eca 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -145,7 +145,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -157,7 +158,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -169,7 +171,8 @@ describe GroupPolicy do it 'allows every maintainer permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + updated_maintainer_permissions = + maintainer_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_maintainer_permissions) @@ -475,7 +478,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } @@ -503,7 +510,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 13d3123425d2575773550015240509e297c1177a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 14:06:50 -0700 Subject: Remove an example that is no longer necessary --- spec/models/group_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 6627177ad61..470ce65707d 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,13 +994,4 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end - - describe 'subgroup_creation_level' do - it 'outputs the default one if it is nil' do - group = create(:group, subgroup_creation_level: nil) - - expect(group.subgroup_creation_level) - .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) - end - end end -- cgit v1.2.1 From 4601b2d17927ca80f2e93a0211bca809dd264b98 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- spec/models/group_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 44bc6c8288a..47e7bf34ec8 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -414,10 +416,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -447,4 +445,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..9ae18d7bab7 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'defaults to maintainers' do + group = create (:group) + + expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end -- cgit v1.2.1 From 2497a1e1cf0f52347684552184a24bd246f7bcc8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- ...75626_add_group_creation_level_to_namespaces.rb | 1 + db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 7 ++-- spec/factories/groups.rb | 5 ++- spec/features/groups/show_spec.rb | 17 ++++++--- spec/models/group_spec.rb | 5 +-- spec/policies/group_policy_spec.rb | 43 ++++++++++++++++++---- spec/requests/api/groups_spec.rb | 4 +- .../policies/group_policy_shared_context.rb | 2 +- 9 files changed, 61 insertions(+), 25 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index eed0ba25f27..85ac89af46e 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] :subgroup_creation_level, :integer, default: 0) + change_column_default(:namespaces, :subgroup_creation_level, 1) end end diff --git a/db/schema.rb b/db/schema.rb index 2c6f577c784..272f0fe747b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2112,7 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do t.integer "extra_shared_runners_minutes_limit" t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false - t.integer "subgroup_creation_level", default: 0, null: false + t.integer "subgroup_creation_level", default: 1, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 2f50fbfe2fa..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner @@ -46,5 +45,9 @@ FactoryBot.define do trait :auto_devops_disabled do auto_devops_enabled false end + + trait :owner_subgroup_creation_only do + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS + end end end diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 163906010fa..48ba9064327 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -72,10 +72,11 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -84,10 +85,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -102,10 +104,9 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end - context 'when subgroup_creation_level is set to maintainer' do + context 'when subgroup_creation_level is set to maintainers' do let(:group) do create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) @@ -113,7 +114,9 @@ describe 'Group show page' do it 'allows creating subgroups' do visit path - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -125,6 +128,7 @@ describe 'Group show page' do it 'does not allow creating subgroups' do visit path + expect(page) .not_to have_css("li[data-text='New subgroup']", visible: false) end @@ -134,10 +138,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 9ae18d7bab7..c7fb0f51075 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -997,9 +997,8 @@ describe Group do describe 'subgroup_creation_level' do it 'defaults to maintainers' do - group = create (:group) - - expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index da186f63eca..7fba62d2aa8 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -98,12 +98,38 @@ describe GroupPolicy do context 'maintainer' do let(:current_user) { maintainer } - it do - expect_allowed(*guest_permissions) - expect_allowed(*reporter_permissions) - expect_allowed(*developer_permissions) - expect_allowed(*maintainer_permissions) - expect_disallowed(*owner_permissions) + context 'with subgroup_creation level set to maintainer' do + let(:group) { create(:group, + :private, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = + maintainer_permissions + create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*updated_maintainer_permissions) + expect_disallowed(*updated_owner_permissions) + end + end + + context 'with subgroup_creation_level set to owner' do + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end end end @@ -181,7 +207,10 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, :private, parent: group) } + let(:nested_group) { create(:group, + :private, + :owner_subgroup_creation_only, + parent: group) } before do nested_group.add_guest(guest) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do let(:maintainer) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } - let(:group) { create(:group, :private) } + let(:group) { create(:group, :private, :owner_subgroup_creation_only) } let(:guest_permissions) do %i[ -- cgit v1.2.1 From c440275520cbe3863c7b70b3893d2013f04f3f70 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 47e7bf34ec8..8e89c7ecfb1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -445,8 +443,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From 6913cfa9aa9c9c4bda85c2c3a5c2e4c0bcdc1e48 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 48ba9064327..ef0e885ee5f 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,27 +56,28 @@ describe 'Group show page' do end context 'subgroup support' do + let(:restricted_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:relaxed_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } let(:owner) { create(:user) } let(:maintainer) { create(:user) } - before do - group.add_owner(owner) - group.add_maintainer(maintainer) - end - context 'for owners' do + let(:path) { group_path(restricted_group) } + before do + restricted_group.add_owner(owner) sign_in(owner) end context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -85,11 +86,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -107,30 +107,30 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainers' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + before do + relaxed_group.add_maintainer(maintainer) + path = group_path(relaxed_group) + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end end context 'when subgroup_creation_level is set to owners' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + before do + restricted_group.add_maintainer(maintainer) end it 'does not allow creating subgroups' do + path = group_path(restricted_group) visit path expect(page) - .not_to have_css("li[data-text='New subgroup']", visible: false) + .not_to have_selector("li[data-text='New subgroup']", + visible: false) end end end -- cgit v1.2.1 From 6e56a915304603a3cc7716823c2d98f108707611 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 3bb1539f24ed642971b16bd9dbb75d7cbb71b08a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:56:02 -0700 Subject: Add descriptions to examples --- spec/policies/group_policy_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 7fba62d2aa8..020b51f776e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -103,7 +103,7 @@ describe GroupPolicy do :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - it do + it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) create_subgroup_permission = [:create_subgroup] @@ -121,7 +121,7 @@ describe GroupPolicy do end context 'with subgroup_creation_level set to owner' do - it do + it 'allows every maintainer permission' do allow(Group).to receive(:supports_nested_objects?).and_return(true) expect_allowed(*guest_permissions) -- cgit v1.2.1 From 0cacb35552e6c30f9cb03f17d1953063fc551aa5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ app/views/groups/_group_admin_settings.html.haml | 6 ++++++ ...190626175626_add_group_creation_level_to_namespaces.rb | 15 +++++---------- db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 6 ++---- spec/features/admin/admin_groups_spec.rb | 9 +++++++++ spec/features/groups/show_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 9 --------- 8 files changed, 29 insertions(+), 26 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8e89c7ecfb1..44bc6c8288a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -414,6 +414,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml index b8f632d11d3..733cb36cc3d 100644 --- a/app/views/groups/_group_admin_settings.html.haml +++ b/app/views/groups/_group_admin_settings.html.haml @@ -16,6 +16,12 @@ .col-sm-10 = f.select :project_creation_level, options_for_select(::Gitlab::Access.project_creation_options, @group.project_creation_level), {}, class: 'form-control' +.form-group.row + .col-sm-2.col-form-label + = f.label s_('SubgroupCreationlevel|Allowed to create subgroups') + .col-sm-10 + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, @group.subgroup_creation_level), {}, class: 'form-control' + .form-group.row .col-sm-2.col-form-label.pt-0 = f.label :require_two_factor_authentication, 'Two-factor authentication' diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 85ac89af46e..867ec3b7c91 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -7,18 +7,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] disable_ddl_transaction! def up - unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, - :subgroup_creation_level, - :integer, - default: 0) - change_column_default(:namespaces, :subgroup_creation_level, 1) - end + add_column(:namespaces, :subgroup_creation_level, :integer) + change_column_default(:namespaces, + :subgroup_creation_level, + ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end def down - if column_exists?(:namespaces, :subgroup_creation_level) - remove_column(:namespaces, :subgroup_creation_level) - end + remove_column(:namespaces, :subgroup_creation_level) end end diff --git a/db/schema.rb b/db/schema.rb index 272f0fe747b..d121ad8b372 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2112,7 +2112,7 @@ ActiveRecord::Schema.define(version: 20190628145246) do t.integer "extra_shared_runners_minutes_limit" t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false - t.integer "subgroup_creation_level", default: 1, null: false + t.integer "subgroup_creation_level", default: 1 t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 398f587bafe..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,13 +70,11 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: OWNER } } - end.to change { group.reload.subgroup_creation_level }.to(OWNER) + group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end end end diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 735ca60f7da..35c384dd458 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -102,6 +102,15 @@ describe 'Admin Groups' do expect_selected_visibility(group.visibility_level) end + it 'shows the subgroup creation level dropdown populated with the group subgroup_creation_level value' do + group = create(:group, :private, :owner_subgroup_creation_only) + + visit admin_group_edit_path(group) + + expect(page).to have_select("group_subgroup_creation_level", + selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + end + it 'edit group path does not change group name', :js do group = create(:group, :private) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index ef0e885ee5f..5096abadb79 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -71,7 +71,7 @@ describe 'Group show page' do sign_in(owner) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } visit path @@ -101,7 +101,7 @@ describe 'Group show page' do sign_in(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From 4834d9359334edd40bf44cbe6f9fc9d10ce7265e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 4ab48e3374590e5300e86565bc47691c30316125 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 1c68fd4ad4dc588440cf58e21be5c2c844e02648 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:29:54 -0700 Subject: Adjust the documentation on subgroups --- doc/user/group/subgroups/index.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 1c6cca049c5..e3f7539a9b6 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -75,13 +75,16 @@ structure. ## Creating a subgroup NOTE: **Note:** -You must be an Owner of a group to create a subgroup. For -more information check the [permissions table](../../permissions.md#group-members-permissions). +In order to create a subgroup you must either be an Owner or a Maintainer of the +group, depending on the group's setting. By default groups allow both Owners and +Maintainers to create subgroups, but this can be changed by an Owner or +Administrator to only allow Owners to create subgroups. For more information +check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). -Users can always create subgroups if they are explicitly added as an Owner to -a parent group, even if group creation is disabled by an administrator in their -settings. +[reserved names](../../reserved_names.md). Users can always create subgroups if +they are explicitly added as an Owner (or Maintainer, if that setting is +enabled) to a parent group, even if group creation is disabled by an +administrator in their settings. To create a subgroup: -- cgit v1.2.1 From df5f65af715f310fc90e5d0e9311be29ca3f959f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:39:43 -0700 Subject: Adjust the documentation on subgroup permissions --- doc/user/permissions.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 03abef9fc62..20b23b75cb9 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,13 +209,15 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | +| Create subgroup | | | | ✓* | ✓ | | Edit group | | | | | ✓ | -| Create subgroup | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | +*Groups can be set to allow either Owners or Owners and maintainers to create subgroups + ### Subgroup permissions When you add a member to a subgroup, they inherit the membership and -- cgit v1.2.1 From df96ef8b9754998756afc06a507d708813e1d84b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 16:27:49 -0700 Subject: Fix some code style issues --- spec/features/groups/show_spec.rb | 12 ++++++++---- spec/policies/group_policy_spec.rb | 13 ++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 5096abadb79..f1501181432 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,10 +56,14 @@ describe 'Group show page' do end context 'subgroup support' do - let(:restricted_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } - let(:relaxed_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:restricted_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end + + let(:relaxed_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + let(:owner) { create(:user) } let(:maintainer) { create(:user) } diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 020b51f776e..dc3675a7b9e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -99,9 +99,9 @@ describe GroupPolicy do let(:current_user) { maintainer } context 'with subgroup_creation level set to maintainer' do - let(:group) { create(:group, - :private, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) @@ -207,10 +207,9 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, - :private, - :owner_subgroup_creation_only, - parent: group) } + let(:nested_group) do + create(:group, :private, :owner_subgroup_creation_only, parent: group) + end before do nested_group.add_guest(guest) -- cgit v1.2.1 From 44fabdaade148caed637d0ea387830100eb15fbc Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- ...190626175626_add_group_creation_level_to_namespaces.rb | 1 - spec/features/admin/admin_groups_spec.rb | 3 +-- spec/features/groups/show_spec.rb | 15 +++++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 867ec3b7c91..3b75c92e518 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -4,7 +4,6 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] include Gitlab::Database::MigrationHelpers DOWNTIME = false - disable_ddl_transaction! def up add_column(:namespaces, :subgroup_creation_level, :integer) diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 35c384dd458..c1ad73779c9 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -107,8 +107,7 @@ describe 'Admin Groups' do visit admin_group_edit_path(group) - expect(page).to have_select("group_subgroup_creation_level", - selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + expect(page).to have_content('Allowed to create subgroups') end it 'edit group path does not change group name', :js do diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index f1501181432..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -57,11 +57,11 @@ describe 'Group show page' do context 'subgroup support' do let(:restricted_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end let(:relaxed_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end let(:owner) { create(:user) } @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -113,11 +115,12 @@ describe 'Group show page' do context 'when subgroup_creation_level is set to maintainers' do before do relaxed_group.add_maintainer(maintainer) - path = group_path(relaxed_group) - visit path end it 'allows creating subgroups' do + path = group_path(relaxed_group) + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 9c8f5b7192986918322d23efc2acec7b189fd69b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:55:20 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index e3f7539a9b6..fad7541bdc4 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -81,7 +81,9 @@ Maintainers to create subgroups, but this can be changed by an Owner or Administrator to only allow Owners to create subgroups. For more information check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). Users can always create subgroups if +[reserved names](../../reserved_names.md). + +Users can always create subgroups if they are explicitly added as an Owner (or Maintainer, if that setting is enabled) to a parent group, even if group creation is disabled by an administrator in their settings. -- cgit v1.2.1 From 78e3a413b8d3779bfd462b4864ab3d9813344366 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:55:49 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 20b23b75cb9..216e88d0113 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,7 +209,7 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | -| Create subgroup | | | | ✓* | ✓ | +| Create subgroup | | | | ✓ (1) | ✓ | | Edit group | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | -- cgit v1.2.1 From 43858b4badc786fc8254937e0cefad3798481d9f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:56:03 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 216e88d0113..190f8bc8cbc 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,7 @@ group. | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -*Groups can be set to allow either Owners or Owners and maintainers to create subgroups +- (1): Groups can be set to allow either Owners or Owners and maintainers to create subgroups ### Subgroup permissions -- cgit v1.2.1 From cea16e03d639ea8ba32cba32c07a47d05220a363 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:56:53 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index fad7541bdc4..4e88ec5ee76 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,7 +74,6 @@ structure. ## Creating a subgroup -NOTE: **Note:** In order to create a subgroup you must either be an Owner or a Maintainer of the group, depending on the group's setting. By default groups allow both Owners and Maintainers to create subgroups, but this can be changed by an Owner or -- cgit v1.2.1 From e8e3fdf7c7f6d0696538ff5819c03d0ea5e9217b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 16:43:56 +0000 Subject: Update index.md --- doc/user/group/subgroups/index.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 4e88ec5ee76..b9313ccdb1e 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,18 +74,19 @@ structure. ## Creating a subgroup -In order to create a subgroup you must either be an Owner or a Maintainer of the -group, depending on the group's setting. By default groups allow both Owners and +To create a subgroup you must either be an Owner or a Maintainer of the group, +depending on the group's setting. By default groups allow both Owners and Maintainers to create subgroups, but this can be changed by an Owner or -Administrator to only allow Owners to create subgroups. For more information -check the [permissions table](../../permissions.md#group-members-permissions). -For a list of words that are not allowed to be used as group names see the +Administrator to only allow Owners to create subgroups. + +For more information check the +[permissions table](../../permissions.md#group-members-permissions). For a list +of words that are not allowed to be used as group names see the [reserved names](../../reserved_names.md). -Users can always create subgroups if -they are explicitly added as an Owner (or Maintainer, if that setting is -enabled) to a parent group, even if group creation is disabled by an -administrator in their settings. +Users can always create subgroups if they are explicitly added as an Owner (or +Maintainer, if that setting is enabled) to a parent group, even if group +creation is disabled by an administrator in their settings. To create a subgroup: -- cgit v1.2.1 -- cgit v1.2.1 From 51fa8a5e778ff6909fd7f70fc8062bb33940a822 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 5 Jul 2019 14:52:06 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 190f8bc8cbc..10184de8784 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,7 @@ group. | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -- (1): Groups can be set to allow either Owners or Owners and maintainers to create subgroups +- (1): Groups can be set to allow either Owners or Owners and Maintainers to create subgroups ### Subgroup permissions -- cgit v1.2.1 From 11e2eb79f332f4fd5533b8e0b16ce5c7600b4833 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 5 Jul 2019 08:27:46 -0700 Subject: Fixed a failing test --- .../policies/group_policy_shared_context.rb | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..599c912ce00 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects read_cluster create_cluster update_cluster + admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From b7602279ab79cd69daf731bd160d7a00ff5fe2f0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:13:24 -0700 Subject: Add changelog --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/maintainers-can-create-subgroup.yml diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml new file mode 100644 index 00000000000..b537862c8af --- /dev/null +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -0,0 +1,5 @@ +--- +title: Maintainers can crete subgroups +merge_request: 29718 +author: Fabio Papa +type: changed -- cgit v1.2.1 From 976572489da756e410ba3b7d741d57e2e04aa9db Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:16:55 -0700 Subject: Add failing feature spec detailing a maintainer creating a subgroup - Change the two existing feature examples that create a subgroup to elucidate that the owner is creating the subgroup - Nest two more specs inside the 'subgroup support' context detailing what happens when a maintainer attempts to add a subgroup (one with subgroup support, and one without) --- spec/features/groups/show_spec.rb | 61 ++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9671a4d8c49..2654d06cd8c 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,32 +56,67 @@ describe 'Group show page' do end context 'subgroup support' do - let(:user) { create(:user) } + let(:owner) { create(:user) } + let(:maintainer) { create(:user) } before do - group.add_owner(user) - sign_in(user) + group.add_owner(owner) + group.add_maintainer(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'for owners' do before do - allow(Group).to receive(:supports_nested_objects?) { true } - visit path + sign_in(owner) end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end - context 'when subgroups are not supported' do + context 'for maintainers' do before do - allow(Group).to receive(:supports_nested_objects?) { false } - visit path + sign_in(maintainer) + end + + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end end - it 'allows creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end end -- cgit v1.2.1 From f5957cf5f5fdb633ea5c7a6cc968667370951e45 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..b4b09d3295f 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From cc80e306d571d8881d06d0d04831ddd0433fd518 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 12:23:56 -0700 Subject: Update the group policy to allow >= maintainer to create subgroups All specs passing --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..d92bcded19d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From a664c1b7a825f9aab96a8dc92ef6f667ba7a8882 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/requests/api/groups_spec.rb | 4 ++-- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4b09d3295f..a40d3087f6e 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From c53d34b918954e83ef1ab12e578840899791f24e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/controllers/admin/groups_controller_spec.rb | 6 ++ spec/factories/groups.rb | 1 + spec/features/groups/group_settings_spec.rb | 8 +++ spec/models/group_spec.rb | 8 +++ spec/policies/group_policy_spec.rb | 70 ++++++++++++++++++++++ .../policies/group_policy_shared_context.rb | 16 ++--- 6 files changed, 99 insertions(+), 10 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 509d8944e3a..df11321537f 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -68,5 +68,11 @@ describe Admin::GroupsController do post :update, params: { id: group.to_param, group: { project_creation_level: ::Gitlab::Access::NO_ONE_PROJECT_ACCESS } } end.to change { group.reload.project_creation_level }.to(::Gitlab::Access::NO_ONE_PROJECT_ACCESS) end + + it 'updates the subgroup_creation_level successfully' do + expect do + post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 18a0c2ec731..2f50fbfe2fa 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 5cef5f0521f..95534d5a2ba 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -85,6 +85,14 @@ describe 'Edit group settings' do end end + describe 'subgroup creation level menu' do + it 'shows the selection menu' do + visit edit_group_path(group) + + expect(page).to have_content('Allowed to create subgroups') + end + end + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..fd40061dd3a 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'outputs the default one if it is nil' do + group = create(:group, subgroup_creation_level: nil) + + expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 59f3a961d50..aed9a8e34ff 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -163,6 +163,18 @@ describe GroupPolicy do expect_allowed(*updated_owner_permissions) end end + + context 'maintainer' do + let(:current_user) { maintainer } + + it 'allows every maintainer permission except creating subgroups' do + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + + expect_disallowed(*create_subgroup_permission) + expect_allowed(*updated_maintainer_permissions) + end + end end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do @@ -461,6 +473,64 @@ describe GroupPolicy do end end + context "create_subgroup" do + context 'when group has subgroup creation level set to owner' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + + context 'when group has subgroup creation level set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + end + it_behaves_like 'clusterable policies' do let(:clusterable) { create(:group) } let(:cluster) do diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index a40d3087f6e..b4808ac0068 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From 73fa819b793302b3cee1d06033ac8e94fa5b784b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:46:48 -0700 Subject: Reset group policy to only allow >= owners to create subgroups --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index d92bcded19d..ea86858181d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -109,7 +109,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { maintainer & nested_groups_supported }.enable :create_subgroup + rule { owner & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 582ff9dbb6dc223163e1ba674cbc72f292520981 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:49:27 -0700 Subject: Add a subgroup_creation_level column to the namespaces table --- ...6175626_add_group_creation_level_to_namespaces.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb new file mode 100644 index 00000000000..b0ea74d4765 --- /dev/null +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + disable_ddl_transaction! + + def up + unless column_exists?(:namespaces, :subgroup_creation_level) + add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + end + end + + def down + if column_exists?(:namespaces, :subgroup_creation_level) + remove_column(:namespaces, :subgroup_creation_level) + end + end +end -- cgit v1.2.1 From 3ae905d67d96cdff2e855b97ae44a617284c91dc Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:39:04 -0700 Subject: Add constants representing Owner and Maintainer group access levels --- lib/gitlab/access.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 6eb08f674c2..77076ead47a 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -29,6 +29,10 @@ module Gitlab MAINTAINER_PROJECT_ACCESS = 1 DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2 + # Default subgroup creation level + OWNER_SUBGROUP_ACCESS = 0 + MAINTAINER_SUBGROUP_ACCESS = 1 + class << self delegate :values, to: :options -- cgit v1.2.1 From d37e8dd7cbec015d32c94ab88a51517e4c76d57f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:45:58 -0700 Subject: Add subgroup_creation_level to the list of allowed group params For both groups_controller and admin/groups_controller --- app/controllers/admin/groups_controller.rb | 3 ++- app/controllers/groups_controller.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 15f7ef881c8..6317fa7c8d1 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -90,7 +90,8 @@ class Admin::GroupsController < Admin::ApplicationController :visibility_level, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 797833e3f91..aff418faae5 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -192,7 +192,8 @@ class GroupsController < Groups::ApplicationController :chat_team_name, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end -- cgit v1.2.1 From 0a2a6aae44c6d06bb8ebc24f5f94195ab43a5e92 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:11:09 -0700 Subject: Add "allowed to create subgroups" dropdown to group settings form --- app/views/groups/settings/_permissions.html.haml | 1 + app/views/groups/settings/_subgroup_creation_level.html.haml | 3 +++ lib/gitlab/access.rb | 7 +++++++ 3 files changed, 11 insertions(+) create mode 100644 app/views/groups/settings/_subgroup_creation_level.html.haml diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 0da1f1ba7f5..d3375e00bad 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -20,6 +20,7 @@ = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group = render 'groups/settings/lfs', f: f = render 'groups/settings/project_creation_level', f: f, group: @group + = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/two_factor_auth', f: f = render_if_exists 'groups/member_lock_setting', f: f, group: @group diff --git a/app/views/groups/settings/_subgroup_creation_level.html.haml b/app/views/groups/settings/_subgroup_creation_level.html.haml new file mode 100644 index 00000000000..f36ad192bad --- /dev/null +++ b/app/views/groups/settings/_subgroup_creation_level.html.haml @@ -0,0 +1,3 @@ +.form-group + = f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold' + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control' diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 77076ead47a..7ef9f7ef630 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -110,6 +110,13 @@ module Gitlab def project_creation_level_name(name) project_creation_options.key(name) end + + def subgroup_creation_options + { + s_('SubgroupCreationlevel|Owners') => OWNER_SUBGROUP_ACCESS, + s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS + } + end end def human_access -- cgit v1.2.1 From 610b3fedafda079b33e37d39f3e0f3b71ab5ecab Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:17:24 -0700 Subject: Make the group model return maintainer level when it is not set --- app/models/group.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement -- cgit v1.2.1 From 843f06d3a8a76d144481c6d98f059ca7071d6db7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 15:53:46 -0700 Subject: Add policy to allow maintainers to create subgroups when enabled --- app/policies/group_policy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index ea86858181d..bd1eb02ca1f 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -43,6 +43,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -110,6 +114,7 @@ class GroupPolicy < BasePolicy end rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 412c86b989cac27fec9e0b2f51c601db18977268 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 18:15:56 +0000 Subject: Apply suggestion to changelogs/unreleased/maintainers-can-create-subgroup.yml --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml index b537862c8af..180f0f7247f 100644 --- a/changelogs/unreleased/maintainers-can-create-subgroup.yml +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -1,5 +1,5 @@ --- -title: Maintainers can crete subgroups +title: Maintainers can create subgroups merge_request: 29718 author: Fabio Papa type: changed -- cgit v1.2.1 From 308769d19d46837980576bc7544f3b987b62c0f0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 08:35:09 -0700 Subject: Add feature examples specing maintainers creating subgroups Both with subgroup_creation_level set to owners and to maintainers. Also fixed the naming of some other examples in the same spec as they were contradicting what they were actually performing in the test. These examples were probably copy/pasted, and not renamed. --- spec/features/groups/show_spec.rb | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 2654d06cd8c..68fa3f4e817 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -86,7 +86,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end @@ -103,8 +103,22 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroup_creation_level is set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it 'allows creating subgroups' do + visit path + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroup_creation_level is set to owners' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + it 'does not allow creating subgroups' do + visit path + expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + end end end @@ -114,7 +128,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end -- cgit v1.2.1 From 34f8469d572af9162760c2532e337dff4c865e77 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 09:22:10 -0700 Subject: Update schema --- db/schema.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/schema.rb b/db/schema.rb index 9a8b64689bd..4b1b946a100 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2117,6 +2117,7 @@ ActiveRecord::Schema.define(version: 20190703130053) do t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false t.integer "last_ci_minutes_usage_notification_level" + t.integer "subgroup_creation_level", default: 0, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree -- cgit v1.2.1 From 2a7830f5abf329c7d68bd71efab25d6134832f1d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- ...75626_add_group_creation_level_to_namespaces.rb | 7 +++++-- spec/controllers/admin/groups_controller_spec.rb | 9 ++++++-- spec/features/groups/group_settings_spec.rb | 2 +- spec/features/groups/show_spec.rb | 24 +++++++++++++++------- spec/models/group_spec.rb | 3 ++- spec/policies/group_policy_spec.rb | 21 ++++++++++++++----- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 8 files changed, 52 insertions(+), 22 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index b0ea74d4765..eed0ba25f27 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -5,10 +5,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] DOWNTIME = false disable_ddl_transaction! - + def up unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + add_column_with_default(:namespaces, + :subgroup_creation_level, + :integer, + default: 0) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index df11321537f..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,9 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do - post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + post :update, + params: { id: group.to_param, + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 95534d5a2ba..676769c25fe 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -92,7 +92,7 @@ describe 'Edit group settings' do expect(page).to have_content('Allowed to create subgroups') end end - + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 68fa3f4e817..163906010fa 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -76,7 +76,8 @@ describe 'Group show page' do end it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -87,7 +88,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end @@ -104,8 +106,11 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + it 'allows creating subgroups' do visit path expect(page).to have_css("li[data-text='New subgroup']", visible: false) @@ -113,11 +118,15 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to owners' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end it 'does not allow creating subgroups' do visit path - expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_css("li[data-text='New subgroup']", visible: false) end end end @@ -129,7 +138,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index fd40061dd3a..6627177ad61 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -999,7 +999,8 @@ describe Group do it 'outputs the default one if it is nil' do group = create(:group, subgroup_creation_level: nil) - expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index aed9a8e34ff..da186f63eca 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -145,7 +145,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -157,7 +158,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -169,7 +171,8 @@ describe GroupPolicy do it 'allows every maintainer permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + updated_maintainer_permissions = + maintainer_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_maintainer_permissions) @@ -475,7 +478,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } @@ -503,7 +510,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 884bf503ef09fbcc80da1ced0ec46ac9d918ed66 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 14:06:50 -0700 Subject: Remove an example that is no longer necessary --- spec/models/group_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 6627177ad61..470ce65707d 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,13 +994,4 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end - - describe 'subgroup_creation_level' do - it 'outputs the default one if it is nil' do - group = create(:group, subgroup_creation_level: nil) - - expect(group.subgroup_creation_level) - .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) - end - end end -- cgit v1.2.1 From a743db19830c84c3dfe6e23f22578de3c70301ca Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- spec/models/group_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..9ae18d7bab7 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'defaults to maintainers' do + group = create (:group) + + expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end -- cgit v1.2.1 From f7361e678cad995097730473973e612000f4bcf7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- ...75626_add_group_creation_level_to_namespaces.rb | 1 + spec/controllers/admin/groups_controller_spec.rb | 7 ++-- spec/factories/groups.rb | 5 ++- spec/features/groups/show_spec.rb | 17 ++++++--- spec/models/group_spec.rb | 5 +-- spec/policies/group_policy_spec.rb | 43 ++++++++++++++++++---- spec/requests/api/groups_spec.rb | 4 +- .../policies/group_policy_shared_context.rb | 2 +- 8 files changed, 60 insertions(+), 24 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index eed0ba25f27..85ac89af46e 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] :subgroup_creation_level, :integer, default: 0) + change_column_default(:namespaces, :subgroup_creation_level, 1) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 2f50fbfe2fa..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner @@ -46,5 +45,9 @@ FactoryBot.define do trait :auto_devops_disabled do auto_devops_enabled false end + + trait :owner_subgroup_creation_only do + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS + end end end diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 163906010fa..48ba9064327 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -72,10 +72,11 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -84,10 +85,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -102,10 +104,9 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end - context 'when subgroup_creation_level is set to maintainer' do + context 'when subgroup_creation_level is set to maintainers' do let(:group) do create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) @@ -113,7 +114,9 @@ describe 'Group show page' do it 'allows creating subgroups' do visit path - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -125,6 +128,7 @@ describe 'Group show page' do it 'does not allow creating subgroups' do visit path + expect(page) .not_to have_css("li[data-text='New subgroup']", visible: false) end @@ -134,10 +138,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 9ae18d7bab7..c7fb0f51075 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -997,9 +997,8 @@ describe Group do describe 'subgroup_creation_level' do it 'defaults to maintainers' do - group = create (:group) - - expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index da186f63eca..7fba62d2aa8 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -98,12 +98,38 @@ describe GroupPolicy do context 'maintainer' do let(:current_user) { maintainer } - it do - expect_allowed(*guest_permissions) - expect_allowed(*reporter_permissions) - expect_allowed(*developer_permissions) - expect_allowed(*maintainer_permissions) - expect_disallowed(*owner_permissions) + context 'with subgroup_creation level set to maintainer' do + let(:group) { create(:group, + :private, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = + maintainer_permissions + create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*updated_maintainer_permissions) + expect_disallowed(*updated_owner_permissions) + end + end + + context 'with subgroup_creation_level set to owner' do + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end end end @@ -181,7 +207,10 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, :private, parent: group) } + let(:nested_group) { create(:group, + :private, + :owner_subgroup_creation_only, + parent: group) } before do nested_group.add_guest(guest) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do let(:maintainer) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } - let(:group) { create(:group, :private) } + let(:group) { create(:group, :private, :owner_subgroup_creation_only) } let(:guest_permissions) do %i[ -- cgit v1.2.1 From c6284c4db82fdbfec177fe5366e71289d6041925 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From 85d1ef270a0b87784cf96955ef782c1a664b99c9 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 48ba9064327..ef0e885ee5f 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,27 +56,28 @@ describe 'Group show page' do end context 'subgroup support' do + let(:restricted_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:relaxed_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } let(:owner) { create(:user) } let(:maintainer) { create(:user) } - before do - group.add_owner(owner) - group.add_maintainer(maintainer) - end - context 'for owners' do + let(:path) { group_path(restricted_group) } + before do + restricted_group.add_owner(owner) sign_in(owner) end context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -85,11 +86,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -107,30 +107,30 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainers' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + before do + relaxed_group.add_maintainer(maintainer) + path = group_path(relaxed_group) + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end end context 'when subgroup_creation_level is set to owners' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + before do + restricted_group.add_maintainer(maintainer) end it 'does not allow creating subgroups' do + path = group_path(restricted_group) visit path expect(page) - .not_to have_css("li[data-text='New subgroup']", visible: false) + .not_to have_selector("li[data-text='New subgroup']", + visible: false) end end end -- cgit v1.2.1 From 44a1812ec7dc8cf3a743ddac6d7e95c393f1b83b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 7de9a6781b9f7dbacd7c909f4b7361f663bb9eaa Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:56:02 -0700 Subject: Add descriptions to examples --- spec/policies/group_policy_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 7fba62d2aa8..020b51f776e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -103,7 +103,7 @@ describe GroupPolicy do :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - it do + it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) create_subgroup_permission = [:create_subgroup] @@ -121,7 +121,7 @@ describe GroupPolicy do end context 'with subgroup_creation_level set to owner' do - it do + it 'allows every maintainer permission' do allow(Group).to receive(:supports_nested_objects?).and_return(true) expect_allowed(*guest_permissions) -- cgit v1.2.1 From cd5259d5b17bf4caccbc246215903adc7ebab0e5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ app/views/groups/_group_admin_settings.html.haml | 6 ++++++ ...190626175626_add_group_creation_level_to_namespaces.rb | 15 +++++---------- db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 6 ++---- spec/features/admin/admin_groups_spec.rb | 9 +++++++++ spec/features/groups/show_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 9 --------- 8 files changed, 29 insertions(+), 26 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml index b8f632d11d3..733cb36cc3d 100644 --- a/app/views/groups/_group_admin_settings.html.haml +++ b/app/views/groups/_group_admin_settings.html.haml @@ -16,6 +16,12 @@ .col-sm-10 = f.select :project_creation_level, options_for_select(::Gitlab::Access.project_creation_options, @group.project_creation_level), {}, class: 'form-control' +.form-group.row + .col-sm-2.col-form-label + = f.label s_('SubgroupCreationlevel|Allowed to create subgroups') + .col-sm-10 + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, @group.subgroup_creation_level), {}, class: 'form-control' + .form-group.row .col-sm-2.col-form-label.pt-0 = f.label :require_two_factor_authentication, 'Two-factor authentication' diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 85ac89af46e..867ec3b7c91 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -7,18 +7,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] disable_ddl_transaction! def up - unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, - :subgroup_creation_level, - :integer, - default: 0) - change_column_default(:namespaces, :subgroup_creation_level, 1) - end + add_column(:namespaces, :subgroup_creation_level, :integer) + change_column_default(:namespaces, + :subgroup_creation_level, + ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end def down - if column_exists?(:namespaces, :subgroup_creation_level) - remove_column(:namespaces, :subgroup_creation_level) - end + remove_column(:namespaces, :subgroup_creation_level) end end diff --git a/db/schema.rb b/db/schema.rb index 4b1b946a100..8c085d64e27 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2117,7 +2117,7 @@ ActiveRecord::Schema.define(version: 20190703130053) do t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false t.integer "last_ci_minutes_usage_notification_level" - t.integer "subgroup_creation_level", default: 0, null: false + t.integer "subgroup_creation_level", default: 1 t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 398f587bafe..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,13 +70,11 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: OWNER } } - end.to change { group.reload.subgroup_creation_level }.to(OWNER) + group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end end end diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 735ca60f7da..35c384dd458 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -102,6 +102,15 @@ describe 'Admin Groups' do expect_selected_visibility(group.visibility_level) end + it 'shows the subgroup creation level dropdown populated with the group subgroup_creation_level value' do + group = create(:group, :private, :owner_subgroup_creation_only) + + visit admin_group_edit_path(group) + + expect(page).to have_select("group_subgroup_creation_level", + selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + end + it 'edit group path does not change group name', :js do group = create(:group, :private) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index ef0e885ee5f..5096abadb79 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -71,7 +71,7 @@ describe 'Group show page' do sign_in(owner) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } visit path @@ -101,7 +101,7 @@ describe 'Group show page' do sign_in(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From de5c188e0911fb8f275f26a7551cd0bdbd84422d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From f6e7ffa7250299c1c0f9fc866eb78c5f746d58a6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From fe47ec447fe125af43245c237c38c7da9775c5c0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:29:54 -0700 Subject: Adjust the documentation on subgroups --- doc/user/group/subgroups/index.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 1c6cca049c5..e3f7539a9b6 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -75,13 +75,16 @@ structure. ## Creating a subgroup NOTE: **Note:** -You must be an Owner of a group to create a subgroup. For -more information check the [permissions table](../../permissions.md#group-members-permissions). +In order to create a subgroup you must either be an Owner or a Maintainer of the +group, depending on the group's setting. By default groups allow both Owners and +Maintainers to create subgroups, but this can be changed by an Owner or +Administrator to only allow Owners to create subgroups. For more information +check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). -Users can always create subgroups if they are explicitly added as an Owner to -a parent group, even if group creation is disabled by an administrator in their -settings. +[reserved names](../../reserved_names.md). Users can always create subgroups if +they are explicitly added as an Owner (or Maintainer, if that setting is +enabled) to a parent group, even if group creation is disabled by an +administrator in their settings. To create a subgroup: -- cgit v1.2.1 From 58e4b654e98eabcfaf267f41ce42df04adbfcc10 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:39:43 -0700 Subject: Adjust the documentation on subgroup permissions --- doc/user/permissions.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 33fff0fed74..92635ae484b 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,13 +209,15 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | +| Create subgroup | | | | ✓* | ✓ | | Edit group | | | | | ✓ | -| Create subgroup | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | +*Groups can be set to allow either Owners or Owners and maintainers to create subgroups + ### Subgroup permissions When you add a member to a subgroup, they inherit the membership and -- cgit v1.2.1 From a8165fec41f6343c296ec9bcc8f57a099f2da983 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 16:27:49 -0700 Subject: Fix some code style issues --- spec/features/groups/show_spec.rb | 12 ++++++++---- spec/policies/group_policy_spec.rb | 13 ++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 5096abadb79..f1501181432 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,10 +56,14 @@ describe 'Group show page' do end context 'subgroup support' do - let(:restricted_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } - let(:relaxed_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:restricted_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end + + let(:relaxed_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + let(:owner) { create(:user) } let(:maintainer) { create(:user) } diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 020b51f776e..dc3675a7b9e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -99,9 +99,9 @@ describe GroupPolicy do let(:current_user) { maintainer } context 'with subgroup_creation level set to maintainer' do - let(:group) { create(:group, - :private, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) @@ -207,10 +207,9 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, - :private, - :owner_subgroup_creation_only, - parent: group) } + let(:nested_group) do + create(:group, :private, :owner_subgroup_creation_only, parent: group) + end before do nested_group.add_guest(guest) -- cgit v1.2.1 From c822fdb9bfd73aa8e2189781e336b43344940023 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- ...190626175626_add_group_creation_level_to_namespaces.rb | 1 - spec/features/admin/admin_groups_spec.rb | 3 +-- spec/features/groups/show_spec.rb | 15 +++++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 867ec3b7c91..3b75c92e518 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -4,7 +4,6 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] include Gitlab::Database::MigrationHelpers DOWNTIME = false - disable_ddl_transaction! def up add_column(:namespaces, :subgroup_creation_level, :integer) diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 35c384dd458..c1ad73779c9 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -107,8 +107,7 @@ describe 'Admin Groups' do visit admin_group_edit_path(group) - expect(page).to have_select("group_subgroup_creation_level", - selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + expect(page).to have_content('Allowed to create subgroups') end it 'edit group path does not change group name', :js do diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index f1501181432..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -57,11 +57,11 @@ describe 'Group show page' do context 'subgroup support' do let(:restricted_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end let(:relaxed_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end let(:owner) { create(:user) } @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -113,11 +115,12 @@ describe 'Group show page' do context 'when subgroup_creation_level is set to maintainers' do before do relaxed_group.add_maintainer(maintainer) - path = group_path(relaxed_group) - visit path end it 'allows creating subgroups' do + path = group_path(relaxed_group) + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From b16e6b93c433b3e2e93118934b355480a50581df Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + .../policies/group_policy_shared_context.rb | 16 ++++++---------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From 6b9b0f150688e44cbaa27f97062a773963624a61 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/controllers/admin/groups_controller_spec.rb | 2 ++ spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 1123563c1e3..451367f58e1 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,6 +70,8 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do post :update, params: { id: group.to_param, diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 79d0f5d736d6dfb82fa00677994377dfd87a6f07 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end -- cgit v1.2.1 From 5c94c5592e8853df95f34ae522eebeeb51705012 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/controllers/admin/groups_controller_spec.rb | 2 +- spec/factories/groups.rb | 1 - spec/requests/api/groups_spec.rb | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 451367f58e1..34cd0b324b5 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,7 +70,7 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From 4e427390feb4bf74ae91c84f18ab2ee38e917a51 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From a58d7be102f4cd78fbac0399698548e50275f573 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index bed998a0859..9cf5e7f9bb6 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,11 +78,10 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -91,11 +90,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From f1fa1323afe37632ecd729b9c51d494381e79285 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From a79e48758d312eeacef2f3ae174010b574670eee Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ spec/controllers/admin/groups_controller_spec.rb | 2 -- spec/services/groups/create_service_spec.rb | 9 --------- 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 34cd0b324b5..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,8 +70,6 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From c90fba28408ddc72e17b511b617b00e01f3269ba Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 22444c8d045f1c9eba8c467de0fb65e2ca684a8d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 8f0d0d59938b8e1ac48e6f02161eb1b6a134b8ec Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + spec/policies/group_policy_spec.rb | 8 ++++++++ .../policies/group_policy_shared_context.rb | 16 ++++++---------- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index dc3675a7b9e..893b686da43 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -506,11 +506,15 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do +<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end +======= + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } +>>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } @@ -538,11 +542,15 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do +<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end +======= + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } +>>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From fed434e433063ce5bced7813cdae4ae3540535ca Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/controllers/admin/groups_controller_spec.rb | 7 +++++-- spec/policies/group_policy_spec.rb | 8 -------- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 4 files changed, 9 insertions(+), 14 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 1123563c1e3..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,11 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 893b686da43..dc3675a7b9e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -506,15 +506,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do -<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end -======= - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } ->>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } @@ -542,15 +538,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do -<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end -======= - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } ->>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 8b8172c1e4738fece547492dee6e3a7a61e8d50e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end -- cgit v1.2.1 From a39a4e4509f5272bc5b4001cded198ebd7d98614 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/controllers/admin/groups_controller_spec.rb | 7 +++---- spec/factories/groups.rb | 1 - spec/features/groups/show_spec.rb | 6 ++++-- spec/requests/api/groups_spec.rb | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9cf5e7f9bb6..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From 5015e23d6abcf2d3797e7dea76d3d3db9f3d6219 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From 2b96af35062dcc2492cfad7f6e6f6d6fd8f76ff6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index bed998a0859..9cf5e7f9bb6 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,11 +78,10 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -91,11 +90,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From b40d4ecdb992b9dad2f222e67e5ab54d8ed38e5d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 862b0289716bafa174dd765950f2854ac0419fc7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- spec/features/groups/show_spec.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9cf5e7f9bb6..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 1cc2f2786398461d6b68dff442c3f46c0d4eaa8d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:55:20 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index e3f7539a9b6..fad7541bdc4 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -81,7 +81,9 @@ Maintainers to create subgroups, but this can be changed by an Owner or Administrator to only allow Owners to create subgroups. For more information check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). Users can always create subgroups if +[reserved names](../../reserved_names.md). + +Users can always create subgroups if they are explicitly added as an Owner (or Maintainer, if that setting is enabled) to a parent group, even if group creation is disabled by an administrator in their settings. -- cgit v1.2.1 From d67a36f9b8ec3559bc7f531962c4d73a36155e8e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:55:49 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 92635ae484b..8ff778e7494 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,7 +209,7 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | -| Create subgroup | | | | ✓* | ✓ | +| Create subgroup | | | | ✓ (1) | ✓ | | Edit group | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | -- cgit v1.2.1 From e8497339eeedb4df0d1aea817874849c645cdc77 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:56:03 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 8ff778e7494..c992f581a82 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,7 @@ group. | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -*Groups can be set to allow either Owners or Owners and maintainers to create subgroups +- (1): Groups can be set to allow either Owners or Owners and maintainers to create subgroups ### Subgroup permissions -- cgit v1.2.1 From 8b70c1cf8ca82b3c4b34740c65734fc32e3e01ee Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:56:53 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index fad7541bdc4..4e88ec5ee76 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,7 +74,6 @@ structure. ## Creating a subgroup -NOTE: **Note:** In order to create a subgroup you must either be an Owner or a Maintainer of the group, depending on the group's setting. By default groups allow both Owners and Maintainers to create subgroups, but this can be changed by an Owner or -- cgit v1.2.1 From fa6504d6354fdabedd24589e7242ba457302aaa6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 16:43:56 +0000 Subject: Update index.md --- doc/user/group/subgroups/index.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 4e88ec5ee76..b9313ccdb1e 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,18 +74,19 @@ structure. ## Creating a subgroup -In order to create a subgroup you must either be an Owner or a Maintainer of the -group, depending on the group's setting. By default groups allow both Owners and +To create a subgroup you must either be an Owner or a Maintainer of the group, +depending on the group's setting. By default groups allow both Owners and Maintainers to create subgroups, but this can be changed by an Owner or -Administrator to only allow Owners to create subgroups. For more information -check the [permissions table](../../permissions.md#group-members-permissions). -For a list of words that are not allowed to be used as group names see the +Administrator to only allow Owners to create subgroups. + +For more information check the +[permissions table](../../permissions.md#group-members-permissions). For a list +of words that are not allowed to be used as group names see the [reserved names](../../reserved_names.md). -Users can always create subgroups if -they are explicitly added as an Owner (or Maintainer, if that setting is -enabled) to a parent group, even if group creation is disabled by an -administrator in their settings. +Users can always create subgroups if they are explicitly added as an Owner (or +Maintainer, if that setting is enabled) to a parent group, even if group +creation is disabled by an administrator in their settings. To create a subgroup: -- cgit v1.2.1 From e9f9cc8937bc86b582424929fc8e961f003caf96 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 5 Jul 2019 14:52:06 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index c992f581a82..aac548020be 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,7 @@ group. | Delete group epic **[ULTIMATE]** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -- (1): Groups can be set to allow either Owners or Owners and maintainers to create subgroups +- (1): Groups can be set to allow either Owners or Owners and Maintainers to create subgroups ### Subgroup permissions -- cgit v1.2.1 From 476da097cdd1c866bdd84de050b05a9508f13c14 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 5 Jul 2019 12:43:58 -0700 Subject: Regenerate locale strings --- locale/gitlab.pot | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 78bf48d66fc..f8de4a5ac71 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -9994,6 +9994,18 @@ msgstr "" msgid "StorageSize|Unknown" msgstr "" +msgid "SubgroupCreationLevel|Allowed to create subgroups" +msgstr "" + +msgid "SubgroupCreationlevel|Allowed to create subgroups" +msgstr "" + +msgid "SubgroupCreationlevel|Maintainers" +msgstr "" + +msgid "SubgroupCreationlevel|Owners" +msgstr "" + msgid "Subgroups" msgstr "" -- cgit v1.2.1 From 9b176c65159e4186f79eae2107af80e69132ba09 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 10 Jul 2019 12:27:12 -0700 Subject: Make Group#subgroup_creation_level return Owner if it is nil in DB --- app/models/group.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..37f30552b39 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -417,7 +417,7 @@ class Group < Namespace end def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + super || ::Gitlab::Access::OWNER_SUBGROUP_ACCESS end private -- cgit v1.2.1 From a8a7d70558d02e86eab3767dff5ba0ad59225303 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 12 Jul 2019 10:48:38 -0700 Subject: Add a link from the permissions table to the subgroups/creating a subgroup section --- doc/user/permissions.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index d496bc39f9a..e9b61b9c995 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,14 +209,15 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | -| Create subgroup | | | | ✓ (1) | ✓ | +| Create subgroup | | | | ✓ (1) | ✓ | | Edit group | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | | Delete group epic **(ULTIMATE)** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -- (1): Groups can be set to allow either Owners or Owners and Maintainers to create subgroups +- (1): Groups can be set to [allow either Owners or Owners and + Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup) ### Subgroup permissions -- cgit v1.2.1 From d5080eb5ffb0ffdb8133eee3039a4429c87a107d Mon Sep 17 00:00:00 2001 From: Toon Claes Date: Tue, 16 Jul 2019 14:07:42 +0200 Subject: Revert "Workaround for Rails 5, where LIMIT..." This reverts commit 6823e7defb45dfd86d5258b40d6f82482d1ef451. Originally implemented in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21839, but an error was reported in https://gitlab.com/gitlab-org/gitlab-ce/issues/51729 resulting in a workaround introduced in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21879. Now Rails 5.2 is used, this workaround no longer seems needed, so this reverts it. --- lib/gitlab/database/subquery.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/gitlab/database/subquery.rb b/lib/gitlab/database/subquery.rb index 10971d2b274..2a6f39c6a27 100644 --- a/lib/gitlab/database/subquery.rb +++ b/lib/gitlab/database/subquery.rb @@ -6,11 +6,7 @@ module Gitlab class << self def self_join(relation) t = relation.arel_table - # Work around a bug in Rails 5, where LIMIT causes trouble - # See https://gitlab.com/gitlab-org/gitlab-ce/issues/51729 - r = relation.limit(nil).arel - r.take(relation.limit_value) if relation.limit_value - t2 = r.as('t2') + t2 = relation.arel.as('t2') relation.unscoped.joins(t.join(t2).on(t[:id].eq(t2[:id])).join_sources.first) end -- cgit v1.2.1 From 81f1028801c81369e10c251d422592f959cf35a8 Mon Sep 17 00:00:00 2001 From: Brett Walker Date: Tue, 16 Jul 2019 09:20:53 -0500 Subject: Default manual_sorting feature flag to on --- app/controllers/groups_controller.rb | 2 +- app/controllers/projects/issues_controller.rb | 2 +- app/views/shared/issuable/_sort_dropdown.html.haml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index dbddee47997..c2517ddc10a 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -8,7 +8,7 @@ class GroupsController < Groups::ApplicationController include RecordUserLastActivity before_action do - push_frontend_feature_flag(:manual_sorting) + push_frontend_feature_flag(:manual_sorting, default_enabled: true) end respond_to :html diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 228de8bc6f3..db7ca7ef0d7 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -11,7 +11,7 @@ class Projects::IssuesController < Projects::ApplicationController include RecordUserLastActivity before_action do - push_frontend_feature_flag(:manual_sorting) + push_frontend_feature_flag(:manual_sorting, default_enabled: true) end def issue_except_actions diff --git a/app/views/shared/issuable/_sort_dropdown.html.haml b/app/views/shared/issuable/_sort_dropdown.html.haml index 403e001bfe8..df0523595f5 100644 --- a/app/views/shared/issuable/_sort_dropdown.html.haml +++ b/app/views/shared/issuable/_sort_dropdown.html.haml @@ -1,7 +1,7 @@ - sort_value = @sort - sort_title = issuable_sort_option_title(sort_value) - viewing_issues = controller.controller_name == 'issues' || controller.action_name == 'issues' -- manual_sorting = viewing_issues && controller.controller_name != 'dashboard' && Feature.enabled?(:manual_sorting) +- manual_sorting = viewing_issues && controller.controller_name != 'dashboard' && Feature.enabled?(:manual_sorting, default_enabled: true) .dropdown.inline.prepend-left-10.issue-sort-dropdown .btn-group{ role: 'group' } -- cgit v1.2.1 From 3e935e56c4b634f84b2ceea3841b620a2556ad09 Mon Sep 17 00:00:00 2001 From: Sanad Liaquat Date: Wed, 17 Jul 2019 11:52:32 +0500 Subject: CE port of EE branch qa-staging-61-fix-ee-project-templates-spec --- qa/qa/page/component/select2.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/qa/qa/page/component/select2.rb b/qa/qa/page/component/select2.rb index 85d4abcde9b..d05c44d22b2 100644 --- a/qa/qa/page/component/select2.rb +++ b/qa/qa/page/component/select2.rb @@ -8,6 +8,10 @@ module QA find('.select2-result-label', text: item_text, match: :prefer_exact).click end + def current_selection + find('.select2-chosen').text + end + def clear_current_selection_if_present if has_css?('a > abbr.select2-search-choice-close', wait: 1.0) find('a > abbr.select2-search-choice-close').click -- cgit v1.2.1 From 8e6af8c59ff1d22bc32e3d2ef44da5399bc23727 Mon Sep 17 00:00:00 2001 From: George Koltsov Date: Wed, 17 Jul 2019 11:16:37 +0100 Subject: Add better error message MembersMapper#ensure_default_member! More details in: https://gitlab.com/gitlab-org/gitlab-ce/issues/64377 --- lib/gitlab/import_export/members_mapper.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/gitlab/import_export/members_mapper.rb b/lib/gitlab/import_export/members_mapper.rb index a154de5419e..d0e30b246ef 100644 --- a/lib/gitlab/import_export/members_mapper.rb +++ b/lib/gitlab/import_export/members_mapper.rb @@ -50,6 +50,8 @@ module Gitlab @project.project_members.destroy_all # rubocop: disable DestroyAll ProjectMember.create!(user: @user, access_level: ProjectMember::MAINTAINER, source_id: @project.id, importing: true) + rescue => e + raise e, ['Error adding importer user to project members', e.message].join('. ') end def add_team_member(member, existing_user = nil) -- cgit v1.2.1 From 0bd54eb43626c008a36958e42019f0dfea794dde Mon Sep 17 00:00:00 2001 From: George Koltsov Date: Wed, 17 Jul 2019 12:16:54 +0100 Subject: Add MembersMapper#ensure_default_user! spec --- spec/lib/gitlab/import_export/members_mapper_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/lib/gitlab/import_export/members_mapper_spec.rb b/spec/lib/gitlab/import_export/members_mapper_spec.rb index b95b5dfe791..a9e8431acba 100644 --- a/spec/lib/gitlab/import_export/members_mapper_spec.rb +++ b/spec/lib/gitlab/import_export/members_mapper_spec.rb @@ -154,5 +154,15 @@ describe Gitlab::ImportExport::MembersMapper do expect(members_mapper.map[exported_user_id]).to eq(user2.id) end end + + context 'when importer mapping fails' do + let(:exception_message) { 'Something went wrong' } + + it 'includes importer specific error message' do + expect(ProjectMember).to receive(:create!).and_raise(StandardError.new(exception_message)) + + expect { members_mapper.map }.to raise_error(StandardError, "Error adding importer user to project members. #{exception_message}") + end + end end end -- cgit v1.2.1 From 8256d4075db4ee2d00897f21d34b78f092571f2c Mon Sep 17 00:00:00 2001 From: Christian Couder Date: Sun, 14 Jul 2019 20:19:13 +0200 Subject: Support rm src branch on merge w/ push option MergeRequests::PushOptionsHandlerService has been updated to allow creating and updating merge requests with the `remove_source_branch` set using git push options. To create a new merge request and set it to remove the source branch when it is merged: git push -u origin -o merge_request.create \ -o merge_request.remove_source_branch To update an existing merge request and set it to remove the source branch when it is merged: git push -u origin -o merge_request.remove_source_branch Issue https://gitlab.com/gitlab-org/gitlab-ce/issues/64320 --- .../merge_requests/push_options_handler_service.rb | 8 +++ changelogs/unreleased/rm-src-branch.yml | 5 ++ doc/user/project/merge_requests/index.md | 14 ++++ lib/gitlab/push_options.rb | 7 +- .../push_options_handler_service_spec.rb | 76 ++++++++++++++++++++++ 5 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/rm-src-branch.yml diff --git a/app/services/merge_requests/push_options_handler_service.rb b/app/services/merge_requests/push_options_handler_service.rb index a24163331e8..7ca8e1d76a3 100644 --- a/app/services/merge_requests/push_options_handler_service.rb +++ b/app/services/merge_requests/push_options_handler_service.rb @@ -133,6 +133,10 @@ module MergeRequests ) end + if push_options.key?(:remove_source_branch) + params[:force_remove_source_branch] = push_options[:remove_source_branch] + end + params end @@ -146,6 +150,10 @@ module MergeRequests ) end + if push_options.key?(:remove_source_branch) + params[:force_remove_source_branch] = push_options[:remove_source_branch] + end + if push_options.key?(:target) params[:target_branch] = push_options[:target] end diff --git a/changelogs/unreleased/rm-src-branch.yml b/changelogs/unreleased/rm-src-branch.yml new file mode 100644 index 00000000000..03b91d0c7db --- /dev/null +++ b/changelogs/unreleased/rm-src-branch.yml @@ -0,0 +1,5 @@ +--- +title: Support remove source branch on merge w/ push options +merge_request: 30728 +author: +type: added diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md index f593046fa8b..485ce9c351f 100644 --- a/doc/user/project/merge_requests/index.md +++ b/doc/user/project/merge_requests/index.md @@ -285,6 +285,7 @@ as pushing changes: - Create a new merge request for the pushed branch. - Set the target of the merge request to a particular branch. - Set the merge request to merge when its pipeline succeeds. +- Set the merge request to remove the source branch when it's merged. ### Create a new merge request using git push options @@ -328,6 +329,19 @@ pipeline succeeds at the same time using a `-o` flag per push option: git push -o merge_request.create -o merge_request.merge_when_pipeline_succeeds ``` +### Set removing the source branch using git push options + +To set an existing merge request to remove the source branch when the +merge request is merged, the +`merge_request.remove_source_branch` push option can be used: + +```sh +git push -o merge_request.remove_source_branch +``` + +You can also use this push option in addition to the +`merge_request.create` push option. + ## Find the merge request that introduced a change > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/2383) in GitLab 10.5. diff --git a/lib/gitlab/push_options.rb b/lib/gitlab/push_options.rb index 3137676ba4b..b96590af08e 100644 --- a/lib/gitlab/push_options.rb +++ b/lib/gitlab/push_options.rb @@ -4,7 +4,12 @@ module Gitlab class PushOptions VALID_OPTIONS = HashWithIndifferentAccess.new({ merge_request: { - keys: [:create, :merge_when_pipeline_succeeds, :target] + keys: [ + :create, + :merge_when_pipeline_succeeds, + :remove_source_branch, + :target + ] }, ci: { keys: [:skip] diff --git a/spec/services/merge_requests/push_options_handler_service_spec.rb b/spec/services/merge_requests/push_options_handler_service_spec.rb index 54b9c6dae38..ac40cf02c48 100644 --- a/spec/services/merge_requests/push_options_handler_service_spec.rb +++ b/spec/services/merge_requests/push_options_handler_service_spec.rb @@ -90,6 +90,16 @@ describe MergeRequests::PushOptionsHandlerService do end end + shared_examples_for 'a service that can remove the source branch when it is merged' do + subject(:last_mr) { MergeRequest.last } + + it 'returns true to force_remove_source_branch?' do + service.execute + + expect(last_mr.force_remove_source_branch?).to eq(true) + end + end + shared_examples_for 'a service that does not create a merge request' do it do expect { service.execute }.not_to change { MergeRequest.count } @@ -208,6 +218,72 @@ describe MergeRequests::PushOptionsHandlerService do end end + describe '`remove_source_branch` push option' do + let(:push_options) { { remove_source_branch: true } } + + context 'with a new branch' do + let(:changes) { new_branch_changes } + + it_behaves_like 'a service that does not create a merge request' + + it 'adds an error to the service' do + error = "A merge_request.create push option is required to create a merge request for branch #{source_branch}" + + service.execute + + expect(service.errors).to include(error) + end + + context 'when coupled with the `create` push option' do + let(:push_options) { { create: true, remove_source_branch: true } } + + it_behaves_like 'a service that can create a merge request' + it_behaves_like 'a service that can remove the source branch when it is merged' + end + end + + context 'with an existing branch but no open MR' do + let(:changes) { existing_branch_changes } + + it_behaves_like 'a service that does not create a merge request' + + it 'adds an error to the service' do + error = "A merge_request.create push option is required to create a merge request for branch #{source_branch}" + + service.execute + + expect(service.errors).to include(error) + end + + context 'when coupled with the `create` push option' do + let(:push_options) { { create: true, remove_source_branch: true } } + + it_behaves_like 'a service that can create a merge request' + it_behaves_like 'a service that can remove the source branch when it is merged' + end + end + + context 'with an existing branch that has a merge request open' do + let(:changes) { existing_branch_changes } + let!(:merge_request) { create(:merge_request, source_project: project, source_branch: source_branch)} + + it_behaves_like 'a service that does not create a merge request' + it_behaves_like 'a service that can remove the source branch when it is merged' + end + + context 'with a deleted branch' do + let(:changes) { deleted_branch_changes } + + it_behaves_like 'a service that does nothing' + end + + context 'with the project default branch' do + let(:changes) { default_branch_changes } + + it_behaves_like 'a service that does nothing' + end + end + describe '`target` push option' do let(:push_options) { { target: target_branch } } -- cgit v1.2.1 From 0d98f1bba2caf7ee5056510781c61db030551a66 Mon Sep 17 00:00:00 2001 From: Christian Couder Date: Wed, 17 Jul 2019 09:19:16 +0200 Subject: Refactor create_params and update_params Let's move shared code between create_params and update_params into a new base_params. update_params becomes very thin, but it still may be clearer that the params are being shared if we have a method called base_params, rather than have create_params merge in update_params. --- .../merge_requests/push_options_handler_service.rb | 42 ++++++++++------------ 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/app/services/merge_requests/push_options_handler_service.rb b/app/services/merge_requests/push_options_handler_service.rb index 7ca8e1d76a3..6d70b5106c7 100644 --- a/app/services/merge_requests/push_options_handler_service.rb +++ b/app/services/merge_requests/push_options_handler_service.rb @@ -117,14 +117,8 @@ module MergeRequests collect_errors_from_merge_request(merge_request) unless merge_request.valid? end - def create_params(branch) - params = { - assignees: [current_user], - source_branch: branch, - source_project: project, - target_branch: push_options[:target] || target_project.default_branch, - target_project: target_project - } + def base_params + params = {} if push_options.key?(:merge_when_pipeline_succeeds) params.merge!( @@ -137,30 +131,32 @@ module MergeRequests params[:force_remove_source_branch] = push_options[:remove_source_branch] end + if push_options.key?(:target) + params[:target_branch] = push_options[:target] + end + params end - def update_params - params = {} - - if push_options.key?(:merge_when_pipeline_succeeds) - params.merge!( - merge_when_pipeline_succeeds: push_options[:merge_when_pipeline_succeeds], - merge_user: current_user - ) - end + def create_params(branch) + params = base_params - if push_options.key?(:remove_source_branch) - params[:force_remove_source_branch] = push_options[:remove_source_branch] - end + params.merge!( + assignees: [current_user], + source_branch: branch, + source_project: project, + target_project: target_project + ) - if push_options.key?(:target) - params[:target_branch] = push_options[:target] - end + params[:target_branch] ||= target_project.default_branch params end + def update_params + base_params + end + def collect_errors_from_merge_request(merge_request) merge_request.errors.full_messages.each do |error| errors << error -- cgit v1.2.1 From 4e814c257b74ac78a50f54ec57b1e1c7f78d43b7 Mon Sep 17 00:00:00 2001 From: Gaetan Semet Date: Mon, 15 Jul 2019 14:47:47 +0200 Subject: Multiple pipeline support for Build status This allows user to specify the pipeline ID when several pipelines has been triggered on the same branch and commit. Signed-off-by: Gaetan Semet --- changelogs/unreleased/21671-multiple-pipeline-status-api.yml | 5 +++++ doc/api/commits.md | 1 + lib/api/commit_statuses.rb | 7 ++++++- 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/21671-multiple-pipeline-status-api.yml diff --git a/changelogs/unreleased/21671-multiple-pipeline-status-api.yml b/changelogs/unreleased/21671-multiple-pipeline-status-api.yml new file mode 100644 index 00000000000..f87366803e2 --- /dev/null +++ b/changelogs/unreleased/21671-multiple-pipeline-status-api.yml @@ -0,0 +1,5 @@ +--- +title: Multiple pipeline support for Commit status +merge_request: 21671 +author: Gaetan Semet +type: changed diff --git a/doc/api/commits.md b/doc/api/commits.md index 6eb4c47415f..a6264897e5e 100644 --- a/doc/api/commits.md +++ b/doc/api/commits.md @@ -581,6 +581,7 @@ POST /projects/:id/statuses/:sha | `target_url` | string | no | The target URL to associate with this status | `description` | string | no | The short description of the status | `coverage` | float | no | The total code coverage +| `pipeline_id` | integer | no | The id of the pipeline to set status. Use in case of several pipeline on same sha. ```bash curl --request POST --header "PRIVATE-TOKEN: " "https://gitlab.example.com/api/v4/projects/17/statuses/18f3e63d05582537db6d183d9d557be09e1f90c8?state=success" diff --git a/lib/api/commit_statuses.rb b/lib/api/commit_statuses.rb index 08b4f8db8b0..61cf929bcdc 100644 --- a/lib/api/commit_statuses.rb +++ b/lib/api/commit_statuses.rb @@ -52,6 +52,7 @@ module API optional :name, type: String, desc: 'A string label to differentiate this status from the status of other systems. Default: "default"' optional :context, type: String, desc: 'A string label to differentiate this status from the status of other systems. Default: "default"' optional :coverage, type: Float, desc: 'The total code coverage' + optional :pipeline_id, type: Integer, desc: 'An existing pipeline id, when multiple pipelines on the same commit sha have been triggered' end # rubocop: disable CodeReuse/ActiveRecord post ':id/statuses/:sha' do @@ -72,8 +73,12 @@ module API not_found! 'References for commit' unless ref name = params[:name] || params[:context] || 'default' + pipeline = if params[:pipeline_id] + @project.ci_pipelines.find_by(id: params[:pipeline_id]) + else + @project.pipeline_for(ref, commit.sha) + end - pipeline = @project.pipeline_for(ref, commit.sha) unless pipeline pipeline = @project.ci_pipelines.create!( source: :external, -- cgit v1.2.1 From a9707e8cf70487a52efbe43ffe72c9e995f5cdea Mon Sep 17 00:00:00 2001 From: George Thomas Date: Wed, 27 Feb 2019 13:11:14 +0530 Subject: Rewrite `if:` argument in before_action and alike when `only:` is also used Closes #55564 This is first discovered in #54739 (comment 122609857) that if both if: and only: are used in a before_action or after_action or alike, if: is completely ignored. --- app/controllers/projects/snippets_controller.rb | 3 ++- app/controllers/projects/wikis_controller.rb | 3 ++- app/controllers/projects_controller.rb | 8 +++++--- app/controllers/registrations_controller.rb | 3 +-- app/controllers/sessions_controller.rb | 7 +++---- app/controllers/snippets_controller.rb | 3 ++- changelogs/unreleased/55564-remove-if-in-before-after-action.yml | 5 +++++ 7 files changed, 20 insertions(+), 12 deletions(-) create mode 100644 changelogs/unreleased/55564-remove-if-in-before-after-action.yml diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index 255f1f3569a..59f948959d6 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -7,7 +7,8 @@ class Projects::SnippetsController < Projects::ApplicationController include SnippetsActions include RendersBlob - skip_before_action :verify_authenticity_token, only: [:show], if: :js_request? + skip_before_action :verify_authenticity_token, + if: -> { action_name == 'show' && js_request? } before_action :check_snippets_available! before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam] diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb index fa5bdbc7d49..b0998d7f3be 100644 --- a/app/controllers/projects/wikis_controller.rb +++ b/app/controllers/projects/wikis_controller.rb @@ -10,7 +10,8 @@ class Projects::WikisController < Projects::ApplicationController before_action :authorize_admin_wiki!, only: :destroy before_action :load_project_wiki before_action :load_page, only: [:show, :edit, :update, :history, :destroy] - before_action :valid_encoding?, only: [:show, :edit, :update], if: :load_page + before_action :valid_encoding?, + if: -> { %w[show edit update].include?(action_name) && load_page } before_action only: [:edit, :update], unless: :valid_encoding? do redirect_to(project_wiki_path(@project, @page)) end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index feefc7f8137..37ffd28bf9e 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -18,9 +18,11 @@ class ProjectsController < Projects::ApplicationController before_action :redirect_git_extension, only: [:show] before_action :project, except: [:index, :new, :create, :resolve] before_action :repository, except: [:index, :new, :create, :resolve] - before_action :assign_ref_vars, only: [:show], if: :repo_exists? - before_action :tree, only: [:show], if: [:repo_exists?, :project_view_files?] - before_action :lfs_blob_ids, only: [:show], if: [:repo_exists?, :project_view_files?] + before_action :assign_ref_vars, if: -> { action_name == 'show' && repo_exists? } + before_action :tree, + if: -> { action_name == 'show' && repo_exists? && project_view_files? } + before_action :lfs_blob_ids, + if: -> { action_name == 'show' && repo_exists? && project_view_files? } before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export] before_action :present_project, only: [:edit] before_action :authorize_download_code!, only: [:refs] diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index b2b151bbcf0..638934694e0 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -8,8 +8,7 @@ class RegistrationsController < Devise::RegistrationsController prepend_before_action :check_captcha, only: :create before_action :whitelist_query_limiting, only: [:destroy] before_action :ensure_terms_accepted, - if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms? }, - only: [:create] + if: -> { action_name == 'create' && Gitlab::CurrentSettings.current_application_settings.enforce_terms? } def new redirect_to(new_user_session_path) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a841859621e..7604b31467a 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -13,18 +13,17 @@ class SessionsController < Devise::SessionsController prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, - if: :two_factor_enabled?, only: [:create] + if: -> { action_name == 'create' && two_factor_enabled? } prepend_before_action :check_captcha, only: [:create] prepend_before_action :store_redirect_uri, only: [:new] prepend_before_action :ldap_servers, only: [:new, :create] prepend_before_action :require_no_authentication_without_flash, only: [:new, :create] - prepend_before_action :ensure_password_authentication_enabled!, if: :password_based_login?, only: [:create] + prepend_before_action :ensure_password_authentication_enabled!, if: -> { action_name == 'create' && password_based_login? } before_action :auto_sign_in_with_provider, only: [:new] before_action :load_recaptcha - after_action :log_failed_login, only: [:new], if: :failed_login? - + after_action :log_failed_login, if: -> { action_name == 'new' && failed_login? } helper_method :captcha_enabled? CAPTCHA_HEADER = 'X-GitLab-Show-Login-Captcha'.freeze diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index fad036b8df8..869655e9550 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -8,7 +8,8 @@ class SnippetsController < ApplicationController include RendersBlob include PreviewMarkdown - skip_before_action :verify_authenticity_token, only: [:show], if: :js_request? + skip_before_action :verify_authenticity_token, + if: -> { action_name == 'show' && js_request? } before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] diff --git a/changelogs/unreleased/55564-remove-if-in-before-after-action.yml b/changelogs/unreleased/55564-remove-if-in-before-after-action.yml new file mode 100644 index 00000000000..a787faa8a9c --- /dev/null +++ b/changelogs/unreleased/55564-remove-if-in-before-after-action.yml @@ -0,0 +1,5 @@ +--- +title: Rewrite `if:` argument in before_action and alike when `only:` is also used +merge_request: 24412 +author: George Thomas @thegeorgeous +type: other -- cgit v1.2.1 From 4d4d003451aca23a4e050bdda45b2dffa50f440a Mon Sep 17 00:00:00 2001 From: Heinrich Lee Yu Date: Thu, 11 Jul 2019 18:21:28 +0800 Subject: Upload new knapsack report instead of merging --- .gitlab/ci/test-metadata.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 2454ea85652..b5201f97366 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -39,6 +39,7 @@ update-tests-metadata: policy: push script: - retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document + - echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH}' - scripts/merge-reports ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec_*_pg_node_*.json - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $KNAPSACK_RSPEC_SUITE_REPORT_PATH' - rm -f knapsack/${CI_PROJECT_NAME}/*_node_*.json -- cgit v1.2.1 From 88bf3fe8b4c07d38b331fc1d72487ba2b351395c Mon Sep 17 00:00:00 2001 From: Thong Kuah Date: Wed, 17 Jul 2019 11:32:04 +1200 Subject: Adds cluster_for_group factory for convienence Also means we don't have to resort to an update statement to set parent for child groups who also have clusters. This is much shorter than ``` create(:cluster, :provided_by_gcp, :group, groups: [group]) ``` --- spec/factories/clusters/clusters.rb | 2 ++ spec/models/concerns/deployment_platform_spec.rb | 10 ++++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/factories/clusters/clusters.rb b/spec/factories/clusters/clusters.rb index ab332fc238b..171f5256d2b 100644 --- a/spec/factories/clusters/clusters.rb +++ b/spec/factories/clusters/clusters.rb @@ -5,6 +5,8 @@ FactoryBot.define do cluster_type :project_type managed true + factory :cluster_for_group, traits: [:provided_by_gcp, :group] + trait :instance do cluster_type { Clusters::Cluster.cluster_types[:instance_type] } end diff --git a/spec/models/concerns/deployment_platform_spec.rb b/spec/models/concerns/deployment_platform_spec.rb index 2378f400540..c4f9f62ece5 100644 --- a/spec/models/concerns/deployment_platform_spec.rb +++ b/spec/models/concerns/deployment_platform_spec.rb @@ -46,12 +46,11 @@ describe DeploymentPlatform do end context 'when child group has configured kubernetes cluster', :nested_groups do - let!(:child_group1_cluster) { create(:cluster, :provided_by_gcp, :group) } - let(:child_group1) { child_group1_cluster.group } + let(:child_group1) { create(:group, parent: group) } + let!(:child_group1_cluster) { create(:cluster_for_group, groups: [child_group1]) } before do project.update!(group: child_group1) - child_group1.update!(parent: group) end it 'returns the Kubernetes platform for the child group' do @@ -59,11 +58,10 @@ describe DeploymentPlatform do end context 'deeply nested group' do - let!(:child_group2_cluster) { create(:cluster, :provided_by_gcp, :group) } - let(:child_group2) { child_group2_cluster.group } + let(:child_group2) { create(:group, parent: child_group1) } + let!(:child_group2_cluster) { create(:cluster_for_group, groups: [child_group2]) } before do - child_group2.update!(parent: child_group1) project.update!(group: child_group2) end -- cgit v1.2.1 From b20405ebc2352fe0e460d35bee7dffc334b13501 Mon Sep 17 00:00:00 2001 From: Luke Duncalfe Date: Mon, 8 Jul 2019 16:39:53 +1200 Subject: Add documentation for Design Management feature https://gitlab.com/gitlab-org/gitlab-ce/issues/64243 --- doc/user/permissions.md | 2 + doc/user/project/issues/design_management.md | 58 +++++++++++++++++++++ .../project/issues/img/design_management_v12_2.png | Bin 0 -> 344504 bytes doc/user/project/issues/index.md | 6 +++ 4 files changed, 66 insertions(+) create mode 100644 doc/user/project/issues/design_management.md create mode 100644 doc/user/project/issues/img/design_management_v12_2.png diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 619cf34b5c3..238f95378b2 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -47,6 +47,7 @@ The following table depicts the various user permission levels in a project. | View approved/blacklisted licenses **(ULTIMATE)** | ✓ | ✓ | ✓ | ✓ | ✓ | | View license management reports **(ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | View Security reports **(ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | +| View [Design Management](project/issues/design_management.md) pages **(PREMIUM)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | View project code | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | Pull project code | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | View GitLab Pages protected by [access control](project/pages/introduction.md#gitlab-pages-access-control-core-only) | ✓ | ✓ | ✓ | ✓ | ✓ | @@ -74,6 +75,7 @@ The following table depicts the various user permission levels in a project. | View Error Tracking list | | ✓ | ✓ | ✓ | ✓ | | Pull from [Maven repository](project/packages/maven_repository.md) or [NPM registry](project/packages/npm_registry.md) **(PREMIUM)** | | ✓ | ✓ | ✓ | ✓ | | Publish to [Maven repository](project/packages/maven_repository.md) or [NPM registry](project/packages/npm_registry.md) **(PREMIUM)** | | | ✓ | ✓ | ✓ || +| Upload [Design Management](project/issues/design_management.md) files **(PREMIUM)** | | | ✓ | ✓ | ✓ | | Create new branches | | | ✓ | ✓ | ✓ | | Push to non-protected branches | | | ✓ | ✓ | ✓ | | Force push to non-protected branches | | | ✓ | ✓ | ✓ | diff --git a/doc/user/project/issues/design_management.md b/doc/user/project/issues/design_management.md new file mode 100644 index 00000000000..2327fa84998 --- /dev/null +++ b/doc/user/project/issues/design_management.md @@ -0,0 +1,58 @@ +# Design Management **(PREMIUM)** + +> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/660) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.2. + +CAUTION: **Warning:** +This an __alpha__ feature and is subject to change at any time without +prior notice. + +## Overview + +Design Management allows you to upload design assets (wireframes, mockups, etc.) +to GitLab issues and keep them stored in one single place, accessed by the Design +Management's page within an issue, giving product designers, product managers, and engineers a +way to collaborate on designs over one single source of truth. + +You can easily share mock-ups of designs with your team, or visual regressions can be easily +viewed and addressed. + + +For an overview, see the video [Design Management (GitLab 12.2)](https://www.youtube.com/watch?v=CCMtCqdK_aM). + +## Requirements + +Design Management requires +[Large File Storage (LFS)](../../../workflow/lfs/manage_large_binaries_with_git_lfs.md) +to be enabled: + +- For GitLab.com, LFS is already enabled. +- For self-managed instances, a GitLab administrator must have + [enabled LFS globally](../../../workflow/lfs/lfs_administration.md). +- For both GitLab.com and self-managed instances: LFS must be enabled for the project itself. + If enabled globally, LFS will be enabled by default to all projects. To enable LFS on the + project level, navigate to your project's **Settings > General**, expand **Visibility, project features, permissions** + and enable **Git Large File Storage**. + +## Limitations + +- Files uploaded must have a file extension of either `png`, `jpg`, `jpeg`, `gif`, `bmp`, `tiff` or `ico`. The [`svg` extension is not yet supported](https://gitlab.com/gitlab-org/gitlab-ee/issues/12771). +- [Designs cannot yet be deleted](https://gitlab.com/gitlab-org/gitlab-ee/issues/11089). +- Design Management is [not yet supported in the project export](https://gitlab.com/gitlab-org/gitlab-ee/issues/11090). + +## The Design Management page + +Navigate to the **Design Management** page from any issue by clicking the **Designs** tab: + +![Designs tab](img/design_management_v12_2.png) + +## Adding designs + +To upload design images, click the **Upload Designs** button and select images to upload. + +Designs with the same filename as an existing uploaded design will create a new version +of the design, and will replace the previous version. + +## Viewing designs + +Images on the Design Management page can be enlarged by clicking on them. + diff --git a/doc/user/project/issues/img/design_management_v12_2.png b/doc/user/project/issues/img/design_management_v12_2.png new file mode 100644 index 00000000000..6da747a3f21 Binary files /dev/null and b/doc/user/project/issues/img/design_management_v12_2.png differ diff --git a/doc/user/project/issues/index.md b/doc/user/project/issues/index.md index e917697e973..3decea9ceaa 100644 --- a/doc/user/project/issues/index.md +++ b/doc/user/project/issues/index.md @@ -119,6 +119,12 @@ associated label or assignee will change to match that of the new column. The en board can also be filtered to only include issues from a certain milestone or an overarching label. +### Design Management **(PREMIUM)** + +With [Design Management](design_management.md), you can upload design +assets to issues and view them all together to easily share and +collaborate with your team. + ### Epics **(ULTIMATE)** [Epics](../../group/epics/index.md) let you manage your portfolio of projects more -- cgit v1.2.1 From e204554057d0607c8a29a379b6cb8c75dbb60422 Mon Sep 17 00:00:00 2001 From: astrachan Date: Fri, 19 Jul 2019 12:15:23 +1000 Subject: Update root default email address to current value --- doc/security/reset_root_password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/security/reset_root_password.md b/doc/security/reset_root_password.md index 6a6c5262179..ec360e2d338 100644 --- a/doc/security/reset_root_password.md +++ b/doc/security/reset_root_password.md @@ -23,7 +23,7 @@ user = User.where(id: 1).first or ```bash -user = User.find_by(email: 'admin@local.host') +user = User.find_by(email: 'admin@example.com') ``` Now you can change your password: -- cgit v1.2.1 From ef0ea43053b8594e4a0298783224ab31b816a9b5 Mon Sep 17 00:00:00 2001 From: Kenny Johnston <2920426-kencjohnston@users.noreply.gitlab.com> Date: Fri, 19 Jul 2019 03:25:25 +0000 Subject: Remove duplicate content about auto-devops customization --- doc/topics/autodevops/index.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 7a92a672801..43ba98e5a31 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -664,10 +664,6 @@ to the desired environment. See [Limiting environment scopes of variables](../.. ### Customizing `.gitlab-ci.yml` -Everything about Auto DevOps is customizable since the [Auto DevOps template] -is just an example of a [`.gitlab-ci.yml`](../../ci/yaml/README.md) and uses -only features that are available to any `.gitlab-ci.yml`. - Auto DevOps is completely customizable because the [Auto DevOps template]: - Is just an implementation of a [`.gitlab-ci.yml`](../../ci/yaml/README.md) file. -- cgit v1.2.1 From 033c1c0c3c8e15c120612c5e1671c253f37fec73 Mon Sep 17 00:00:00 2001 From: Sanad Liaquat Date: Fri, 19 Jul 2019 19:23:43 +0500 Subject: Create user as admin --- .../browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb index afddbff75bd..1bcd80f27af 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb @@ -4,14 +4,24 @@ module QA context 'Plan' do describe 'check xss occurence in @mentions in issues' do before do - Runtime::Browser.visit(:gitlab, Page::Main::Login) - Page::Main::Login.perform(&:sign_in_using_credentials) + QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token + + unless QA::Runtime::Env.personal_access_token + Runtime::Browser.visit(:gitlab, Page::Main::Login) + Page::Main::Login.perform(&:sign_in_using_admin_credentials) + end user = Resource::User.fabricate_via_api! do |user| user.name = "eve Date: Fri, 19 Jul 2019 08:53:53 +0200 Subject: Enable Junit reports With https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30254 Junit reports were disabled. With https://gitlab.com/gitlab-com/gl-infra/production/issues/928 and https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30274 solved we should enable them again. closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64756 --- .gitlab/ci/frontend.gitlab-ci.yml | 10 ++++------ .gitlab/ci/rails.gitlab-ci.yml | 5 ++--- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index b00d2f46088..6e3ecfc586e 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -138,9 +138,8 @@ karma: - chrome_debug.log - coverage-javascript/ - tmp/tests/frontend/ -# see https://gitlab.com/gitlab-org/gitlab-ce/issues/64756 -# reports: -# junit: junit_karma.xml + reports: + junit: junit_karma.xml jest: extends: .dedicated-no-docs-and-no-qa-pull-cache-job @@ -163,9 +162,8 @@ jest: - coverage-frontend/ - junit_jest.xml - tmp/tests/frontend/ -# see https://gitlab.com/gitlab-org/gitlab-ce/issues/64756 -# reports: -# junit: junit_jest.xml + reports: + junit: junit_jest.xml cache: key: jest paths: diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index d0b1f1ab98f..1392768127b 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -80,9 +80,8 @@ - rspec_profiling/ - tmp/capybara/ - tmp/memory_test/ -# see https://gitlab.com/gitlab-org/gitlab-ce/issues/64756 -# reports: -# junit: junit_rspec.xml + reports: + junit: junit_rspec.xml .rspec-metadata-pg: &rspec-metadata-pg <<: *rspec-metadata -- cgit v1.2.1 From 78b9586d1d39536141b6e3b015977b32434ed605 Mon Sep 17 00:00:00 2001 From: Steve Azzopardi Date: Fri, 19 Jul 2019 16:56:33 +0200 Subject: Update GitLab Runner Helm Chart to 0.7.0 --- app/models/clusters/applications/runner.rb | 2 +- changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-7-0.yml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-7-0.yml diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb index 6ae8c3bd7f3..6533b7a186e 100644 --- a/app/models/clusters/applications/runner.rb +++ b/app/models/clusters/applications/runner.rb @@ -3,7 +3,7 @@ module Clusters module Applications class Runner < ApplicationRecord - VERSION = '0.6.0'.freeze + VERSION = '0.7.0'.freeze self.table_name = 'clusters_applications_runners' diff --git a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-7-0.yml b/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-7-0.yml new file mode 100644 index 00000000000..ab1e7d77520 --- /dev/null +++ b/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-7-0.yml @@ -0,0 +1,5 @@ +--- +title: Update GitLab Runner Helm Chart to 0.7.0 +merge_request: 30950 +author: +type: other -- cgit v1.2.1 From b1694896ffd4dcf8bc54d19b5d513813e63d6121 Mon Sep 17 00:00:00 2001 From: Brett Walker Date: Fri, 19 Jul 2019 11:37:35 -0500 Subject: Properly identify task lists inside a blockquote Updated the task list regex to understand blockquote characters that can come before the task item marker --- app/models/concerns/taskable.rb | 3 ++- ...kbox-inside-blockquote-status-won-t-be-saved.yml | 5 +++++ spec/services/task_list_toggle_service_spec.rb | 17 +++++++++++++++++ .../shared_examples/taskable_shared_examples.rb | 21 +++++++++++++++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/64697-markdown-issues-checkbox-inside-blockquote-status-won-t-be-saved.yml diff --git a/app/models/concerns/taskable.rb b/app/models/concerns/taskable.rb index b42adad94ba..8b536a123fc 100644 --- a/app/models/concerns/taskable.rb +++ b/app/models/concerns/taskable.rb @@ -15,7 +15,8 @@ module Taskable INCOMPLETE_PATTERN = /(\[[\s]\])/.freeze ITEM_PATTERN = %r{ ^ - \s*(?:[-+*]|(?:\d+\.)) # list prefix required - task item has to be always in a list + (?:(?:>\s{0,4})*) # optional blockquote characters + \s*(?:[-+*]|(?:\d+\.)) # list prefix required - task item has to be always in a list \s+ # whitespace prefix has to be always presented for a list item (\[\s\]|\[[xX]\]) # checkbox (\s.+) # followed by whitespace and some text. diff --git a/changelogs/unreleased/64697-markdown-issues-checkbox-inside-blockquote-status-won-t-be-saved.yml b/changelogs/unreleased/64697-markdown-issues-checkbox-inside-blockquote-status-won-t-be-saved.yml new file mode 100644 index 00000000000..00664d64050 --- /dev/null +++ b/changelogs/unreleased/64697-markdown-issues-checkbox-inside-blockquote-status-won-t-be-saved.yml @@ -0,0 +1,5 @@ +--- +title: Better support clickable tasklists inside blockquotes +merge_request: 30952 +author: +type: fixed diff --git a/spec/services/task_list_toggle_service_spec.rb b/spec/services/task_list_toggle_service_spec.rb index 9adaee6481b..a309951bbcb 100644 --- a/spec/services/task_list_toggle_service_spec.rb +++ b/spec/services/task_list_toggle_service_spec.rb @@ -114,6 +114,23 @@ describe TaskListToggleService do expect(toggler.execute).to be_falsey end + it 'properly handles tasks in a blockquote' do + markdown = + <<-EOT.strip_heredoc + > > * [ ] Task 1 + > * [x] Task 2 + EOT + + markdown_html = Banzai::Pipeline::FullPipeline.call(markdown, project: nil)[:output].to_html + toggler = described_class.new(markdown, markdown_html, + toggle_as_checked: true, + line_source: '> > * [ ] Task 1', line_number: 1) + + expect(toggler.execute).to be_truthy + expect(toggler.updated_markdown.lines[0]).to eq "> > * [x] Task 1\n" + expect(toggler.updated_markdown_html).to include('disabled checked> Task 1') + end + it 'properly handles a GitLab blockquote' do markdown = <<-EOT.strip_heredoc diff --git a/spec/support/shared_examples/taskable_shared_examples.rb b/spec/support/shared_examples/taskable_shared_examples.rb index 4056ff06b84..4a1df1ce380 100644 --- a/spec/support/shared_examples/taskable_shared_examples.rb +++ b/spec/support/shared_examples/taskable_shared_examples.rb @@ -105,4 +105,25 @@ shared_examples 'a Taskable' do expect(subject.task_status_short).to match('1 task') end end + + describe 'with tasks in blockquotes' do + before do + subject.description = <<-EOT.strip_heredoc + > - [ ] Task a + > > - [x] Task a.1 + + >>> + 1. [ ] Task 1 + 1. [x] Task 2 + >>> + EOT + end + + it 'returns the correct task status' do + expect(subject.task_status).to match('2 of') + expect(subject.task_status).to match('4 tasks completed') + expect(subject.task_status_short).to match('2/') + expect(subject.task_status_short).to match('4 tasks') + end + end end -- cgit v1.2.1 From 2116224b10749684dc1a0a4eb66ce89173d601cc Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 19 Jul 2019 18:21:19 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index e9b61b9c995..145f7a93426 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -208,7 +208,7 @@ group. | Manage group labels | | ✓ | ✓ | ✓ | ✓ | | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | -| Enable/disable a dependency proxy **[PREMIUM]** | | | ✓ | ✓ | ✓ | +| Enable/disable a dependency proxy **(PREMIUM)** | | | ✓ | ✓ | ✓ | | Create subgroup | | | | ✓ (1) | ✓ | | Edit group | | | | | ✓ | | Manage group members | | | | | ✓ | -- cgit v1.2.1 From e8ace3fab1839578aa7bf8278dd701a17452f986 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 19 Jul 2019 18:22:09 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index b9313ccdb1e..b31851aa151 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,10 +74,15 @@ structure. ## Creating a subgroup -To create a subgroup you must either be an Owner or a Maintainer of the group, -depending on the group's setting. By default groups allow both Owners and -Maintainers to create subgroups, but this can be changed by an Owner or -Administrator to only allow Owners to create subgroups. +To create a subgroup you must either be an Owner or a Maintainer of the +group, depending on the group's setting. + +By default, groups created in: + +- GitLab 12.2 or later allow both Owners and Maintainers to create subgroups. +- GitLab 12.1 or earlier only allow Owners to create subgroups. + +This setting can be for any group by an Owner or Administrator. For more information check the [permissions table](../../permissions.md#group-members-permissions). For a list -- cgit v1.2.1 From 7b958537fd4eb542770a851949bb8b9cdae193f1 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:13:24 -0700 Subject: Add changelog --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/maintainers-can-create-subgroup.yml diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml new file mode 100644 index 00000000000..b537862c8af --- /dev/null +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -0,0 +1,5 @@ +--- +title: Maintainers can crete subgroups +merge_request: 29718 +author: Fabio Papa +type: changed -- cgit v1.2.1 From 3cbca3776c791819cbcc6890b7c8319f3b40e35f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 14 Jun 2019 15:16:55 -0700 Subject: Add failing feature spec detailing a maintainer creating a subgroup - Change the two existing feature examples that create a subgroup to elucidate that the owner is creating the subgroup - Nest two more specs inside the 'subgroup support' context detailing what happens when a maintainer attempts to add a subgroup (one with subgroup support, and one without) --- spec/features/groups/show_spec.rb | 61 ++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9671a4d8c49..2654d06cd8c 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,32 +56,67 @@ describe 'Group show page' do end context 'subgroup support' do - let(:user) { create(:user) } + let(:owner) { create(:user) } + let(:maintainer) { create(:user) } before do - group.add_owner(user) - sign_in(user) + group.add_owner(owner) + group.add_maintainer(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'for owners' do before do - allow(Group).to receive(:supports_nested_objects?) { true } - visit path + sign_in(owner) end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end - context 'when subgroups are not supported' do + context 'for maintainers' do before do - allow(Group).to receive(:supports_nested_objects?) { false } - visit path + sign_in(maintainer) + end + + context 'when subgroups are supported', :js, :nested_groups do + before do + allow(Group).to receive(:supports_nested_objects?) { true } + visit path + end + + it 'allows creating subgroups' do + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end end - it 'allows creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + context 'when subgroups are not supported' do + before do + allow(Group).to receive(:supports_nested_objects?) { false } + visit path + end + + it 'allows creating subgroups' do + expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + end end end end -- cgit v1.2.1 From bbb578b0627f86dd8014f228165f9197459ff3e0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..b4b09d3295f 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 11f998d9f250bf63abdebc1e0934b39d62f349f6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 12:23:56 -0700 Subject: Update the group policy to allow >= maintainer to create subgroups All specs passing --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 9219283992f..9cb50c0f5fa 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -104,7 +104,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From e6e672f049aa887cc4765eb9dfd9f7ac320d5188 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/requests/api/groups_spec.rb | 4 ++-- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4b09d3295f..a40d3087f6e 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 7d061212b12a400acfa9c8f34e022e352e77cb64 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/controllers/admin/groups_controller_spec.rb | 6 ++ spec/factories/groups.rb | 1 + spec/features/groups/group_settings_spec.rb | 8 +++ spec/models/group_spec.rb | 8 +++ spec/policies/group_policy_spec.rb | 70 ++++++++++++++++++++++ .../policies/group_policy_shared_context.rb | 16 ++--- 6 files changed, 99 insertions(+), 10 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 509d8944e3a..df11321537f 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -68,5 +68,11 @@ describe Admin::GroupsController do post :update, params: { id: group.to_param, group: { project_creation_level: ::Gitlab::Access::NO_ONE_PROJECT_ACCESS } } end.to change { group.reload.project_creation_level }.to(::Gitlab::Access::NO_ONE_PROJECT_ACCESS) end + + it 'updates the subgroup_creation_level successfully' do + expect do + post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 18a0c2ec731..2f50fbfe2fa 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 5cef5f0521f..95534d5a2ba 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -85,6 +85,14 @@ describe 'Edit group settings' do end end + describe 'subgroup creation level menu' do + it 'shows the selection menu' do + visit edit_group_path(group) + + expect(page).to have_content('Allowed to create subgroups') + end + end + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..fd40061dd3a 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'outputs the default one if it is nil' do + group = create(:group, subgroup_creation_level: nil) + + expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 59f3a961d50..aed9a8e34ff 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -163,6 +163,18 @@ describe GroupPolicy do expect_allowed(*updated_owner_permissions) end end + + context 'maintainer' do + let(:current_user) { maintainer } + + it 'allows every maintainer permission except creating subgroups' do + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + + expect_disallowed(*create_subgroup_permission) + expect_allowed(*updated_maintainer_permissions) + end + end end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do @@ -461,6 +473,64 @@ describe GroupPolicy do end end + context "create_subgroup" do + context 'when group has subgroup creation level set to owner' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + + context 'when group has subgroup creation level set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + context 'reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_subgroup) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_subgroup) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_subgroup) } + end + end + end + it_behaves_like 'clusterable policies' do let(:clusterable) { create(:group) } let(:cluster) do diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index a40d3087f6e..b4808ac0068 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From faa8b69f2b6dd4d6d9117a9988d1232f94c418f1 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:46:48 -0700 Subject: Reset group policy to only allow >= owners to create subgroups --- app/policies/group_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 9cb50c0f5fa..9219283992f 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -104,7 +104,7 @@ class GroupPolicy < BasePolicy enable :read_nested_project_resources end - rule { maintainer & nested_groups_supported }.enable :create_subgroup + rule { owner & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From 1044930a527ef0db4e6e85b9b0d1d6b6ae00b268 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:49:27 -0700 Subject: Add a subgroup_creation_level column to the namespaces table --- ...6175626_add_group_creation_level_to_namespaces.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb new file mode 100644 index 00000000000..b0ea74d4765 --- /dev/null +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + disable_ddl_transaction! + + def up + unless column_exists?(:namespaces, :subgroup_creation_level) + add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + end + end + + def down + if column_exists?(:namespaces, :subgroup_creation_level) + remove_column(:namespaces, :subgroup_creation_level) + end + end +end -- cgit v1.2.1 From 99e6c084368072b2628d6a53cf241a7e75da3662 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:39:04 -0700 Subject: Add constants representing Owner and Maintainer group access levels --- lib/gitlab/access.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 6eb08f674c2..77076ead47a 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -29,6 +29,10 @@ module Gitlab MAINTAINER_PROJECT_ACCESS = 1 DEVELOPER_MAINTAINER_PROJECT_ACCESS = 2 + # Default subgroup creation level + OWNER_SUBGROUP_ACCESS = 0 + MAINTAINER_SUBGROUP_ACCESS = 1 + class << self delegate :values, to: :options -- cgit v1.2.1 From d279cc5a7aaca55b6736b065e3b0c119a9a9959b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 13:45:58 -0700 Subject: Add subgroup_creation_level to the list of allowed group params For both groups_controller and admin/groups_controller --- app/controllers/admin/groups_controller.rb | 3 ++- app/controllers/groups_controller.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index 15f7ef881c8..6317fa7c8d1 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -90,7 +90,8 @@ class Admin::GroupsController < Admin::ApplicationController :visibility_level, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index dbddee47997..0176962cf0a 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -192,7 +192,8 @@ class GroupsController < Groups::ApplicationController :chat_team_name, :require_two_factor_authentication, :two_factor_grace_period, - :project_creation_level + :project_creation_level, + :subgroup_creation_level ] end -- cgit v1.2.1 From 9dc5c2ef73682c7c6ff754fe983ac3a3eff11976 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:11:09 -0700 Subject: Add "allowed to create subgroups" dropdown to group settings form --- app/views/groups/settings/_permissions.html.haml | 1 + app/views/groups/settings/_subgroup_creation_level.html.haml | 3 +++ lib/gitlab/access.rb | 7 +++++++ 3 files changed, 11 insertions(+) create mode 100644 app/views/groups/settings/_subgroup_creation_level.html.haml diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 0da1f1ba7f5..d3375e00bad 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -20,6 +20,7 @@ = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group = render 'groups/settings/lfs', f: f = render 'groups/settings/project_creation_level', f: f, group: @group + = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/two_factor_auth', f: f = render_if_exists 'groups/member_lock_setting', f: f, group: @group diff --git a/app/views/groups/settings/_subgroup_creation_level.html.haml b/app/views/groups/settings/_subgroup_creation_level.html.haml new file mode 100644 index 00000000000..f36ad192bad --- /dev/null +++ b/app/views/groups/settings/_subgroup_creation_level.html.haml @@ -0,0 +1,3 @@ +.form-group + = f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold' + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control' diff --git a/lib/gitlab/access.rb b/lib/gitlab/access.rb index 77076ead47a..7ef9f7ef630 100644 --- a/lib/gitlab/access.rb +++ b/lib/gitlab/access.rb @@ -110,6 +110,13 @@ module Gitlab def project_creation_level_name(name) project_creation_options.key(name) end + + def subgroup_creation_options + { + s_('SubgroupCreationlevel|Owners') => OWNER_SUBGROUP_ACCESS, + s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS + } + end end def human_access -- cgit v1.2.1 From 130261c5e984ae022543e08cb7ba4a82b1594612 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:17:24 -0700 Subject: Make the group model return maintainer level when it is not set --- app/models/group.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement -- cgit v1.2.1 From c96b503bfa05e9f1db727d5f03b0bc562bc69c11 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 15:53:46 -0700 Subject: Add policy to allow maintainers to create subgroups when enabled --- app/policies/group_policy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 9219283992f..0add8bfad31 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -38,6 +38,10 @@ class GroupPolicy < BasePolicy @subject.project_creation_level == ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS end + condition(:maintainer_can_create_group) do + @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + rule { public_group }.policy do enable :read_group enable :read_list @@ -105,6 +109,7 @@ class GroupPolicy < BasePolicy end rule { owner & nested_groups_supported }.enable :create_subgroup + rule { maintainer & maintainer_can_create_group & nested_groups_supported }.enable :create_subgroup rule { public_group | logged_in_viewable }.enable :view_globally -- cgit v1.2.1 From cd7d9ac120bb04547efffef72d6d5aca861e54a6 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 18:15:56 +0000 Subject: Apply suggestion to changelogs/unreleased/maintainers-can-create-subgroup.yml --- changelogs/unreleased/maintainers-can-create-subgroup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/maintainers-can-create-subgroup.yml b/changelogs/unreleased/maintainers-can-create-subgroup.yml index b537862c8af..180f0f7247f 100644 --- a/changelogs/unreleased/maintainers-can-create-subgroup.yml +++ b/changelogs/unreleased/maintainers-can-create-subgroup.yml @@ -1,5 +1,5 @@ --- -title: Maintainers can crete subgroups +title: Maintainers can create subgroups merge_request: 29718 author: Fabio Papa type: changed -- cgit v1.2.1 From cf9a22f62f54cc916fc0a4031e7f1c53b5e2e306 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 08:35:09 -0700 Subject: Add feature examples specing maintainers creating subgroups Both with subgroup_creation_level set to owners and to maintainers. Also fixed the naming of some other examples in the same spec as they were contradicting what they were actually performing in the test. These examples were probably copy/pasted, and not renamed. --- spec/features/groups/show_spec.rb | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 2654d06cd8c..68fa3f4e817 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -86,7 +86,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end @@ -103,8 +103,22 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + context 'when subgroup_creation_level is set to maintainer' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it 'allows creating subgroups' do + visit path + expect(page).to have_css("li[data-text='New subgroup']", visible: false) + end + end + + context 'when subgroup_creation_level is set to owners' do + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + + it 'does not allow creating subgroups' do + visit path + expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + end end end @@ -114,7 +128,7 @@ describe 'Group show page' do visit path end - it 'allows creating subgroups' do + it 'does not allow creating subgroups' do expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) end end -- cgit v1.2.1 From ec802d6434230cdbdb487ef6febe6205886035f9 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 09:22:10 -0700 Subject: Update schema --- db/schema.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/schema.rb b/db/schema.rb index a5079d3a5bc..0f5770e4eb1 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2119,6 +2119,7 @@ ActiveRecord::Schema.define(version: 2019_07_15_114644) do t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false t.integer "last_ci_minutes_usage_notification_level" + t.integer "subgroup_creation_level", default: 0, null: false t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree -- cgit v1.2.1 From 13d9c5dda20095e8f5aaaa173ec2fcc4213ba7bb Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- ...75626_add_group_creation_level_to_namespaces.rb | 7 +++++-- spec/controllers/admin/groups_controller_spec.rb | 9 ++++++-- spec/features/groups/group_settings_spec.rb | 2 +- spec/features/groups/show_spec.rb | 24 +++++++++++++++------- spec/models/group_spec.rb | 3 ++- spec/policies/group_policy_spec.rb | 21 ++++++++++++++----- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 8 files changed, 52 insertions(+), 22 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index b0ea74d4765..eed0ba25f27 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -5,10 +5,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] DOWNTIME = false disable_ddl_transaction! - + def up unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, :subgroup_creation_level, :integer, default: 0) + add_column_with_default(:namespaces, + :subgroup_creation_level, + :integer, + default: 0) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index df11321537f..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,9 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do - post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + post :update, + params: { id: group.to_param, + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 95534d5a2ba..676769c25fe 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -92,7 +92,7 @@ describe 'Edit group settings' do expect(page).to have_content('Allowed to create subgroups') end end - + describe 'edit group avatar' do before do visit edit_group_path(group) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 68fa3f4e817..163906010fa 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -76,7 +76,8 @@ describe 'Group show page' do end it 'allows creating subgroups' do - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -87,7 +88,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end @@ -104,8 +106,11 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + it 'allows creating subgroups' do visit path expect(page).to have_css("li[data-text='New subgroup']", visible: false) @@ -113,11 +118,15 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to owners' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end it 'does not allow creating subgroups' do visit path - expect(page).not_to have_css("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_css("li[data-text='New subgroup']", visible: false) end end end @@ -129,7 +138,8 @@ describe 'Group show page' do end it 'does not allow creating subgroups' do - expect(page).not_to have_selector("li[data-text='New subgroup']", visible: false) + expect(page) + .not_to have_selector("li[data-text='New subgroup']", visible: false) end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index fd40061dd3a..6627177ad61 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -999,7 +999,8 @@ describe Group do it 'outputs the default one if it is nil' do group = create(:group, subgroup_creation_level: nil) - expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index aed9a8e34ff..da186f63eca 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -145,7 +145,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -157,7 +158,8 @@ describe GroupPolicy do it 'allows every owner permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_owner_permissions = owner_permissions - create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_owner_permissions) @@ -169,7 +171,8 @@ describe GroupPolicy do it 'allows every maintainer permission except creating subgroups' do create_subgroup_permission = [:create_subgroup] - updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission + updated_maintainer_permissions = + maintainer_permissions - create_subgroup_permission expect_disallowed(*create_subgroup_permission) expect_allowed(*updated_maintainer_permissions) @@ -475,7 +478,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } @@ -503,7 +510,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create( + :group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From d32ed9297c5356393dc8a7644786a12078519496 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 14:06:50 -0700 Subject: Remove an example that is no longer necessary --- spec/models/group_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 6627177ad61..470ce65707d 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,13 +994,4 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end - - describe 'subgroup_creation_level' do - it 'outputs the default one if it is nil' do - group = create(:group, subgroup_creation_level: nil) - - expect(group.subgroup_creation_level) - .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) - end - end end -- cgit v1.2.1 From e962ffbc90b797cc9f1eb922e918c093dac7d4a1 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- spec/models/group_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..9ae18d7bab7 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'defaults to maintainers' do + group = create (:group) + + expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end -- cgit v1.2.1 From 81662f7b9fae45689b9291427fd9b192ef88be4b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- ...75626_add_group_creation_level_to_namespaces.rb | 1 + spec/controllers/admin/groups_controller_spec.rb | 7 ++-- spec/factories/groups.rb | 5 ++- spec/features/groups/show_spec.rb | 17 ++++++--- spec/models/group_spec.rb | 5 +-- spec/policies/group_policy_spec.rb | 43 ++++++++++++++++++---- spec/requests/api/groups_spec.rb | 4 +- .../policies/group_policy_shared_context.rb | 2 +- 8 files changed, 60 insertions(+), 24 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index eed0ba25f27..85ac89af46e 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -12,6 +12,7 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] :subgroup_creation_level, :integer, default: 0) + change_column_default(:namespaces, :subgroup_creation_level, 1) end end diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 2f50fbfe2fa..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner @@ -46,5 +45,9 @@ FactoryBot.define do trait :auto_devops_disabled do auto_devops_enabled false end + + trait :owner_subgroup_creation_only do + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS + end end end diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 163906010fa..48ba9064327 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -72,10 +72,11 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -84,10 +85,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -102,10 +104,9 @@ describe 'Group show page' do context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end - context 'when subgroup_creation_level is set to maintainer' do + context 'when subgroup_creation_level is set to maintainers' do let(:group) do create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) @@ -113,7 +114,9 @@ describe 'Group show page' do it 'allows creating subgroups' do visit path - expect(page).to have_css("li[data-text='New subgroup']", visible: false) + + expect(page) + .to have_css("li[data-text='New subgroup']", visible: false) end end @@ -125,6 +128,7 @@ describe 'Group show page' do it 'does not allow creating subgroups' do visit path + expect(page) .not_to have_css("li[data-text='New subgroup']", visible: false) end @@ -134,10 +138,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 9ae18d7bab7..c7fb0f51075 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -997,9 +997,8 @@ describe Group do describe 'subgroup_creation_level' do it 'defaults to maintainers' do - group = create (:group) - - expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index da186f63eca..7fba62d2aa8 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -98,12 +98,38 @@ describe GroupPolicy do context 'maintainer' do let(:current_user) { maintainer } - it do - expect_allowed(*guest_permissions) - expect_allowed(*reporter_permissions) - expect_allowed(*developer_permissions) - expect_allowed(*maintainer_permissions) - expect_disallowed(*owner_permissions) + context 'with subgroup_creation level set to maintainer' do + let(:group) { create(:group, + :private, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + create_subgroup_permission = [:create_subgroup] + updated_maintainer_permissions = + maintainer_permissions + create_subgroup_permission + updated_owner_permissions = + owner_permissions - create_subgroup_permission + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*updated_maintainer_permissions) + expect_disallowed(*updated_owner_permissions) + end + end + + context 'with subgroup_creation_level set to owner' do + it do + allow(Group).to receive(:supports_nested_objects?).and_return(true) + + expect_allowed(*guest_permissions) + expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) + expect_allowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end end end @@ -181,7 +207,10 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, :private, parent: group) } + let(:nested_group) { create(:group, + :private, + :owner_subgroup_creation_only, + parent: group) } before do nested_group.add_guest(guest) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index b4808ac0068..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -7,7 +7,7 @@ RSpec.shared_context 'GroupPolicy context' do let(:maintainer) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } - let(:group) { create(:group, :private) } + let(:group) { create(:group, :private, :owner_subgroup_creation_only) } let(:guest_permissions) do %i[ -- cgit v1.2.1 From 42167779eaef30c7a63b57014b16b1c7d39122bf Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From 7848c4daeead7bf0ba79a9c82be59bfc349f1caa Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 48ba9064327..ef0e885ee5f 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,27 +56,28 @@ describe 'Group show page' do end context 'subgroup support' do + let(:restricted_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } + let(:relaxed_group) { create(:group, + subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } let(:owner) { create(:user) } let(:maintainer) { create(:user) } - before do - group.add_owner(owner) - group.add_maintainer(maintainer) - end - context 'for owners' do + let(:path) { group_path(restricted_group) } + before do + restricted_group.add_owner(owner) sign_in(owner) end context 'when subgroups are supported', :js, :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -85,11 +86,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -107,30 +107,30 @@ describe 'Group show page' do end context 'when subgroup_creation_level is set to maintainers' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + before do + relaxed_group.add_maintainer(maintainer) + path = group_path(relaxed_group) + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end end context 'when subgroup_creation_level is set to owners' do - let(:group) do - create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + before do + restricted_group.add_maintainer(maintainer) end it 'does not allow creating subgroups' do + path = group_path(restricted_group) visit path expect(page) - .not_to have_css("li[data-text='New subgroup']", visible: false) + .not_to have_selector("li[data-text='New subgroup']", + visible: false) end end end -- cgit v1.2.1 From 4bf26862d09e1f20bae2fa36be72ec6387a547ba Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From b36d78eabc53bb6a457c45b67a65276c85bf2b8a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:56:02 -0700 Subject: Add descriptions to examples --- spec/policies/group_policy_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 7fba62d2aa8..020b51f776e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -103,7 +103,7 @@ describe GroupPolicy do :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } - it do + it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) create_subgroup_permission = [:create_subgroup] @@ -121,7 +121,7 @@ describe GroupPolicy do end context 'with subgroup_creation_level set to owner' do - it do + it 'allows every maintainer permission' do allow(Group).to receive(:supports_nested_objects?).and_return(true) expect_allowed(*guest_permissions) -- cgit v1.2.1 From d4c53e1799d4967c20ac771f6628416183985ef4 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ app/views/groups/_group_admin_settings.html.haml | 6 ++++++ ...190626175626_add_group_creation_level_to_namespaces.rb | 15 +++++---------- db/schema.rb | 2 +- spec/controllers/admin/groups_controller_spec.rb | 6 ++---- spec/features/admin/admin_groups_spec.rb | 9 +++++++++ spec/features/groups/show_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 9 --------- 8 files changed, 29 insertions(+), 26 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml index b8f632d11d3..733cb36cc3d 100644 --- a/app/views/groups/_group_admin_settings.html.haml +++ b/app/views/groups/_group_admin_settings.html.haml @@ -16,6 +16,12 @@ .col-sm-10 = f.select :project_creation_level, options_for_select(::Gitlab::Access.project_creation_options, @group.project_creation_level), {}, class: 'form-control' +.form-group.row + .col-sm-2.col-form-label + = f.label s_('SubgroupCreationlevel|Allowed to create subgroups') + .col-sm-10 + = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, @group.subgroup_creation_level), {}, class: 'form-control' + .form-group.row .col-sm-2.col-form-label.pt-0 = f.label :require_two_factor_authentication, 'Two-factor authentication' diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 85ac89af46e..867ec3b7c91 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -7,18 +7,13 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] disable_ddl_transaction! def up - unless column_exists?(:namespaces, :subgroup_creation_level) - add_column_with_default(:namespaces, - :subgroup_creation_level, - :integer, - default: 0) - change_column_default(:namespaces, :subgroup_creation_level, 1) - end + add_column(:namespaces, :subgroup_creation_level, :integer) + change_column_default(:namespaces, + :subgroup_creation_level, + ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end def down - if column_exists?(:namespaces, :subgroup_creation_level) - remove_column(:namespaces, :subgroup_creation_level) - end + remove_column(:namespaces, :subgroup_creation_level) end end diff --git a/db/schema.rb b/db/schema.rb index 0f5770e4eb1..79cd1a3a797 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2119,7 +2119,7 @@ ActiveRecord::Schema.define(version: 2019_07_15_114644) do t.string "ldap_sync_status", default: "ready", null: false t.boolean "membership_lock", default: false t.integer "last_ci_minutes_usage_notification_level" - t.integer "subgroup_creation_level", default: 0, null: false + t.integer "subgroup_creation_level", default: 1 t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree t.index ["custom_project_templates_group_id", "type"], name: "index_namespaces_on_custom_project_templates_group_id_and_type", where: "(custom_project_templates_group_id IS NOT NULL)", using: :btree t.index ["file_template_project_id"], name: "index_namespaces_on_file_template_project_id", using: :btree diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 398f587bafe..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,13 +70,11 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: OWNER } } - end.to change { group.reload.subgroup_creation_level }.to(OWNER) + group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end end end diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 735ca60f7da..35c384dd458 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -102,6 +102,15 @@ describe 'Admin Groups' do expect_selected_visibility(group.visibility_level) end + it 'shows the subgroup creation level dropdown populated with the group subgroup_creation_level value' do + group = create(:group, :private, :owner_subgroup_creation_only) + + visit admin_group_edit_path(group) + + expect(page).to have_select("group_subgroup_creation_level", + selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + end + it 'edit group path does not change group name', :js do group = create(:group, :private) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index ef0e885ee5f..5096abadb79 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -71,7 +71,7 @@ describe 'Group show page' do sign_in(owner) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } visit path @@ -101,7 +101,7 @@ describe 'Group show page' do sign_in(maintainer) end - context 'when subgroups are supported', :js, :nested_groups do + context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From 0ec6e5d851631f8b2175c86104c73158ddc9065d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From aa6c7811e9a9e7c1f2023ddc623b12b0351a94be Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 23d66e0b854a229e4535175f8a12acbe0330ac0f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:29:54 -0700 Subject: Adjust the documentation on subgroups --- doc/user/group/subgroups/index.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 1c6cca049c5..e3f7539a9b6 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -75,13 +75,16 @@ structure. ## Creating a subgroup NOTE: **Note:** -You must be an Owner of a group to create a subgroup. For -more information check the [permissions table](../../permissions.md#group-members-permissions). +In order to create a subgroup you must either be an Owner or a Maintainer of the +group, depending on the group's setting. By default groups allow both Owners and +Maintainers to create subgroups, but this can be changed by an Owner or +Administrator to only allow Owners to create subgroups. For more information +check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). -Users can always create subgroups if they are explicitly added as an Owner to -a parent group, even if group creation is disabled by an administrator in their -settings. +[reserved names](../../reserved_names.md). Users can always create subgroups if +they are explicitly added as an Owner (or Maintainer, if that setting is +enabled) to a parent group, even if group creation is disabled by an +administrator in their settings. To create a subgroup: -- cgit v1.2.1 From 3dc6717c2857a6bccde528b3dace2dfe03ca38c5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 15:39:43 -0700 Subject: Adjust the documentation on subgroup permissions --- doc/user/permissions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 619cf34b5c3..f95dc8bf205 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,6 +216,8 @@ group. | Delete group epic **(ULTIMATE)** | | | | | ✓ | | View group Audit Events | | | | | ✓ | +*Groups can be set to allow either Owners or Owners and maintainers to create subgroups + ### Subgroup permissions When you add a member to a subgroup, they inherit the membership and -- cgit v1.2.1 From f12636bfb338ae2ac70b7e8eb6e481beb1c28a4d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 16:27:49 -0700 Subject: Fix some code style issues --- spec/features/groups/show_spec.rb | 12 ++++++++---- spec/policies/group_policy_spec.rb | 13 ++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 5096abadb79..f1501181432 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -56,10 +56,14 @@ describe 'Group show page' do end context 'subgroup support' do - let(:restricted_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } - let(:relaxed_group) { create(:group, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:restricted_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + end + + let(:relaxed_group) do + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + let(:owner) { create(:user) } let(:maintainer) { create(:user) } diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 020b51f776e..dc3675a7b9e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -99,9 +99,9 @@ describe GroupPolicy do let(:current_user) { maintainer } context 'with subgroup_creation level set to maintainer' do - let(:group) { create(:group, - :private, - subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } + let(:group) do + create(:group, :private, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end it 'allows every maintainer permission plus creating subgroups' do allow(Group).to receive(:supports_nested_objects?).and_return(true) @@ -207,10 +207,9 @@ describe GroupPolicy do end describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do - let(:nested_group) { create(:group, - :private, - :owner_subgroup_creation_only, - parent: group) } + let(:nested_group) do + create(:group, :private, :owner_subgroup_creation_only, parent: group) + end before do nested_group.add_guest(guest) -- cgit v1.2.1 From c22e87121e029bb79aa09f2d04010d738545c7f9 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- ...190626175626_add_group_creation_level_to_namespaces.rb | 1 - spec/features/admin/admin_groups_spec.rb | 3 +-- spec/features/groups/show_spec.rb | 15 +++++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb index 867ec3b7c91..3b75c92e518 100644 --- a/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb +++ b/db/migrate/20190626175626_add_group_creation_level_to_namespaces.rb @@ -4,7 +4,6 @@ class AddGroupCreationLevelToNamespaces < ActiveRecord::Migration[5.1] include Gitlab::Database::MigrationHelpers DOWNTIME = false - disable_ddl_transaction! def up add_column(:namespaces, :subgroup_creation_level, :integer) diff --git a/spec/features/admin/admin_groups_spec.rb b/spec/features/admin/admin_groups_spec.rb index 35c384dd458..c1ad73779c9 100644 --- a/spec/features/admin/admin_groups_spec.rb +++ b/spec/features/admin/admin_groups_spec.rb @@ -107,8 +107,7 @@ describe 'Admin Groups' do visit admin_group_edit_path(group) - expect(page).to have_select("group_subgroup_creation_level", - selected: ::Gitlab::Access.subgroup_creation_options.keys[group.subgroup_creation_level]) + expect(page).to have_content('Allowed to create subgroups') end it 'edit group path does not change group name', :js do diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index f1501181432..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -57,11 +57,11 @@ describe 'Group show page' do context 'subgroup support' do let(:restricted_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end let(:relaxed_group) do - create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end let(:owner) { create(:user) } @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end @@ -113,11 +115,12 @@ describe 'Group show page' do context 'when subgroup_creation_level is set to maintainers' do before do relaxed_group.add_maintainer(maintainer) - path = group_path(relaxed_group) - visit path end it 'allows creating subgroups' do + path = group_path(relaxed_group) + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 02b1235046e1a78d4c43476a1716b6464bb647d1 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + .../policies/group_policy_shared_context.rb | 16 ++++++---------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From 97b1f48e97383648946c985eef8e8a29c307b05e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/controllers/admin/groups_controller_spec.rb | 2 ++ spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 1123563c1e3..451367f58e1 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,6 +70,8 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do post :update, params: { id: group.to_param, diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From aa428bef4e291efe5d346d7df7bbe0028397d90f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end -- cgit v1.2.1 From 44bd74cd0e87c36a99fb5ac2723f44bccf3dfbb9 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/controllers/admin/groups_controller_spec.rb | 2 +- spec/factories/groups.rb | 1 - spec/requests/api/groups_spec.rb | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 451367f58e1..34cd0b324b5 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,7 +70,7 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From 7980011e03691ac46a7c59014bb3f0ae13d3dbf8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From fe4a88be03f4e2e9a4648f5b9431d0011e191be3 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index bed998a0859..9cf5e7f9bb6 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,11 +78,10 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -91,11 +90,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 341bead035919132339233ffdef94961c2829571 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 832f668f295d20e00db8d7bd71627724da3a45f3 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ spec/controllers/admin/groups_controller_spec.rb | 2 -- spec/services/groups/create_service_spec.rb | 9 --------- 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 34cd0b324b5..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,8 +70,6 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From 899df973dc429c796c57840f7531f5d083c4d298 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From dc65d4f36cb5d0ae1ce0f1c6c1a1a646f1e0cb99 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 396926bbe4182d415e8aa129f45bc1c8ba9e4694 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + spec/policies/group_policy_spec.rb | 8 ++++++++ .../policies/group_policy_shared_context.rb | 16 ++++++---------- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index dc3675a7b9e..893b686da43 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -506,11 +506,15 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do +<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end +======= + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } +>>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } @@ -538,11 +542,15 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do +<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end +======= + let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } +>>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From a2cd8e0dab5c5efb3f1c6a6968337b371e194a24 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/controllers/admin/groups_controller_spec.rb | 7 +++++-- spec/policies/group_policy_spec.rb | 8 -------- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 4 files changed, 9 insertions(+), 14 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 1123563c1e3..72f389513f8 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,11 +70,14 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do + MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } - end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) + group: { subgroup_creation_level: MAINTAINER } } + end.to change { group.reload.subgroup_creation_level } + .to(MAINTAINER) end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 893b686da43..dc3675a7b9e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -506,15 +506,11 @@ describe GroupPolicy do context "create_subgroup" do context 'when group has subgroup creation level set to owner' do -<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end -======= - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) } ->>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } @@ -542,15 +538,11 @@ describe GroupPolicy do end context 'when group has subgroup creation level set to maintainer' do -<<<<<<< HEAD let(:group) do create( :group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end -======= - let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) } ->>>>>>> Add examples specing the setting to choose who can create subgroups context 'reporter' do let(:current_user) { reporter } diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From bcc970f6f5ec3b48db2417c23bc81d4240a0c47d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end -- cgit v1.2.1 From 4b572f807c0f51ad47ad907d0ac471c7b81ac8be Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/controllers/admin/groups_controller_spec.rb | 7 +++---- spec/factories/groups.rb | 1 - spec/features/groups/show_spec.rb | 6 ++++-- spec/requests/api/groups_spec.rb | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 72f389513f8..398f587bafe 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,14 +70,13 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - MAINTAINER = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: MAINTAINER } } - end.to change { group.reload.subgroup_creation_level } - .to(MAINTAINER) + group: { subgroup_creation_level: OWNER } } + end.to change { group.reload.subgroup_creation_level }.to(OWNER) end end end diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9cf5e7f9bb6..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From 27ebf9392ac83cb020803b88ff7ca69887c36753 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From c8b5556eb8d3594df9e69fd16517c23cf098a32f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index bed998a0859..9cf5e7f9bb6 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,11 +78,10 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -91,11 +90,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From f940a4a64ed7dde32228233897f9ad713151fb6a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 85d0440d56f65b1f62de7f6c6a07eccd2c28256c Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- spec/features/groups/show_spec.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9cf5e7f9bb6..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 17ecd7a9e18aec95dd56f801050384a2053ca919 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:55:20 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index e3f7539a9b6..fad7541bdc4 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -81,7 +81,9 @@ Maintainers to create subgroups, but this can be changed by an Owner or Administrator to only allow Owners to create subgroups. For more information check the [permissions table](../../permissions.md#group-members-permissions). For a list of words that are not allowed to be used as group names see the -[reserved names](../../reserved_names.md). Users can always create subgroups if +[reserved names](../../reserved_names.md). + +Users can always create subgroups if they are explicitly added as an Owner (or Maintainer, if that setting is enabled) to a parent group, even if group creation is disabled by an administrator in their settings. -- cgit v1.2.1 From f56cfd3db7190f709361fdf1bff47e2b08c365c8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:55:49 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index f95dc8bf205..ca32631704c 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -209,8 +209,8 @@ group. | Create project in group | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **(PREMIUM)** | | | ✓ | ✓ | ✓ | +| Create subgroup | | | | ✓ (1) | ✓ | | Edit group | | | | | ✓ | -| Create subgroup | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | | Delete group epic **(ULTIMATE)** | | | | | ✓ | -- cgit v1.2.1 From 3a9cd32a0b52447f60ab7345a0f2deade3755236 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:56:03 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index ca32631704c..2b084b3000b 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,7 @@ group. | Delete group epic **(ULTIMATE)** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -*Groups can be set to allow either Owners or Owners and maintainers to create subgroups +- (1): Groups can be set to allow either Owners or Owners and maintainers to create subgroups ### Subgroup permissions -- cgit v1.2.1 From becfb8318ed081bcfeffcfc3e03b3097bda773e0 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 05:56:53 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index fad7541bdc4..4e88ec5ee76 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,7 +74,6 @@ structure. ## Creating a subgroup -NOTE: **Note:** In order to create a subgroup you must either be an Owner or a Maintainer of the group, depending on the group's setting. By default groups allow both Owners and Maintainers to create subgroups, but this can be changed by an Owner or -- cgit v1.2.1 From 4cacdfc89deaa271e1dd7b6dcbfaf8f533b9a76d Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 3 Jul 2019 16:43:56 +0000 Subject: Update index.md --- doc/user/group/subgroups/index.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 4e88ec5ee76..b9313ccdb1e 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,18 +74,19 @@ structure. ## Creating a subgroup -In order to create a subgroup you must either be an Owner or a Maintainer of the -group, depending on the group's setting. By default groups allow both Owners and +To create a subgroup you must either be an Owner or a Maintainer of the group, +depending on the group's setting. By default groups allow both Owners and Maintainers to create subgroups, but this can be changed by an Owner or -Administrator to only allow Owners to create subgroups. For more information -check the [permissions table](../../permissions.md#group-members-permissions). -For a list of words that are not allowed to be used as group names see the +Administrator to only allow Owners to create subgroups. + +For more information check the +[permissions table](../../permissions.md#group-members-permissions). For a list +of words that are not allowed to be used as group names see the [reserved names](../../reserved_names.md). -Users can always create subgroups if -they are explicitly added as an Owner (or Maintainer, if that setting is -enabled) to a parent group, even if group creation is disabled by an -administrator in their settings. +Users can always create subgroups if they are explicitly added as an Owner (or +Maintainer, if that setting is enabled) to a parent group, even if group +creation is disabled by an administrator in their settings. To create a subgroup: -- cgit v1.2.1 From 480c317c67e8bee8b46be9dffd39558255d30539 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 5 Jul 2019 14:52:06 +0000 Subject: Apply suggestion to doc/user/permissions.md --- doc/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 2b084b3000b..07122cd90d7 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,7 @@ group. | Delete group epic **(ULTIMATE)** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -- (1): Groups can be set to allow either Owners or Owners and maintainers to create subgroups +- (1): Groups can be set to allow either Owners or Owners and Maintainers to create subgroups ### Subgroup permissions -- cgit v1.2.1 From 00ccffdb20b493b4b818277f0d1e57907f5859d4 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 014e11b86f3659f36bb109b440831ffe6a54b730 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 720dded1d54a0bae7262e2477b744cd04f0635c1 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + .../policies/group_policy_shared_context.rb | 16 ++++++---------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From 6f3b2e07dc394477636e7ea40749f8a7f51e3de7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Thu, 27 Jun 2019 14:17:24 -0700 Subject: Make the group model return maintainer level when it is not set --- app/models/group.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement -- cgit v1.2.1 From 0b708e5d36f75b8c82b313737bffbdcc2f7e0255 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/controllers/admin/groups_controller_spec.rb | 6 ++---- spec/models/group_spec.rb | 6 ++++-- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb index 398f587bafe..1123563c1e3 100644 --- a/spec/controllers/admin/groups_controller_spec.rb +++ b/spec/controllers/admin/groups_controller_spec.rb @@ -70,13 +70,11 @@ describe Admin::GroupsController do end it 'updates the subgroup_creation_level successfully' do - OWNER = ::Gitlab::Access::OWNER_SUBGROUP_ACCESS - expect do post :update, params: { id: group.to_param, - group: { subgroup_creation_level: OWNER } } - end.to change { group.reload.subgroup_creation_level }.to(OWNER) + group: { subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS } } + end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::OWNER_SUBGROUP_ACCESS) end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index c7fb0f51075..6627177ad61 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -996,9 +996,11 @@ describe Group do end describe 'subgroup_creation_level' do - it 'defaults to maintainers' do + it 'outputs the default one if it is nil' do + group = create(:group, subgroup_creation_level: nil) + expect(group.subgroup_creation_level) - .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 45668ed02370b617d2f8538d61eaa58bda6e39ca Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 14:06:50 -0700 Subject: Remove an example that is no longer necessary --- spec/models/group_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 6627177ad61..470ce65707d 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,13 +994,4 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end - - describe 'subgroup_creation_level' do - it 'outputs the default one if it is nil' do - group = create(:group, subgroup_creation_level: nil) - - expect(group.subgroup_creation_level) - .to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) - end - end end -- cgit v1.2.1 From f1fcd64fb7f4dc19ebab44829dc66a5a8f28a096 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 16:12:54 -0700 Subject: Make maintainers the default setting for creating subgroups --- app/models/group.rb | 10 ++++++---- spec/models/group_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..8f39c3a658f 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,6 +58,8 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } + before_create :default_subgroup_creation_level_to_maintainers + after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -416,10 +418,6 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end - def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end - private def update_two_factor_requirement @@ -449,4 +447,8 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end + + def default_subgroup_creation_level_to_maintainers + self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 470ce65707d..9ae18d7bab7 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -994,4 +994,12 @@ describe Group do expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation) end end + + describe 'subgroup_creation_level' do + it 'defaults to maintainers' do + group = create (:group) + + expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + end + end end -- cgit v1.2.1 From 95708920ae309a82240d14e4a5bb1bb944085fb3 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/factories/groups.rb | 1 - spec/models/group_spec.rb | 5 ++--- spec/requests/api/groups_spec.rb | 4 ++-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 9ae18d7bab7..c7fb0f51075 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -997,9 +997,8 @@ describe Group do describe 'subgroup_creation_level' do it 'defaults to maintainers' do - group = create (:group) - - expect(group.subgroup_creation_level).to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) + expect(group.subgroup_creation_level) + .to eq(Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) end end end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From ef5f8bda2cc6698d20081c3e7403e9af39398a63 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:00:34 -0700 Subject: Remove AR hook to set the default subgroup_creation_level --- app/models/group.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 8f39c3a658f..9520db1bc0a 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -58,8 +58,6 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required } - before_create :default_subgroup_creation_level_to_maintainers - after_create :post_create_hook after_destroy :post_destroy_hook after_save :update_two_factor_requirement @@ -447,8 +445,4 @@ class Group < Namespace errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") end - - def default_subgroup_creation_level_to_maintainers - self.subgroup_creation_level = ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS - end end -- cgit v1.2.1 From de71c338785adaca9c0cc6a5c670d5113312b5b7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:17:26 -0700 Subject: Clean up the show_spec examples previously added --- spec/features/groups/show_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index bed998a0859..9cf5e7f9bb6 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,11 +78,10 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } + visit path end it 'allows creating subgroups' do - visit path - expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -91,11 +90,10 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } + visit path end it 'does not allow creating subgroups' do - visit path - expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 0f7366f29d2db81bc38bf7470f80d7e1b91de967 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From eedf735574b9f6c7c6c843943dd946ce84238236 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 19 Jul 2019 13:00:46 -0700 Subject: Make Bootsnap available via ENABLE_BOOTSNAP=1 Bootsnap speeds up Rails loading and now ships by default with Rails 5.2 apps. We should promote this to a default gem and test it out in production. This will also make it possible for the Helm Charts to take advantage of this. It appears that Bootsnap with Rails 5.2.3 and all the GitLab CE gems loads fine on an ARM platform now, so it's possible that https://gitlab.com/gitlab-org/gitlab-ce/issues/34799 has been resolved. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/45230 --- .gitlab/ci/memory.gitlab-ci.yml | 2 +- Gemfile | 3 ++- Gemfile.lock | 4 ++-- changelogs/unreleased/sh-enable-bootsnap.yml | 5 +++++ config/boot.rb | 2 +- 5 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 changelogs/unreleased/sh-enable-bootsnap.yml diff --git a/.gitlab/ci/memory.gitlab-ci.yml b/.gitlab/ci/memory.gitlab-ci.yml index ffe5dbdc31b..9923732e587 100644 --- a/.gitlab/ci/memory.gitlab-ci.yml +++ b/.gitlab/ci/memory.gitlab-ci.yml @@ -33,7 +33,7 @@ memory-on-boot: NODE_OPTIONS: --max_old_space_size=3584 script: # Both bootsnap and derailed monkey-patch Kernel#require, which leads to circular dependency - - DISABLE_BOOTSNAP=true PATH_TO_HIT="/users/sign_in" CUT_OFF=0.3 bundle exec derailed exec perf:mem >> 'tmp/memory_on_boot.txt' + - ENABLE_BOOTSNAP=false PATH_TO_HIT="/users/sign_in" CUT_OFF=0.3 bundle exec derailed exec perf:mem >> 'tmp/memory_on_boot.txt' - scripts/generate-memory-metrics-on-boot tmp/memory_on_boot.txt >> 'tmp/memory_on_boot_metrics.txt' artifacts: paths: diff --git a/Gemfile b/Gemfile index de1f44642f2..2f64e258fb3 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,8 @@ source 'https://rubygems.org' gem 'rails', '5.2.3' +gem 'bootsnap', '~> 1.4' + # Improves copy-on-write performance for MRI gem 'nakayoshi_fork', '~> 0.0.4' @@ -329,7 +331,6 @@ group :development do end group :development, :test do - gem 'bootsnap', '~> 1.4' gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET'] gem 'pry-byebug', '~> 3.5.1', platform: :mri gem 'pry-rails', '~> 0.3.4' diff --git a/Gemfile.lock b/Gemfile.lock index 2bcc3527de4..79ec7b36a43 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -100,7 +100,7 @@ GEM binding_ninja (0.2.3) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) - bootsnap (1.4.1) + bootsnap (1.4.4) msgpack (~> 1.0) bootstrap_form (4.2.0) actionpack (>= 5.0) @@ -529,7 +529,7 @@ GEM mixlib-cli (1.7.0) mixlib-config (2.2.18) tomlrb - msgpack (1.2.10) + msgpack (1.3.0) multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) diff --git a/changelogs/unreleased/sh-enable-bootsnap.yml b/changelogs/unreleased/sh-enable-bootsnap.yml new file mode 100644 index 00000000000..674a900ee01 --- /dev/null +++ b/changelogs/unreleased/sh-enable-bootsnap.yml @@ -0,0 +1,5 @@ +--- +title: Make Bootsnap available via ENABLE_BOOTSNAP=1 +merge_request: 30963 +author: +type: performance diff --git a/config/boot.rb b/config/boot.rb index b76b26a5e75..2eacff868eb 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -3,7 +3,7 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) # Set up gems listed in the Gemfile. require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) begin - require 'bootsnap/setup' unless ENV['DISABLE_BOOTSNAP'] + require 'bootsnap/setup' if ENV['RAILS_ENV'] != 'production' || %w(1 yes true).include?(ENV['ENABLE_BOOTSNAP']) rescue LoadError # bootsnap is an optional dependency, so if we don't have it, it's fine end -- cgit v1.2.1 From 7b7c14940097612140c71164481a371688d961b2 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- app/models/group.rb | 4 ++++ spec/services/groups/create_service_spec.rb | 9 --------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 9520db1bc0a..3f80c1373f1 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -416,6 +416,10 @@ class Group < Namespace super || ::Gitlab::CurrentSettings.default_project_creation end + def subgroup_creation_level + super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + end + private def update_two_factor_requirement diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From 5497b3ebefe5371678d81fcdab090b080515911a Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 3f92f3fa10b7f86295484872e617e2a4fb997900 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From d287a9b719b8984aa3422453a722f8a13772a3c8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 2 Jul 2019 08:38:38 -0700 Subject: Apply recomended changes from merge coach --- spec/features/groups/show_spec.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/spec/features/groups/show_spec.rb b/spec/features/groups/show_spec.rb index 9cf5e7f9bb6..bed998a0859 100644 --- a/spec/features/groups/show_spec.rb +++ b/spec/features/groups/show_spec.rb @@ -78,10 +78,11 @@ describe 'Group show page' do context 'when subgroups are supported', :nested_groups do before do allow(Group).to receive(:supports_nested_objects?) { true } - visit path end it 'allows creating subgroups' do + visit path + expect(page) .to have_css("li[data-text='New subgroup']", visible: false) end @@ -90,10 +91,11 @@ describe 'Group show page' do context 'when subgroups are not supported' do before do allow(Group).to receive(:supports_nested_objects?) { false } - visit path end it 'does not allow creating subgroups' do + visit path + expect(page) .not_to have_selector("li[data-text='New subgroup']", visible: false) end -- cgit v1.2.1 From 6c97f9f5ec1f8c59ebcaf6bf8a71432e89a1d993 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 19 Jul 2019 13:21:07 -0700 Subject: Add docs for ENABLE_BOOTSNAP --- doc/administration/environment_variables.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/administration/environment_variables.md b/doc/administration/environment_variables.md index 874b1f3c80d..37d7194af53 100644 --- a/doc/administration/environment_variables.md +++ b/doc/administration/environment_variables.md @@ -13,6 +13,7 @@ override certain values. Variable | Type | Description -------- | ---- | ----------- +`ENABLE_BOOTSNAP` | string | Enables Bootsnap for speeding up initial Rails boot (`1` to enable) `GITLAB_CDN_HOST` | string | Sets the base URL for a CDN to serve static assets (e.g. `//mycdnsubdomain.fictional-cdn.com`) `GITLAB_ROOT_PASSWORD` | string | Sets the password for the `root` user on installation `GITLAB_HOST` | string | The full URL of the GitLab server (including `http://` or `https://`) -- cgit v1.2.1 From 16cc1300f5650d040df8716b52548d0ac27e3601 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + .../policies/group_policy_shared_context.rb | 16 ++++++---------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From ecd21d93d42dc0d65fcdf8d09de5288e56e7b122 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 3aa6daddee467af83396aadfa4cc2d165ac80a31 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/factories/groups.rb | 1 - spec/requests/api/groups_spec.rb | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From 2f9d1f5d669533e8ea453491affd0fab254281d7 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From 0a5346bf11eacd24bfd6811a38901ee62dcf9de3 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 13:41:32 -0700 Subject: Apply changes recomended by merge request coach --- spec/services/groups/create_service_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..c5ff6cdbacd 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -88,14 +87,6 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - - context 'as maintainer' do - before do - group.add_maintainer(user) - end - - it { is_expected.to be_persisted } - end end end -- cgit v1.2.1 From 5156a30440a66bb1cf91b0d4e89b52043f0a1d66 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 11:07:17 -0700 Subject: Add failing unit test specifying a maintainer creating a subgroup --- spec/services/groups/create_service_spec.rb | 9 +++++++++ .../shared_contexts/policies/group_policy_shared_context.rb | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index c5ff6cdbacd..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # frozen_string_literal: true require 'spec_helper' @@ -87,6 +88,14 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end + + context 'as maintainer' do + before do + group.add_maintainer(user) + end + + it { is_expected.to be_persisted } + end end end diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 74389c4d82b..d596317462a 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -23,6 +23,15 @@ RSpec.shared_context 'GroupPolicy context' do create_projects read_cluster create_cluster update_cluster admin_cluster add_cluster ] + [ + :create_projects, + :read_cluster, + :create_cluster, + :update_cluster, + :admin_cluster, + :add_cluster, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end let(:owner_permissions) do [ @@ -30,8 +39,7 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) + :set_note_created_at ].compact end -- cgit v1.2.1 From 0c0314803cccaa997289ef27f9170412c6a471f8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 16 Jun 2019 13:22:12 -0700 Subject: Modify API spec to expect a maintainer to be able to create subgroup --- spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index d596317462a..5a55bbac788 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,10 +19,6 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - %i[ - create_projects - read_cluster create_cluster update_cluster admin_cluster add_cluster - ] [ :create_projects, :read_cluster, -- cgit v1.2.1 From 302316dac8c19160e52929c03bf54e34fb9f678e Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Tue, 25 Jun 2019 21:59:10 -0700 Subject: Add examples specing the setting to choose who can create subgroups This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing. --- spec/factories/groups.rb | 1 + .../policies/group_policy_shared_context.rb | 16 ++++++---------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index b67ab955ffc..947392b4fbc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,6 +5,7 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS + subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 5a55bbac788..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do let(:reporter_permissions) { [:admin_label] } let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do - [ - :create_projects, - :read_cluster, - :create_cluster, - :update_cluster, - :admin_cluster, - :add_cluster, - (Gitlab::Database.postgresql? ? :create_subgroup : nil) - ].compact + %i[ + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster + ] end let(:owner_permissions) do [ @@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do :admin_namespace, :admin_group_member, :change_visibility_level, - :set_note_created_at + :set_note_created_at, + (Gitlab::Database.postgresql? ? :create_subgroup : nil) ].compact end -- cgit v1.2.1 From b51ffa2e0c0c9a18ac05f801daa7409769a85bc5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 28 Jun 2019 13:31:47 -0700 Subject: Style rules; Revert some examples --- spec/requests/api/groups_spec.rb | 4 ++-- spec/services/groups/create_service_spec.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 52d926d5484..c41408fba65 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'can create subgroups' do + it 'cannot create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(201) + expect(response).to have_gitlab_http_status(403) end end end diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..267ad529d3b 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as maintainer' do + context 'as Owner' do before do - group.add_maintainer(user) + group.add_owner(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From ac759aaacaf028667aed6337241091c07094d55b Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Sun, 30 Jun 2019 14:40:23 -0700 Subject: Make subgroup_creation_level default to maintainer at SQL level - Migration updates existing groups to "owner", then sets default to "maintainer" so that new groups will default to that - Update spec examples --- spec/factories/groups.rb | 1 - spec/requests/api/groups_spec.rb | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb index 947392b4fbc..b67ab955ffc 100644 --- a/spec/factories/groups.rb +++ b/spec/factories/groups.rb @@ -5,7 +5,6 @@ FactoryBot.define do type 'Group' owner nil project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS - subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS after(:create) do |group| if group.owner diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index c41408fba65..52d926d5484 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -803,10 +803,10 @@ describe API::Groups do group2.add_maintainer(user1) end - it 'cannot create subgroups' do + it 'can create subgroups' do post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' } - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(201) end end end -- cgit v1.2.1 From 9f9a9c56c0109f7567d520de960bf17ff9667d38 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Mon, 1 Jul 2019 09:55:00 -0700 Subject: Fix group creat_service_spec to contain maintainer context --- spec/services/groups/create_service_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index 267ad529d3b..b4e6ddddfac 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -89,9 +89,9 @@ describe Groups::CreateService, '#execute' do it { is_expected.to be_persisted } end - context 'as Owner' do + context 'as maintainer' do before do - group.add_owner(user) + group.add_maintainer(user) end it { is_expected.to be_persisted } -- cgit v1.2.1 From de906e3614167e48e618275f846cea5a191a96f3 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 5 Jul 2019 12:43:58 -0700 Subject: Regenerate locale strings --- locale/gitlab.pot | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 7b742660a4c..913bf014ba7 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -10135,6 +10135,18 @@ msgstr "" msgid "StorageSize|Unknown" msgstr "" +msgid "SubgroupCreationLevel|Allowed to create subgroups" +msgstr "" + +msgid "SubgroupCreationlevel|Allowed to create subgroups" +msgstr "" + +msgid "SubgroupCreationlevel|Maintainers" +msgstr "" + +msgid "SubgroupCreationlevel|Owners" +msgstr "" + msgid "Subgroups" msgstr "" -- cgit v1.2.1 From 039e5348d0aaf45795e0ebf5d74ec59eb00dc91f Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Wed, 10 Jul 2019 12:27:12 -0700 Subject: Make Group#subgroup_creation_level return Owner if it is nil in DB --- app/models/group.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/group.rb b/app/models/group.rb index 3f80c1373f1..37f30552b39 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -417,7 +417,7 @@ class Group < Namespace end def subgroup_creation_level - super || ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS + super || ::Gitlab::Access::OWNER_SUBGROUP_ACCESS end private -- cgit v1.2.1 From dcb5bd2eb1e8b4da22063c5f131e986b5c7ab3f5 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 12 Jul 2019 10:48:38 -0700 Subject: Add a link from the permissions table to the subgroups/creating a subgroup section --- doc/user/permissions.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 07122cd90d7..044be05b932 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -216,7 +216,8 @@ group. | Delete group epic **(ULTIMATE)** | | | | | ✓ | | View group Audit Events | | | | | ✓ | -- (1): Groups can be set to allow either Owners or Owners and Maintainers to create subgroups +- (1): Groups can be set to [allow either Owners or Owners and + Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup) ### Subgroup permissions -- cgit v1.2.1 From 8264f4699ba8fbefae1011fd23adc65621735dc8 Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 19 Jul 2019 18:22:09 +0000 Subject: Apply suggestion to doc/user/group/subgroups/index.md --- doc/user/group/subgroups/index.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index b9313ccdb1e..b31851aa151 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -74,10 +74,15 @@ structure. ## Creating a subgroup -To create a subgroup you must either be an Owner or a Maintainer of the group, -depending on the group's setting. By default groups allow both Owners and -Maintainers to create subgroups, but this can be changed by an Owner or -Administrator to only allow Owners to create subgroups. +To create a subgroup you must either be an Owner or a Maintainer of the +group, depending on the group's setting. + +By default, groups created in: + +- GitLab 12.2 or later allow both Owners and Maintainers to create subgroups. +- GitLab 12.1 or earlier only allow Owners to create subgroups. + +This setting can be for any group by an Owner or Administrator. For more information check the [permissions table](../../permissions.md#group-members-permissions). For a list -- cgit v1.2.1 From 6c4ddc409fe95215502b6427452715edd31b41ab Mon Sep 17 00:00:00 2001 From: Fabio Papa Date: Fri, 19 Jul 2019 14:59:36 -0700 Subject: Resolve some issues in MR --- spec/services/groups/create_service_spec.rb | 1 - spec/support/shared_contexts/policies/group_policy_shared_context.rb | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb index b4e6ddddfac..a7c95428485 100644 --- a/spec/services/groups/create_service_spec.rb +++ b/spec/services/groups/create_service_spec.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # frozen_string_literal: true require 'spec_helper' diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 599c912ce00..74389c4d82b 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -20,8 +20,8 @@ RSpec.shared_context 'GroupPolicy context' do let(:developer_permissions) { [:admin_milestone] } let(:maintainer_permissions) do %i[ - create_projects read_cluster create_cluster update_cluster - admin_cluster add_cluster + create_projects + read_cluster create_cluster update_cluster admin_cluster add_cluster ] end let(:owner_permissions) do -- cgit v1.2.1 From e1644da6f08cae0158d7a159c9f48d5575baf632 Mon Sep 17 00:00:00 2001 From: Walmyr Lima Date: Fri, 19 Jul 2019 21:49:37 +0200 Subject: Standardize Page Objects use on CE Plan Tests This is a first iteration to address the following issue: https://gitlab.com/gitlab-org/quality/team-tasks/issues/168 Note: depends on https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30945 --- .../2_plan/issue/check_mentions_for_xss_spec.rb | 8 ++++---- .../issue/collapse_comments_in_discussions_spec.rb | 22 +++++++++++----------- .../browser_ui/2_plan/issue/comment_issue_spec.rb | 12 ++++++------ .../2_plan/issue/filter_issue_comments_spec.rb | 22 +++++++++++----------- .../2_plan/issue/issue_suggestions_spec.rb | 10 +++++----- 5 files changed, 37 insertions(+), 37 deletions(-) diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb index afddbff75bd..d412125bb68 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb @@ -30,12 +30,12 @@ module QA end it 'user mentions a user in comment' do - Page::Project::Issue::Show.perform do |show_page| - show_page.select_all_activities_filter - show_page.comment('cc-ing you here @eve') + Page::Project::Issue::Show.perform do |show| + show.select_all_activities_filter + show.comment('cc-ing you here @eve') expect do - expect(show_page).to have_content("cc-ing you here") + expect(show).to have_content("cc-ing you here") end.not_to raise_error # Selenium::WebDriver::Error::UnhandledAlertError end end diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/collapse_comments_in_discussions_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/collapse_comments_in_discussions_spec.rb index e8fdffeeeab..ad70f6813fb 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/collapse_comments_in_discussions_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/collapse_comments_in_discussions_spec.rb @@ -15,28 +15,28 @@ module QA issue.visit! - Page::Project::Issue::Show.perform do |show_page| + Page::Project::Issue::Show.perform do |show| my_first_discussion = 'My first discussion' - show_page.select_all_activities_filter - show_page.start_discussion(my_first_discussion) + show.select_all_activities_filter + show.start_discussion(my_first_discussion) page.assert_text(my_first_discussion) - show_page.reply_to_discussion(my_first_reply) + show.reply_to_discussion(my_first_reply) page.assert_text(my_first_reply) end end it 'user collapses and expands reply for comments in an issue' do - Page::Project::Issue::Show.perform do |show_page| + Page::Project::Issue::Show.perform do |show| one_reply = "1 reply" - show_page.collapse_replies - expect(show_page).to have_content(one_reply) - expect(show_page).not_to have_content(my_first_reply) + show.collapse_replies + expect(show).to have_content(one_reply) + expect(show).not_to have_content(my_first_reply) - show_page.expand_replies - expect(show_page).to have_content(my_first_reply) - expect(show_page).not_to have_content(one_reply) + show.expand_replies + expect(show).to have_content(my_first_reply) + expect(show).not_to have_content(one_reply) end end end diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/comment_issue_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/comment_issue_spec.rb index 78919561a89..0b1bd00ac8d 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/comment_issue_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/comment_issue_spec.rb @@ -14,18 +14,18 @@ module QA end it 'user comments on an issue and edits the comment' do - Page::Project::Issue::Show.perform do |issue_show_page| + Page::Project::Issue::Show.perform do |show| first_version_of_comment = 'First version of the comment' second_version_of_comment = 'Second version of the comment' - issue_show_page.comment(first_version_of_comment) + show.comment(first_version_of_comment) - expect(issue_show_page).to have_content(first_version_of_comment) + expect(show).to have_content(first_version_of_comment) - issue_show_page.edit_comment(second_version_of_comment) + show.edit_comment(second_version_of_comment) - expect(issue_show_page).to have_content(second_version_of_comment) - expect(issue_show_page).not_to have_content(first_version_of_comment) + expect(show).to have_content(second_version_of_comment) + expect(show).not_to have_content(first_version_of_comment) end end end diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/filter_issue_comments_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/filter_issue_comments_spec.rb index 6f5b6893248..317e31feea8 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/filter_issue_comments_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/filter_issue_comments_spec.rb @@ -17,25 +17,25 @@ module QA end it 'user filters comments and activities in an issue' do - Page::Project::Issue::Show.perform do |show_page| + Page::Project::Issue::Show.perform do |show| my_own_comment = "My own comment" made_the_issue_confidential = "made the issue confidential" - show_page.comment('/confidential', filter: :comments_only) - show_page.comment(my_own_comment, filter: :comments_only) + show.comment('/confidential', filter: :comments_only) + show.comment(my_own_comment, filter: :comments_only) - expect(show_page).not_to have_content(made_the_issue_confidential) - expect(show_page).to have_content(my_own_comment) + expect(show).not_to have_content(made_the_issue_confidential) + expect(show).to have_content(my_own_comment) - show_page.select_all_activities_filter + show.select_all_activities_filter - expect(show_page).to have_content(made_the_issue_confidential) - expect(show_page).to have_content(my_own_comment) + expect(show).to have_content(made_the_issue_confidential) + expect(show).to have_content(my_own_comment) - show_page.select_history_only_filter + show.select_history_only_filter - expect(show_page).to have_content(made_the_issue_confidential) - expect(show_page).not_to have_content(my_own_comment) + expect(show).to have_content(made_the_issue_confidential) + expect(show).not_to have_content(my_own_comment) end end end diff --git a/qa/qa/specs/features/browser_ui/2_plan/issue/issue_suggestions_spec.rb b/qa/qa/specs/features/browser_ui/2_plan/issue/issue_suggestions_spec.rb index 694a3ffb54b..c42c2cedde0 100644 --- a/qa/qa/specs/features/browser_ui/2_plan/issue/issue_suggestions_spec.rb +++ b/qa/qa/specs/features/browser_ui/2_plan/issue/issue_suggestions_spec.rb @@ -24,12 +24,12 @@ module QA it 'user sees issue suggestions when creating a new issue' do Page::Project::Show.perform(&:go_to_new_issue) - Page::Project::Issue::New.perform do |new_issue_page| - new_issue_page.add_title("issue") - expect(new_issue_page).to have_content(issue_title) + Page::Project::Issue::New.perform do |new| + new.add_title("issue") + expect(new).to have_content(issue_title) - new_issue_page.add_title("Issue Board") - expect(new_issue_page).not_to have_content(issue_title) + new.add_title("Issue Board") + expect(new).not_to have_content(issue_title) end end end -- cgit v1.2.1 From ee01f095a47befaa0c7444ae14b45e0545ce54cd Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sat, 20 Jul 2019 23:06:32 +0800 Subject: Fix merge_request value in -30974-issue-search-by-number.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There was an syntax issue here which caused it can't be parsed properly. cc !28302 yaml-lint(https://www.npmjs.com/package/yaml-lint): ``` ✖ unknown tag ! at line 4, column 1: author: Riccardo Padovani ^ ``` Online YAML Parser:(https://yaml-online-parser.appspot.com/) ``` ERROR: could not determine a constructor for the tag '!28302' in "", line 3, column 16: merge_request: !28302 ... ^ ``` --- changelogs/unreleased/-30974-issue-search-by-number.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/unreleased/-30974-issue-search-by-number.yml b/changelogs/unreleased/-30974-issue-search-by-number.yml index 1e6642ec102..da50ee32c83 100644 --- a/changelogs/unreleased/-30974-issue-search-by-number.yml +++ b/changelogs/unreleased/-30974-issue-search-by-number.yml @@ -1,5 +1,5 @@ --- title: "Search issuables by iids" -merge_request: !28302 +merge_request: 28302 author: Riccardo Padovani type: fixed -- cgit v1.2.1 From 592e042369fca677933ae22154b4b7cee0200ecd Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sat, 20 Jul 2019 23:11:21 +0800 Subject: Remove filename leading slash of -30974-issue-search-by-number.yml The leading slash will cause some not friendly command line behavier, for example: vim: ``` ~/gitlab-ce/changelogs/unreleased $ vim -30974-issue-search-by-number.yml VIM - Vi IMproved 7.4 (2013 Aug 10, compiled Jun 07 2019 15:35:43) Unknown option argument: "-30974-issue-search-by-number.yml" More info with: "vim -h" ``` git: ``` ~/gitlab-ce/changelogs/unreleased $ git add -30974-issue-search-by-number.yml error: unknown switch `3' usage: git add [] [--] ... -n, --dry-run dry run -v, --verbose be verbose -i, --interactive interactive picking -p, --patch select hunks interactively -e, --edit edit current diff and apply -f, --force allow adding otherwise ignored files -u, --update update tracked files -N, --intent-to-add record only the fact that the path will be added later -A, --all add changes from all tracked and untracked files --ignore-removal ignore paths removed in the working tree (same as --no-all) --refresh don't add, only refresh the index --ignore-errors just skip files which cannot be added because of errors --ignore-missing check if - even missing - files are ignored in dry run ``` There's no other unreleased changelog has a filename with leading slash, so I think this one should be corrected. cc !28302 --- changelogs/unreleased/-30974-issue-search-by-number.yml | 5 ----- changelogs/unreleased/30974-issue-search-by-number.yml | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 changelogs/unreleased/-30974-issue-search-by-number.yml create mode 100644 changelogs/unreleased/30974-issue-search-by-number.yml diff --git a/changelogs/unreleased/-30974-issue-search-by-number.yml b/changelogs/unreleased/-30974-issue-search-by-number.yml deleted file mode 100644 index da50ee32c83..00000000000 --- a/changelogs/unreleased/-30974-issue-search-by-number.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Search issuables by iids" -merge_request: 28302 -author: Riccardo Padovani -type: fixed diff --git a/changelogs/unreleased/30974-issue-search-by-number.yml b/changelogs/unreleased/30974-issue-search-by-number.yml new file mode 100644 index 00000000000..da50ee32c83 --- /dev/null +++ b/changelogs/unreleased/30974-issue-search-by-number.yml @@ -0,0 +1,5 @@ +--- +title: "Search issuables by iids" +merge_request: 28302 +author: Riccardo Padovani +type: fixed -- cgit v1.2.1 From a7fa9bc248bda1044113e33f9ff0eca8938af0b2 Mon Sep 17 00:00:00 2001 From: Rayana Verissimo Date: Sat, 20 Jul 2019 17:50:35 +0000 Subject: Update tooltip values to meet design specs --- app/assets/stylesheets/framework/tooltips.scss | 5 ++--- app/assets/stylesheets/framework/variables_overrides.scss | 4 ++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/assets/stylesheets/framework/tooltips.scss b/app/assets/stylesheets/framework/tooltips.scss index 98f28987a82..edc2fb532c8 100644 --- a/app/assets/stylesheets/framework/tooltips.scss +++ b/app/assets/stylesheets/framework/tooltips.scss @@ -1,7 +1,6 @@ .tooltip-inner { - font-size: $tooltip-font-size; + font-size: $gl-font-size-small; border-radius: $border-radius-default; - line-height: 16px; + line-height: $gl-line-height; font-weight: $gl-font-weight-normal; - padding: 8px; } diff --git a/app/assets/stylesheets/framework/variables_overrides.scss b/app/assets/stylesheets/framework/variables_overrides.scss index ea96381a098..604b48e11ab 100644 --- a/app/assets/stylesheets/framework/variables_overrides.scss +++ b/app/assets/stylesheets/framework/variables_overrides.scss @@ -48,3 +48,7 @@ $spacers: ( 9: ($spacer * 8) ); $pagination-color: $gl-text-color; +$tooltip-padding-y: 0.5rem; +$tooltip-padding-x: 0.75rem; +$tooltip-arrow-height: 0.5rem; +$tooltip-arrow-width: 1rem; -- cgit v1.2.1 From 785b9b02ded3d2e973afc3c7d12e1a126a23240c Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Mon, 22 Jul 2019 01:49:37 +0000 Subject: Fix unordered list spacing Correct the spacing of unordered markdown lists in docs, to maintain standards of documentation, in /user and others. --- doc/administration/gitaly/index.md | 2 +- doc/ci/introduction/index.md | 36 ++++++++++++++-------------- doc/user/clusters/applications.md | 12 +++++----- doc/user/group/subgroups/index.md | 40 +++++++++++++++---------------- doc/user/project/badges.md | 16 ++++++------- doc/user/project/cycle_analytics.md | 14 +++++------ doc/user/project/import/svn.md | 10 ++++---- doc/user/project/index.md | 18 +++++++------- doc/user/project/integrations/mock_ci.md | 4 ++-- doc/user/project/integrations/webhooks.md | 14 +++++------ doc/user/project/issue_board.md | 8 +++---- doc/user/project/pages/introduction.md | 26 ++++++++++---------- doc/user/search/advanced_search_syntax.md | 6 ++--- doc/user/search/index.md | 10 ++++---- doc/workflow/forking_workflow.md | 34 +++++++++++--------------- doc/workflow/repository_mirroring.md | 12 +++++----- 16 files changed, 128 insertions(+), 134 deletions(-) diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index 0ef88a26ab9..0f547ef03bf 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -359,7 +359,7 @@ To configure Gitaly with TLS: gitaly['tls_listen_addr'] = "0.0.0.0:9999" gitaly['certificate_path'] = "path/to/cert.pem" gitaly['key_path'] = "path/to/key.pem" - ``` + ``` 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). diff --git a/doc/ci/introduction/index.md b/doc/ci/introduction/index.md index fc89f0fc94f..6401ff90a0a 100644 --- a/doc/ci/introduction/index.md +++ b/doc/ci/introduction/index.md @@ -146,14 +146,14 @@ so, GitLab CI/CD: - Runs automated scripts (sequential or parallel) to: - Build and test your app. - Preview the changes per merge request with Review Apps, as you - would see in your `localhost`. + would see in your `localhost`. Once you're happy with your implementation: - Get your code reviewed and approved. - Merge the feature branch into the default branch. - GitLab CI/CD deploys your changes automatically to a production environment. -- And finally, you and your team can easily roll it back if something goes wrong. +- And finally, you and your team can easily roll it back if something goes wrong. ![GitLab workflow example](img/gitlab_workflow_example_11_9.png) @@ -176,24 +176,24 @@ you'll see some of the features available in GitLab according to each stage (Verify, Package, Release). 1. **Verify**: - - Automatically build and test your application with Continuous Integration. - - Analyze your source code quality with [GitLab Code Quality](../../user/project/merge_requests/code_quality.md). **(STARTER)** - - Determine the performance impact of code changes with [Browser Performance Testing](../../user/project/merge_requests/browser_performance_testing.md). **(PREMIUM)** - - Perform a series of tests, such as [Container Scanning](../../user/application_security/container_scanning/index.md) **(ULTIMATE)**, [Dependency Scanning](../../user/application_security/dependency_scanning/index.md) **(ULTIMATE)**, and [JUnit tests](../junit_test_reports.md). - - Deploy your changes with [Review Apps](../review_apps/index.md) to preview the app changes on every branch. + - Automatically build and test your application with Continuous Integration. + - Analyze your source code quality with [GitLab Code Quality](../../user/project/merge_requests/code_quality.md). **(STARTER)** + - Determine the performance impact of code changes with [Browser Performance Testing](../../user/project/merge_requests/browser_performance_testing.md). **(PREMIUM)** + - Perform a series of tests, such as [Container Scanning](../../user/application_security/container_scanning/index.md) **(ULTIMATE)**, [Dependency Scanning](../../user/application_security/dependency_scanning/index.md) **(ULTIMATE)**, and [JUnit tests](../junit_test_reports.md). + - Deploy your changes with [Review Apps](../review_apps/index.md) to preview the app changes on every branch. 1. **Package**: - - Store Docker images with [Container Registry](../../user/project/container_registry.md). - - Store NPM packages with [NPM Registry](../../user/project/packages/npm_registry.md). **(PREMIUM)** - - Store Maven artifacts with [Maven Repository](../../user/project/packages/maven_repository.md). **(PREMIUM)** + - Store Docker images with [Container Registry](../../user/project/container_registry.md). + - Store NPM packages with [NPM Registry](../../user/project/packages/npm_registry.md). **(PREMIUM)** + - Store Maven artifacts with [Maven Repository](../../user/project/packages/maven_repository.md). **(PREMIUM)** 1. **Release**: - - Continuous Deployment, automatically deploying your app to production. - - Continuous Delivery, manually click to deploy your app to production. - - Deploy static websites with [GitLab Pages](../../user/project/pages/index.md). - - Ship features to only a portion of your pods and let a percentage of your user base to visit the temporarily deployed feature with [Canary Deployments](../../user/project/canary_deployments.md). **(PREMIUM)** - - Deploy your features behind [Feature Flags](../../user/project/operations/feature_flags.md). **(PREMIUM)** - - Add release notes to any Git tag with [GitLab Releases](../../user/project/releases/index.md). - - View of the current health and status of each CI environment running on Kubernetes with [Deploy Boards](../../user/project/deploy_boards.md). **(PREMIUM)** - - Deploy your application to a production environment in a Kubernetes cluster with [Auto Deploy](../../topics/autodevops/index.md#auto-deploy). + - Continuous Deployment, automatically deploying your app to production. + - Continuous Delivery, manually click to deploy your app to production. + - Deploy static websites with [GitLab Pages](../../user/project/pages/index.md). + - Ship features to only a portion of your pods and let a percentage of your user base to visit the temporarily deployed feature with [Canary Deployments](../../user/project/canary_deployments.md). **(PREMIUM)** + - Deploy your features behind [Feature Flags](../../user/project/operations/feature_flags.md). **(PREMIUM)** + - Add release notes to any Git tag with [GitLab Releases](../../user/project/releases/index.md). + - View of the current health and status of each CI environment running on Kubernetes with [Deploy Boards](../../user/project/deploy_boards.md). **(PREMIUM)** + - Deploy your application to a production environment in a Kubernetes cluster with [Auto Deploy](../../topics/autodevops/index.md#auto-deploy). With GitLab CI/CD you can also: diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 6956086c382..d5c836554ce 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -19,8 +19,8 @@ This namespace: To see a list of available applications to install: 1. For a: - - Project-level cluster, navigate to your project's **Operations > Kubernetes**. - - Group-level cluster, navigate to your group's **Kubernetes** page. + - Project-level cluster, navigate to your project's **Operations > Kubernetes**. + - Group-level cluster, navigate to your group's **Kubernetes** page. Install Helm first as it's used to install other applications. @@ -232,8 +232,8 @@ The applications below can be upgraded. To upgrade an application: 1. For a: - - Project-level cluster, navigate to your project's **Operations > Kubernetes**. - - Group-level cluster, navigate to your group's **Kubernetes** page. + - Project-level cluster, navigate to your project's **Operations > Kubernetes**. + - Group-level cluster, navigate to your group's **Kubernetes** page. 1. Select your cluster. 1. If an upgrade is available, the **Upgrade** button is displayed. Click the button to upgrade. @@ -259,8 +259,8 @@ The applications below can be uninstalled. To uninstall an application: 1. For a: - - Project-level cluster, navigate to your project's **Operations > Kubernetes**. - - Group-level cluster, navigate to your group's **Kubernetes** page. + - Project-level cluster, navigate to your project's **Operations > Kubernetes**. + - Group-level cluster, navigate to your group's **Kubernetes** page. 1. Select your cluster. 1. Click the **Uninstall** button for the application. diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 1c6cca049c5..7c80c4b7928 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -28,39 +28,39 @@ only 1 parent group. It resembles a directory behavior or a nested items list: - Group 1 - Group 1.1 - Group 1.2 - - Group 1.2.1 - - Group 1.2.2 - - Group 1.2.2.1 + - Group 1.2.1 + - Group 1.2.2 + - Group 1.2.2.1 In a real world example, imagine maintaining a GNU/Linux distribution with the first group being the name of the distribution, and subsequent groups split as follows: - Organization Group - GNU/Linux distro - Category Subgroup - Packages - - (project) Package01 - - (project) Package02 + - (project) Package01 + - (project) Package02 - Category Subgroup - Software - - (project) Core - - (project) CLI - - (project) Android app - - (project) iOS app + - (project) Core + - (project) CLI + - (project) Android app + - (project) iOS app - Category Subgroup - Infra tools - - (project) Ansible playbooks + - (project) Ansible playbooks Another example of GitLab as a company would be the following: - Organization Group - GitLab - Category Subgroup - Marketing - - (project) Design - - (project) General + - (project) Design + - (project) General - Category Subgroup - Software - - (project) GitLab CE - - (project) GitLab EE - - (project) Omnibus GitLab - - (project) GitLab Runner - - (project) GitLab Pages daemon + - (project) GitLab CE + - (project) GitLab EE + - (project) Omnibus GitLab + - (project) GitLab Runner + - (project) GitLab Pages daemon - Category Subgroup - Infra tools - - (project) Chef cookbooks + - (project) Chef cookbooks - Category Subgroup - Executive team --- @@ -88,13 +88,13 @@ To create a subgroup: 1. In the group's dashboard expand the **New project** split button, select **New subgroup** and click the **New subgroup** button. - ![Subgroups page](img/create_subgroup_button.png) + ![Subgroups page](img/create_subgroup_button.png) 1. Create a new group like you would normally do. Notice that the parent group namespace is fixed under **Group path**. The visibility level can differ from the parent group. - ![Subgroups page](img/create_new_group.png) + ![Subgroups page](img/create_new_group.png) 1. Click the **Create group** button and you will be taken to the new group's dashboard page. diff --git a/doc/user/project/badges.md b/doc/user/project/badges.md index 8849dd2d684..cd3e5f5a63c 100644 --- a/doc/user/project/badges.md +++ b/doc/user/project/badges.md @@ -17,10 +17,10 @@ If you find that you have to add the same badges to several projects, you may wa To add a new badge to a project: -1. Navigate to your project's **Settings > General > Badges**. -1. Under "Link", enter the URL that the badges should point to and under - "Badge image URL" the URL of the image that should be displayed. -1. Submit the badge by clicking the **Add badge** button. +1. Navigate to your project's **Settings > General > Badges**. +1. Under "Link", enter the URL that the badges should point to and under + "Badge image URL" the URL of the image that should be displayed. +1. Submit the badge by clicking the **Add badge** button. After adding a badge to a project, you can see it in the list below the form. You can edit it by clicking on the pen icon next to it or to delete it by @@ -39,10 +39,10 @@ project, consider adding them on the [project level](#project-badges) or use To add a new badge to a group: -1. Navigate to your group's **Settings > General > Badges**. -1. Under "Link", enter the URL that the badges should point to and under - "Badge image URL" the URL of the image that should be displayed. -1. Submit the badge by clicking the **Add badge** button. +1. Navigate to your group's **Settings > General > Badges**. +1. Under "Link", enter the URL that the badges should point to and under + "Badge image URL" the URL of the image that should be displayed. +1. Submit the badge by clicking the **Add badge** button. After adding a badge to a group, you can see it in the list below the form. You can edit the badge by clicking on the pen icon next to it or to delete it diff --git a/doc/user/project/cycle_analytics.md b/doc/user/project/cycle_analytics.md index 5d36e1d4be3..6707b88c317 100644 --- a/doc/user/project/cycle_analytics.md +++ b/doc/user/project/cycle_analytics.md @@ -21,19 +21,19 @@ Analytics** tab. There are seven stages that are tracked as part of the Cycle Analytics calculations. - **Issue** (Tracker) - - Time to schedule an issue (by milestone or by adding it to an issue board) + - Time to schedule an issue (by milestone or by adding it to an issue board) - **Plan** (Board) - - Time to first commit + - Time to first commit - **Code** (IDE) - - Time to create a merge request + - Time to create a merge request - **Test** (CI) - - Time it takes GitLab CI/CD to test your code + - Time it takes GitLab CI/CD to test your code - **Review** (Merge Request/MR) - - Time spent on code review + - Time spent on code review - **Staging** (Continuous Deployment) - - Time between merging and deploying to production + - Time between merging and deploying to production - **Production** (Total) - - Total lifecycle time; i.e. the velocity of the project or team + - Total lifecycle time; i.e. the velocity of the project or team ## How the data is measured diff --git a/doc/user/project/import/svn.md b/doc/user/project/import/svn.md index 7359487e1bf..d175ee87f26 100644 --- a/doc/user/project/import/svn.md +++ b/doc/user/project/import/svn.md @@ -9,13 +9,13 @@ between the two, for more information consult your favorite search engine. There are two approaches to SVN to Git migration: 1. [Git/SVN Mirror](#smooth-migration-with-a-gitsvn-mirror-using-subgit) which: - - Makes the GitLab repository to mirror the SVN project. - - Git and SVN repositories are kept in sync; you can use either one. - - Smoothens the migration process and allows to manage migration risks. + - Makes the GitLab repository to mirror the SVN project. + - Git and SVN repositories are kept in sync; you can use either one. + - Smoothens the migration process and allows to manage migration risks. 1. [Cut over migration](#cut-over-migration-with-svn2git) which: - - Translates and imports the existing data and history from SVN to Git. - - Is a fire and forget approach, good for smaller teams. + - Translates and imports the existing data and history from SVN to Git. + - Is a fire and forget approach, good for smaller teams. ## Smooth migration with a Git/SVN mirror using SubGit diff --git a/doc/user/project/index.md b/doc/user/project/index.md index 7307c5b8991..45e96437517 100644 --- a/doc/user/project/index.md +++ b/doc/user/project/index.md @@ -66,15 +66,15 @@ When you create a project in GitLab, you'll have access to a large number of to automatically set up your app's deployment - [Enable and disable GitLab CI](../../ci/enable_or_disable_ci.md) - [Pipelines](../../ci/pipelines.md): Configure and visualize - your GitLab CI/CD pipelines from the UI - - [Scheduled Pipelines](pipelines/schedules.md): Schedule a pipeline - to start at a chosen time - - [Pipeline Graphs](../../ci/pipelines.md#visualizing-pipelines): View your - entire pipeline from the UI - - [Job artifacts](pipelines/job_artifacts.md): Define, - browse, and download job artifacts - - [Pipeline settings](pipelines/settings.md): Set up Git strategy (choose the default way your repository is fetched from GitLab in a job), - timeout (defines the maximum amount of time in minutes that a job is able run), custom path for `.gitlab-ci.yml`, test coverage parsing, pipeline's visibility, and much more + your GitLab CI/CD pipelines from the UI + - [Scheduled Pipelines](pipelines/schedules.md): Schedule a pipeline + to start at a chosen time + - [Pipeline Graphs](../../ci/pipelines.md#visualizing-pipelines): View your + entire pipeline from the UI + - [Job artifacts](pipelines/job_artifacts.md): Define, + browse, and download job artifacts + - [Pipeline settings](pipelines/settings.md): Set up Git strategy (choose the default way your repository is fetched from GitLab in a job), + timeout (defines the maximum amount of time in minutes that a job is able run), custom path for `.gitlab-ci.yml`, test coverage parsing, pipeline's visibility, and much more - [Kubernetes cluster integration](clusters/index.md): Connecting your GitLab project with a Kubernetes cluster - [Feature Flags](operations/feature_flags.md): Feature flags allow you to ship a project in diff --git a/doc/user/project/integrations/mock_ci.md b/doc/user/project/integrations/mock_ci.md index 1c64b275d6e..886094a6531 100644 --- a/doc/user/project/integrations/mock_ci.md +++ b/doc/user/project/integrations/mock_ci.md @@ -5,9 +5,9 @@ To set up the mock CI service server, respond to the following endpoints - `commit_status`: `#{project.namespace.path}/#{project.path}/status/#{sha}.json` - - Have your service return `200 { status: ['failed'|'canceled'|'running'|'pending'|'success'|'success-with-warnings'|'skipped'|'not_found'] }` + - Have your service return `200 { status: ['failed'|'canceled'|'running'|'pending'|'success'|'success-with-warnings'|'skipped'|'not_found'] }` - If the service returns a 404, it is interpreted as `pending` - `build_page`: `#{project.namespace.path}/#{project.path}/status/#{sha}` - - Just where the build is linked to, doesn't matter if implemented + - Just where the build is linked to, doesn't matter if implemented For an example of a mock CI server, see [`gitlab-org/gitlab-mock-ci-service`](https://gitlab.com/gitlab-org/gitlab-mock-ci-service) diff --git a/doc/user/project/integrations/webhooks.md b/doc/user/project/integrations/webhooks.md index 30940b65454..84adb9637fc 100644 --- a/doc/user/project/integrations/webhooks.md +++ b/doc/user/project/integrations/webhooks.md @@ -58,13 +58,13 @@ Navigate to the webhooks page by going to your project's If you are writing your own endpoint (web server) that will receive GitLab webhooks keep in mind the following things: -- Your endpoint should send its HTTP response as fast as possible. If - you wait too long, GitLab may decide the hook failed and retry it. -- Your endpoint should ALWAYS return a valid HTTP response. If you do - not do this then GitLab will think the hook failed and retry it. - Most HTTP libraries take care of this for you automatically but if - you are writing a low-level hook this is important to remember. -- GitLab ignores the HTTP status code returned by your endpoint. +- Your endpoint should send its HTTP response as fast as possible. If + you wait too long, GitLab may decide the hook failed and retry it. +- Your endpoint should ALWAYS return a valid HTTP response. If you do + not do this then GitLab will think the hook failed and retry it. + Most HTTP libraries take care of this for you automatically but if + you are writing a low-level hook this is important to remember. +- GitLab ignores the HTTP status code returned by your endpoint. ## Secret token diff --git a/doc/user/project/issue_board.md b/doc/user/project/issue_board.md index 422e4b71424..eaca5f8cfb8 100644 --- a/doc/user/project/issue_board.md +++ b/doc/user/project/issue_board.md @@ -143,10 +143,10 @@ Create lists for each of your team members and quickly drag-and-drop issues onto - **Issue Board** - Each board represents a unique view for your issues. It can have multiple lists with each list consisting of issues represented by cards. - **List** - A column on the issue board that displays issues matching certain attributes. In addition to the default lists of 'Open' and 'Closed' issue, each additional list will show issues matching your chosen label or assignee. On the top of that list you can see the number of issues that belong to it. - - **Label list**: a list based on a label. It shows all opened issues with that label. - - **Assignee list**: a list which includes all issues assigned to a user. - - **Open** (default): shows all open issues that do not belong to one of the other lists. Always appears as the leftmost list. - - **Closed** (default): shows all closed issues. Always appears as the rightmost list. + - **Label list**: a list based on a label. It shows all opened issues with that label. + - **Assignee list**: a list which includes all issues assigned to a user. + - **Open** (default): shows all open issues that do not belong to one of the other lists. Always appears as the leftmost list. + - **Closed** (default): shows all closed issues. Always appears as the rightmost list. - **Card** - A box in the list that represents an individual issue. The information you can see on a card consists of the issue number, the issue title, the assignee, and the labels associated with the issue. You can drag cards from one list to another to change their label or assignee from that of the source list to that of the destination list. ## Permissions diff --git a/doc/user/project/pages/introduction.md b/doc/user/project/pages/introduction.md index 9451b5349c0..e8984cb8b9f 100644 --- a/doc/user/project/pages/introduction.md +++ b/doc/user/project/pages/introduction.md @@ -83,23 +83,23 @@ You can enable Pages access control on your project, so that only 1. Navigate to your project's **Settings > General > Permissions**. 1. Toggle the **Pages** button to enable the access control. - NOTE: **Note:** - If you don't see the toggle button, that means that it's not enabled. - Ask your administrator to [enable it](../../../administration/pages/index.md#access-control). + NOTE: **Note:** + If you don't see the toggle button, that means that it's not enabled. + Ask your administrator to [enable it](../../../administration/pages/index.md#access-control). 1. The Pages access control dropdown allows you to set who can view pages hosted with GitLab Pages, depending on your project's visibility: - - If your project is private: - - **Only project members**: Only project members will be able to browse the website. - - **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership. - - If your project is internal: - - **Only project members**: Only project members will be able to browse the website. - - **Everyone with access**: Everyone logged into GitLab will be able to browse the website, no matter their project membership. - - **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership. - - If your project is public: - - **Only project members**: Only project members will be able to browse the website. - - **Everyone with access**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership. + - If your project is private: + - **Only project members**: Only project members will be able to browse the website. + - **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership. + - If your project is internal: + - **Only project members**: Only project members will be able to browse the website. + - **Everyone with access**: Everyone logged into GitLab will be able to browse the website, no matter their project membership. + - **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership. + - If your project is public: + - **Only project members**: Only project members will be able to browse the website. + - **Everyone with access**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership. 1. Click **Save changes**. diff --git a/doc/user/search/advanced_search_syntax.md b/doc/user/search/advanced_search_syntax.md index ad9f065b19b..c3d22e4fd29 100644 --- a/doc/user/search/advanced_search_syntax.md +++ b/doc/user/search/advanced_search_syntax.md @@ -50,9 +50,9 @@ here's a quick guide: The Advanced Syntax Search also supports the use of filters. The available filters are: - - filename: Filters by filename. You can use the glob (`*`) operator for fuzzy matching. - - path: Filters by path. You can use the glob (`*`) operator for fuzzy matching. - - extension: Filters by extension in the filename. Please write the extension without a leading dot. Exact match only. +- filename: Filters by filename. You can use the glob (`*`) operator for fuzzy matching. +- path: Filters by path. You can use the glob (`*`) operator for fuzzy matching. +- extension: Filters by extension in the filename. Please write the extension without a leading dot. Exact match only. To use them, simply add them to your query in the format `:` without any spaces between the colon (`:`) and the value. diff --git a/doc/user/search/index.md b/doc/user/search/index.md index c34b9ae3d7e..8d7b4a429aa 100644 --- a/doc/user/search/index.md +++ b/doc/user/search/index.md @@ -55,12 +55,12 @@ Selecting **Any** does the opposite. It returns results that have a non-empty va You can filter issues and merge requests by specific terms included in titles or descriptions. - Syntax - - Searches look for all the words in a query, in any order. E.g.: searching - issues for `display bug` will return all issues matching both those words, in any order. - - To find the exact term, use double quotes: `"display bug"` + - Searches look for all the words in a query, in any order. E.g.: searching + issues for `display bug` will return all issues matching both those words, in any order. + - To find the exact term, use double quotes: `"display bug"` - Limitation - - For performance reasons, terms shorter than 3 chars are ignored. E.g.: searching - issues for `included in titles` is same as `included titles` + - For performance reasons, terms shorter than 3 chars are ignored. E.g.: searching + issues for `included in titles` is same as `included titles` ![filter issues by specific terms](img/issue_search_by_term.png) diff --git a/doc/workflow/forking_workflow.md b/doc/workflow/forking_workflow.md index 02be0ad191d..869a0a621c3 100644 --- a/doc/workflow/forking_workflow.md +++ b/doc/workflow/forking_workflow.md @@ -10,31 +10,25 @@ document more information about using branches to work together. Forking a project is in most cases a two-step process. -1. Click on the fork button located in the middle of the page or a project's - home page right next to the stars button. +1. Click on the fork button located in the middle of the page or a project's + home page right next to the stars button. - ![Fork button](img/forking_workflow_fork_button.png) + ![Fork button](img/forking_workflow_fork_button.png) - --- +1. Once you do that, you'll be presented with a screen where you can choose + the namespace to fork to. Only namespaces (groups and your own + namespace) where you have write access to, will be shown. Click on the + namespace to create your fork there. -1. Once you do that, you'll be presented with a screen where you can choose - the namespace to fork to. Only namespaces (groups and your own - namespace) where you have write access to, will be shown. Click on the - namespace to create your fork there. + ![Choose namespace](img/forking_workflow_choose_namespace.png) - ![Choose namespace](img/forking_workflow_choose_namespace.png) + **Note:** + If the namespace you chose to fork the project to has another project with + the same path name, you will be presented with a warning that the forking + could not be completed. Try to resolve the error and repeat the forking + process. - --- - - **Note:** - If the namespace you chose to fork the project to has another project with - the same path name, you will be presented with a warning that the forking - could not be completed. Try to resolve the error and repeat the forking - process. - - ![Path taken error](img/forking_workflow_path_taken_error.png) - - --- + ![Path taken error](img/forking_workflow_path_taken_error.png) After the forking is done, you can start working on the newly created repository. There, you will have full [Owner](../user/permissions.md) diff --git a/doc/workflow/repository_mirroring.md b/doc/workflow/repository_mirroring.md index 87ca46e94be..0b8e7d851b0 100644 --- a/doc/workflow/repository_mirroring.md +++ b/doc/workflow/repository_mirroring.md @@ -92,9 +92,9 @@ The repository will push soon. To force a push, click the appropriate button. 1. On the destination GitLab instance, create a [personal access token](../user/profile/personal_access_tokens.md) with `API` scope. 1. On the source GitLab instance: - 1. Fill in the **Git repository URL** field using this format: `https://oauth2@//.git`. - 1. Fill in **Password** field with the GitLab personal access token created on the destination GitLab instance. - 1. Click the **Mirror repository** button. + 1. Fill in the **Git repository URL** field using this format: `https://oauth2@//.git`. + 1. Fill in **Password** field with the GitLab personal access token created on the destination GitLab instance. + 1. Click the **Mirror repository** button. ## Pulling from a remote repository **(STARTER)** @@ -118,9 +118,9 @@ To configure mirror pulling for an existing project: 1. Select **Pull** from the **Mirror direction** dropdown. 1. Select an authentication method from the **Authentication method** dropdown, if necessary. 1. If necessary, check the following boxes: - - **Overwrite diverged branches**. - - **Trigger pipelines for mirror updates**. - - **Only mirror protected branches**. + - **Overwrite diverged branches**. + - **Trigger pipelines for mirror updates**. + - **Only mirror protected branches**. 1. Click the **Mirror repository** button to save the configuration. ![Repository mirroring pull settings screen - upper part](img/repository_mirroring_pull_settings_upper.png) -- cgit v1.2.1 From 917f9b4da0587d288c71143800cbeb8baa2dcb6e Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Mon, 22 Jul 2019 02:25:01 +0000 Subject: Document all the available options for SAST Port all info from: - security-products/sast/blob/master/docs/README.md - security-products/sast/blob/master/docs/analyzers.md --- doc/user/application_security/sast/analyzers.md | 143 ++++++++++++++++++++++++ doc/user/application_security/sast/index.md | 52 +++++++++ 2 files changed, 195 insertions(+) create mode 100644 doc/user/application_security/sast/analyzers.md diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md new file mode 100644 index 00000000000..59835aeba01 --- /dev/null +++ b/doc/user/application_security/sast/analyzers.md @@ -0,0 +1,143 @@ +--- +table_display_block: true +--- + +# SAST Analyzers **(ULTIMATE)** + +SAST relies on underlying third party tools that are wrapped into what we call +"Analyzers". An analyzer is a +[dedicated project](https://gitlab.com/gitlab-org/security-products/analyzers) +that wraps a particular tool to: + +- Expose its detection logic. +- Handle its execution. +- Convert its output to the common format. + +This is achieved by implementing the [common API](https://gitlab.com/gitlab-org/security-products/analyzers/common). + +SAST supports the following official analyzers: + +- [Bandit](https://gitlab.com/gitlab-org/security-products/analyzers/bandit) +- [Brakeman](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman) +- [ESLint (Javascript)](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) +- [SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT)](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) +- [Flawfinder](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder) +- [Gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) +- [NodeJsScan](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan) +- [PHP CS security-audit](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit) +- [Secrets (Gitleaks, TruffleHog & Diffence secret detectors)](https://gitlab.com/gitlab-org/security-products/analyzers/secrets) +- [Security Code Scan (.NET)](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan) +- [TSLint (Typescript)](https://gitlab.com/gitlab-org/security-products/analyzers/tslint) +- [Sobelow (Elixir Phoenix)](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow) + +The analyzers are published as Docker images that SAST will use to launch +dedicated containers for each analysis. + +SAST is pre-configured with a set of **default images** that are maintained by +GitLab, but users can also integrate their own **custom images**. + +## Official default analyzers + +Any custom change to the official analyzers can be achieved by using an +[environment variable in your `.gitlab-ci.yml`](index.md#customizing-the-sast-settings). + +### Using a custom Docker mirror + +You can switch to a custom Docker registry that provides the official analyzer +images under a different prefix. For instance, the following instructs +SAST to pull `my-docker-registry/gl-images/bandit` +instead of `registry.gitlab.com/gitlab-org/security-products/analyzers/bandit`. +In `.gitlab-ci.yml` define: + +```yaml +include: + template: SAST.gitlab-ci.yml + +variables: + SAST_ANALYZER_IMAGE_PREFIX: my-docker-registry/gl-images +``` + +This configuration requires that your custom registry provides images for all +the official analyzers. + +### Selecting specific analyzers + +You can select the official analyzers you want to run. Here's how to enable +`bandit` and `flawfinder` while disabling all the other default ones. +In `.gitlab-ci.yml` define: + +```yaml +include: + template: SAST.gitlab-ci.yml + +variables: + SAST_DEFAULT_ANALYZERS: "bandit,flawfinder" +``` + +`bandit` runs first. When merging the reports, SAST will +remove the duplicates and will keep the `bandit` entries. + +### Disabling default analyzers + +Setting `SAST_DEFAULT_ANALYZERS` to an empty string will disable all the official +default analyzers. In `.gitlab-ci.yml` define: + +```yaml +include: + template: SAST.gitlab-ci.yml + +variables: + SAST_DEFAULT_ANALYZERS: "" +``` + +That's needed when one totally relies on [custom analyzers](#custom-analyzers). + +## Custom Analyzers + +You can provide your own analyzers as a comma separated list of Docker images. +Here's how to add `analyzers/csharp` and `analyzers/perl` to the default images: +In `.gitlab-ci.yml` define: + +```yaml +include: + template: SAST.gitlab-ci.yml + +variables: + SAST_ANALYZER_IMAGES: "my-docker-registry/analyzers/csharp,amy-docker-registry/analyzers/perl" +``` + +The values must be the full path to the container registry images, +like what you would feed to the `docker pull` command. + +NOTE: **Note:** +This configuration doesn't benefit from the integrated detection step. +SAST has to fetch and spawn each Docker image to establish whether the +custom analyzer can scan the source code. + +## Analyzers Data + +| Property \ Tool | Bandit | Brakeman | ESLint security | Find Sec Bugs | Flawfinder | Go AST Scanner | NodeJsScan | Php CS Security Audit | Security code Scan (.NET) | TSLint Security | Sobelow | +| --------------------------------------- | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :------------------: | :---------------------: | :-------------------------: | :-------------: | :----------------: | +| Severity | ✓ | 𐄂 | 𐄂 | ✓ | 𐄂 | ✓ | 𐄂 | ✓ | 𐄂 | ✓ | 𐄂 | +| Title | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Description | 𐄂 | 𐄂 | ✓ | ✓ | 𐄂 | 𐄂 | ✓ | 𐄂 | 𐄂 | ✓ | ✓ | +| File | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Start line | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| End line | ✓ | 𐄂 | ✓ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | ✓ | 𐄂 | +| Start column | 𐄂 | 𐄂 | ✓ | ✓ | ✓ | ✓ | 𐄂 | ✓ | ✓ | ✓ | 𐄂 | +| End column | 𐄂 | 𐄂 | ✓ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | ✓ | 𐄂 | +| External id (e.g. CVE) | 𐄂 | ⚠ | 𐄂 | ⚠ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | +| URLs | 𐄂 | ✓ | 𐄂 | ⚠ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | +| Internal doc/explanation | ⚠ | ✓ | 𐄂 | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | ✓ | +| Solution | 𐄂 | 𐄂 | 𐄂 | ⚠ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | +| Confidence | ✓ | ✓ | 𐄂 | ✓ | ✓ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | ✓ | +| Affected item (e.g. class or package) | 𐄂 | ✓ | 𐄂 | ✓ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | +| Source code extract | ✓ | ✓ | ✓ | 𐄂 | ✓ | ✓ | 𐄂 | 𐄂 | 𐄂 | 𐄂 | 𐄂 | +| Internal ID | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 𐄂 | ✓ | ✓ | ✓ | ✓ | + +- ✓ => we have that data +- ⚠ => we have that data but it's partially reliable, or we need to extract it from unstructured content +- 𐄂 => we don't have that data or it would need to develop specific or inefficient/unreliable logic to obtain it. + +The values provided by these tools are heterogeneous so they are sometimes +normalized into common values (e.g., `severity`, `confidence`, etc). diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 1f9fd9d4e18..7df86eedd18 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -135,6 +135,58 @@ sast: CI_DEBUG_TRACE: "true" ``` +### Available variables + +SAST can be [configured](#customizing-the-sast-settings) using environment variables. + +#### Docker images + +The following are Docker image-related variables. + +| Environment variable | Description | +|-------------------------------|--------------------------------------------------------------------------------| +| `SAST_ANALYZER_IMAGES` | Comma separated list of custom images. Default images are still enabled. Read more about [customizing analyzers](analyzers.md). | +| `SAST_ANALYZER_IMAGE_PREFIX` | Override the name of the Docker registry providing the default images (proxy). Read more about [customizing analyzers](analyzers.md). | +| `SAST_ANALYZER_IMAGE_TAG` | Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md). | +| `SAST_DEFAULT_ANALYZERS` | Override the names of default images. Read more about [customizing analyzers](analyzers.md). | +| `SAST_PULL_ANALYZER_IMAGES` | Pull the images from the Docker registry (set to 0 to disable). Read more about [customizing analyzers](analyzers.md). | + +### Vulnerability filters + +Some analyzers make it possible to filter out vulnerabilities under a given threshold. + +| `SAST_BANDIT_EXCLUDED_PATHS` | - | comma-separated list of paths to exclude from scan. Uses Python's [`fnmatch` syntax](https://docs.python.org/2/library/fnmatch.html) | +| `SAST_BRAKEMAN_LEVEL` | 1 | Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low 3=High. | +| `SAST_FLAWFINDER_LEVEL` | 1 | Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk. | +| `SAST_GITLEAKS_ENTROPY_LEVEL` | 8.0 | Minimum entropy for secret detection. Float, 0.0 = low, 8.0 = high. | +| `SAST_GOSEC_LEVEL` | 0 | Ignore gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 1=Medium, 3=High. | +| `SAST_EXCLUDED_PATHS` | - | Exclude vulnerabilities from output based on the paths. This is a comma-separated list of patterns. Patterns can be globs, file or folder paths. Parent directories will also match patterns. | + +### Timeouts + +The following variables configure timeouts. + +| `SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT` | 2m | Time limit for Docker client negotiation. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". For example, "300ms", "1.5h" or "2h45m". | +| `SAST_PULL_ANALYZER_IMAGE_TIMEOUT` | 5m | Time limit when pulling the image of an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". For example, "300ms", "1.5h" or "2h45m". | +| `SAST_RUN_ANALYZER_TIMEOUT` | 20m | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". For example, "300ms", "1.5h" or "2h45m".| + +### Analyzer settings + +Some analyzers can be customized with environment variables. + +| Environment variable | Analyzer | Description | +|-------------------------|----------|----------| +| `ANT_HOME` | spotbugs | The `ANT_HOME` environment variable. | +| `ANT_PATH` | spotbugs | Path to the `ant` executable. | +| `GRADLE_PATH` | spotbugs | Path to the `gradle` executable. | +| `JAVA_OPTS` | spotbugs | Additional arguments for the `java` executable. | +| `JAVA_PATH` | spotbugs | Path to the `java` executable. | +| `MAVEN_CLI_OPTS` | spotbugs | Additional arguments for the `mvn` or `mvnw` executable. | +| `MAVEN_PATH` | spotbugs | Path to the `mvn` executable. | +| `MAVEN_REPO_PATH` | spotbugs | Path to the Maven local repository (shortcut for the `maven.repo.local` property). | +| `SBT_PATH` | spotbugs | Path to the `sbt` executable. | +| `FAIL_NEVER` | spotbugs | Set to `1` to ignore compilation failure. | + ## Reports JSON format CAUTION: **Caution:** -- cgit v1.2.1 From 4d790f8eb6401c0cdb4830dd80807cb10ddbb167 Mon Sep 17 00:00:00 2001 From: Matt Penna Date: Mon, 22 Jul 2019 03:39:57 +0000 Subject: Documentation for email confirmation signup restriction --- .../admin_area/settings/img/email_confirmation.png | Bin 0 -> 14260 bytes .../admin_area/settings/sign_up_restrictions.md | 23 ++++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 doc/user/admin_area/settings/img/email_confirmation.png diff --git a/doc/user/admin_area/settings/img/email_confirmation.png b/doc/user/admin_area/settings/img/email_confirmation.png new file mode 100644 index 00000000000..4d888da3416 Binary files /dev/null and b/doc/user/admin_area/settings/img/email_confirmation.png differ diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md index d77e91156f8..1b1bcbcd6e8 100644 --- a/doc/user/admin_area/settings/sign_up_restrictions.md +++ b/doc/user/admin_area/settings/sign_up_restrictions.md @@ -4,19 +4,26 @@ type: reference # Sign-up restrictions -By implementing sign-up restrictions, you can blacklist or whitelist email addresses -belonging to specific domains. +You can use sign-up restrictions to require user email confirmation, as well as +to blacklist or whitelist email addresses belonging to specific domains. >**Note**: These restrictions are only applied during sign-up. An admin is able to add a user through the admin panel with a disallowed domain. Also note that the users can change their email addresses after signup to disallowed domains. +## Require email confirmation + +You can send confirmation emails during sign-up and require that users confirm +their email address before they are allowed to sign in. + +![Email confirmation](img/email_confirmation.png) + ## Whitelist email domains > [Introduced][ce-598] in GitLab 7.11.0 -You can restrict users to only signup using email addresses matching the given +You can restrict users to only sign up using email addresses matching the given domains list. ## Blacklist email domains @@ -24,7 +31,9 @@ domains list. > [Introduced][ce-5259] in GitLab 8.10. With this feature enabled, you can block email addresses of a specific domain -from creating an account on your GitLab server. This is particularly useful to prevent spam. Disposable email addresses are usually used by malicious users to create dummy accounts and spam issues. +from creating an account on your GitLab server. This is particularly useful +to prevent malicious users from creating spam accounts with disposable email +addresses. ## Settings @@ -33,10 +42,10 @@ To access this feature: 1. Navigate to the **Settings > General** in the Admin area. 1. Expand the **Sign-up restrictions** section. -For the: +For the blacklist, you can enter the list manually or upload a `.txt` file that +contains list entries. -- Blacklist, you can enter the list manually, or upload a `.txt` file with it. -- Whitelist you must enter the list manually. +For the whitelist, you must enter the list manually. Both the whitelist and blacklist accept wildcards. For example, you can use `*.company.com` to accept every `company.com` subdomain, or `*.io` to block all -- cgit v1.2.1 From 866bef8059591db9a17db71d66a1321b0ca25153 Mon Sep 17 00:00:00 2001 From: Patrick Bajao Date: Mon, 22 Jul 2019 13:25:24 +0800 Subject: Fix suggestion on lines that are not part of an MR Return the `text` as plain string in the response instead of including HTML tags but keep `rich_text` as is. The fix is to modify `Blob::UnfoldPresenter#diff_files` to map each raw diff line (limited by the range specified) to a corresponding line in an array of highlighted lines to use as `rich_text`. --- app/presenters/blob_presenter.rb | 8 +++++- app/presenters/blobs/unfold_presenter.rb | 30 +++++++++++++++------- .../57953-fix-unfolded-diff-suggestions.yml | 5 ++++ spec/presenters/blobs/unfold_presenter_spec.rb | 6 +++-- 4 files changed, 37 insertions(+), 12 deletions(-) create mode 100644 changelogs/unreleased/57953-fix-unfolded-diff-suggestions.yml diff --git a/app/presenters/blob_presenter.rb b/app/presenters/blob_presenter.rb index 91c9abe750b..2cf3278d240 100644 --- a/app/presenters/blob_presenter.rb +++ b/app/presenters/blob_presenter.rb @@ -4,7 +4,7 @@ class BlobPresenter < Gitlab::View::Presenter::Delegated presents :blob def highlight(plain: nil) - blob.load_all_data! if blob.respond_to?(:load_all_data!) + load_all_blob_data Gitlab::Highlight.highlight( blob.path, @@ -17,4 +17,10 @@ class BlobPresenter < Gitlab::View::Presenter::Delegated def web_url Gitlab::Routing.url_helpers.project_blob_url(blob.repository.project, File.join(blob.commit_id, blob.path)) end + + private + + def load_all_blob_data + blob.load_all_data! if blob.respond_to?(:load_all_data!) + end end diff --git a/app/presenters/blobs/unfold_presenter.rb b/app/presenters/blobs/unfold_presenter.rb index 7b13db3bb74..21a1e1309e0 100644 --- a/app/presenters/blobs/unfold_presenter.rb +++ b/app/presenters/blobs/unfold_presenter.rb @@ -16,8 +16,12 @@ module Blobs attribute :indent, Integer, default: 0 def initialize(blob, params) + # Load all blob data first as we need to ensure they're all loaded first + # so we can accurately show the rest of the diff when unfolding. + load_all_blob_data + @subject = blob - @all_lines = highlight.lines + @all_lines = blob.data.lines super(params) if full? @@ -25,10 +29,12 @@ module Blobs end end - # Converts a String array to Gitlab::Diff::Line array, with match line added + # Returns an array of Gitlab::Diff::Line with match line added def diff_lines - diff_lines = lines.map do |line| - Gitlab::Diff::Line.new(line, nil, nil, nil, nil, rich_text: line) + diff_lines = lines.map.with_index do |line, index| + full_line = limited_blob_lines[index].delete("\n") + + Gitlab::Diff::Line.new(full_line, nil, nil, nil, nil, rich_text: line) end add_match_line(diff_lines) @@ -37,11 +43,7 @@ module Blobs end def lines - strong_memoize(:lines) do - lines = @all_lines - lines = lines[since - 1..to - 1] unless full? - lines.map(&:html_safe) - end + @lines ||= limit(highlight.lines).map(&:html_safe) end def match_line_text @@ -71,5 +73,15 @@ module Blobs bottom? ? diff_lines.push(match_line) : diff_lines.unshift(match_line) end + + def limited_blob_lines + @limited_blob_lines ||= limit(@all_lines) + end + + def limit(lines) + return lines if full? + + lines[since - 1..to - 1] + end end end diff --git a/changelogs/unreleased/57953-fix-unfolded-diff-suggestions.yml b/changelogs/unreleased/57953-fix-unfolded-diff-suggestions.yml new file mode 100644 index 00000000000..f634c0cd98a --- /dev/null +++ b/changelogs/unreleased/57953-fix-unfolded-diff-suggestions.yml @@ -0,0 +1,5 @@ +--- +title: Fix suggestion on lines that are not part of an MR +merge_request: 30606 +author: +type: fixed diff --git a/spec/presenters/blobs/unfold_presenter_spec.rb b/spec/presenters/blobs/unfold_presenter_spec.rb index 7ece5f623ce..1534c572b30 100644 --- a/spec/presenters/blobs/unfold_presenter_spec.rb +++ b/spec/presenters/blobs/unfold_presenter_spec.rb @@ -54,8 +54,10 @@ describe Blobs::UnfoldPresenter do expect(lines.size).to eq(total_lines) lines.each.with_index do |line, index| - expect(line.text).to include("LC#{index + 1}") - expect(line.text).to eq(line.rich_text) + line_number = index + 1 + + expect(line.text).to eq(line_number.to_s) + expect(line.rich_text).to include("LC#{line_number}") expect(line.type).to be_nil end end -- cgit v1.2.1 From 589d1797d8dfdced2c6257597264bce0e2072c35 Mon Sep 17 00:00:00 2001 From: Heinrich Lee Yu Date: Fri, 19 Jul 2019 00:44:24 +0800 Subject: Handle trailing slashes when generating Jira URLs Applies to issues_url and new_issue_url --- app/models/project_services/jira_service.rb | 8 +++++++- .../unreleased/63833-fix-jira-issues-url.yml | 5 +++++ spec/models/project_services/jira_service_spec.rb | 24 +++++++++++++++++++++- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/63833-fix-jira-issues-url.yml diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb index e571700fd02..7ab79242cc3 100644 --- a/app/models/project_services/jira_service.rb +++ b/app/models/project_services/jira_service.rb @@ -54,7 +54,7 @@ class JiraService < IssueTrackerService username: self.username, password: self.password, site: URI.join(url, '/').to_s, # Intended to find the root - context_path: url.path.chomp('/'), + context_path: url.path, auth_type: :basic, read_timeout: 120, use_cookies: true, @@ -103,6 +103,12 @@ class JiraService < IssueTrackerService "#{url}/secure/CreateIssue.jspa" end + alias_method :original_url, :url + + def url + original_url&.chomp('/') + end + def execute(push) # This method is a no-op, because currently JiraService does not # support any events. diff --git a/changelogs/unreleased/63833-fix-jira-issues-url.yml b/changelogs/unreleased/63833-fix-jira-issues-url.yml new file mode 100644 index 00000000000..24d6bca3842 --- /dev/null +++ b/changelogs/unreleased/63833-fix-jira-issues-url.yml @@ -0,0 +1,5 @@ +--- +title: Handle trailing slashes when generating Jira issue URLs +merge_request: 30911 +author: +type: fixed diff --git a/spec/models/project_services/jira_service_spec.rb b/spec/models/project_services/jira_service_spec.rb index 235cf314af5..02060699e9a 100644 --- a/spec/models/project_services/jira_service_spec.rb +++ b/spec/models/project_services/jira_service_spec.rb @@ -236,7 +236,7 @@ describe JiraService do allow(JIRA::Resource::Remotelink).to receive(:all).and_return(nil) expect { @jira_service.close_issue(resource, ExternalIssue.new('JIRA-123', project)) } - .not_to raise_error(NoMethodError) + .not_to raise_error end # Check https://developer.atlassian.com/jiradev/jira-platform/guides/other/guide-jira-remote-issue-links/fields-in-remote-issue-links @@ -606,6 +606,12 @@ describe JiraService do expect(service.properties['api_url']).to eq('http://jira.sample/api') end end + + it 'removes trailing slashes from url' do + service = described_class.new(url: 'http://jira.test.com/path/') + + expect(service.url).to eq('http://jira.test.com/path') + end end describe 'favicon urls', :request_store do @@ -621,4 +627,20 @@ describe JiraService do expect(props[:object][:icon][:url16x16]).to match %r{^http://localhost/uploads/-/system/appearance/favicon/\d+/dk.png$} end end + + context 'generating external URLs' do + let(:service) { described_class.new(url: 'http://jira.test.com/path/') } + + describe '#issues_url' do + it 'handles trailing slashes' do + expect(service.issues_url).to eq('http://jira.test.com/path/browse/:id') + end + end + + describe '#new_issue_url' do + it 'handles trailing slashes' do + expect(service.new_issue_url).to eq('http://jira.test.com/path/secure/CreateIssue.jspa') + end + end + end end -- cgit v1.2.1 From f6bfd51deaf1b13f850536be7b2ddee17b1e3a7d Mon Sep 17 00:00:00 2001 From: Tiger Date: Mon, 22 Jul 2019 15:44:28 +1000 Subject: Remove ignore rule for ProjectAutoDevops#domain --- app/models/project_auto_devops.rb | 4 ---- spec/models/project_auto_devops_spec.rb | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/app/models/project_auto_devops.rb b/app/models/project_auto_devops.rb index f39f54f0434..e11d0c48b4b 100644 --- a/app/models/project_auto_devops.rb +++ b/app/models/project_auto_devops.rb @@ -1,10 +1,6 @@ # frozen_string_literal: true class ProjectAutoDevops < ApplicationRecord - include IgnorableColumn - - ignore_column :domain - belongs_to :project, inverse_of: :auto_devops enum deploy_strategy: { diff --git a/spec/models/project_auto_devops_spec.rb b/spec/models/project_auto_devops_spec.rb index 7bdd2367a68..da9e56ef897 100644 --- a/spec/models/project_auto_devops_spec.rb +++ b/spec/models/project_auto_devops_spec.rb @@ -15,7 +15,7 @@ describe ProjectAutoDevops do it { is_expected.to respond_to(:updated_at) } describe '#predefined_variables' do - let(:auto_devops) { build_stubbed(:project_auto_devops, project: project, domain: domain) } + let(:auto_devops) { build_stubbed(:project_auto_devops, project: project) } context 'when deploy_strategy is manual' do let(:auto_devops) { build_stubbed(:project_auto_devops, :manual_deployment, project: project) } -- cgit v1.2.1 From d0a60a7525459c13b5d0bd125bfdf518baa6c3be Mon Sep 17 00:00:00 2001 From: Marcel Amirault Date: Mon, 22 Jul 2019 06:03:12 +0000 Subject: Add info about mdl to documentation --- doc/development/documentation/index.md | 43 +++++++++++++++++------------ doc/development/documentation/styleguide.md | 16 +++++++++++ 2 files changed, 41 insertions(+), 18 deletions(-) diff --git a/doc/development/documentation/index.md b/doc/development/documentation/index.md index 36a2f47a55b..8ce855594df 100644 --- a/doc/development/documentation/index.md +++ b/doc/development/documentation/index.md @@ -488,15 +488,17 @@ Currently, the following tests are in place: that all cURL examples in API docs use the full switches. It's recommended to [check locally](#previewing-the-changes-live) before pushing to GitLab by executing the command `bundle exec nanoc check internal_links` on your local - [`gitlab-docs`](https://gitlab.com/gitlab-org/gitlab-docs) directory. + [`gitlab-docs`](https://gitlab.com/gitlab-org/gitlab-docs) directory. In addition, + `docs-lint` also runs [markdownlint](styleguide.md#markdown-rules) to ensure the + markdown is consistent across all documentation. 1. [`ee_compat_check`](../automatic_ce_ee_merge.md#avoiding-ce-ee-merge-conflicts-beforehand) (runs on CE only): - When you submit a merge request to GitLab Community Edition (CE), - there is this additional job that runs against Enterprise Edition (EE) - and checks if your changes can apply cleanly to the EE codebase. - If that job fails, read the instructions in the job log for what to do next. - As CE is merged into EE once a day, it's important to avoid merge conflicts. - Submitting an EE-equivalent merge request cherry-picking all commits from CE to EE is - essential to avoid them. + When you submit a merge request to GitLab Community Edition (CE), + there is this additional job that runs against Enterprise Edition (EE) + and checks if your changes can apply cleanly to the EE codebase. + If that job fails, read the instructions in the job log for what to do next. + As CE is merged into EE once a day, it's important to avoid merge conflicts. + Submitting an EE-equivalent merge request cherry-picking all commits from CE to EE is + essential to avoid them. 1. [`ee-files-location-check`/`ee-specific-lines-check`](#ee-specific-lines-check) (runs on EE only): This test ensures that no new files/directories are created/changed in EE. All docs should be submitted in CE instead, regardless the tier they are on. @@ -559,15 +561,16 @@ A file with `proselint` configuration must be placed in a #### `markdownlint` `markdownlint` checks that certain rules ([example](https://github.com/DavidAnson/markdownlint/blob/master/README.md#rules--aliases)) - are followed for Markdown syntax. - Our [Documentation Style Guide](styleguide.md) and [Markdown Guide](https://about.gitlab.com/handbook/product/technical-writing/markdown-guide/) - elaborate on which choices must be made when selecting Markdown syntax for - GitLab documentation. This tool helps catch deviations from those guidelines. +are followed for Markdown syntax. Our [Documentation Style Guide](styleguide.md) and +[Markdown Guide](https://about.gitlab.com/handbook/product/technical-writing/markdown-guide/) +elaborate on which choices must be made when selecting Markdown syntax for GitLab +documentation. This tool helps catch deviations from those guidelines, and matches the +tests run on the documentation by [`docs-lint`](#testing). `markdownlint` can be used [on the command line](https://github.com/igorshubovych/markdownlint-cli#markdownlint-cli--), - either on a single Markdown file or on all Markdown files in a project. For example, to run - `markdownlint` on all documentation in the [`gitlab-ce` project](https://gitlab.com/gitlab-org/gitlab-ce), - run the following commands from within the `gitlab-ce` project: +either on a single Markdown file or on all Markdown files in a project. For example, to run +`markdownlint` on all documentation in the [`gitlab-ce` project](https://gitlab.com/gitlab-org/gitlab-ce), +run the following commands from within the `gitlab-ce` project: ```sh cd doc @@ -597,7 +600,7 @@ The following sample `markdownlint` configuration modifies the available default "line-length": false, "no-trailing-punctuation": false, "ol-prefix": { "style": "one" }, - "blanks-around-fences": false, + "blanks-around-fences": true, "no-inline-html": { "allowed_elements": [ "table", @@ -612,11 +615,15 @@ The following sample `markdownlint` configuration modifies the available default "a", "strong", "i", - "div" + "div", + "b" ] }, "hr-style": { "style": "---" }, - "fenced-code-language": false + "code-block-style": { "style": "fenced" }, + "fenced-code-language": false, + "no-duplicate-header": { "allow_different_nesting": true }, + "commands-show-output": false } ``` diff --git a/doc/development/documentation/styleguide.md b/doc/development/documentation/styleguide.md index ccf1deefd91..36ffc02644e 100644 --- a/doc/development/documentation/styleguide.md +++ b/doc/development/documentation/styleguide.md @@ -107,6 +107,22 @@ Hard-coded HTML is valid, although it's discouraged to be used while we have `/h - Special styling is required. - Reviewed and approved by a technical writer. +### Markdown Rules + +GitLab ensures that the Markdown used across all documentation is consistent, as +well as easy to review and maintain, by testing documentation changes with +[Markdownlint (mdl)](https://github.com/markdownlint/markdownlint). This lint test +checks many common problems with Markdown, and fails when any document has an issue +with Markdown formatting that may cause the page to render incorrectly within GitLab. +It will also fail when a document is using non-standard Markdown (which may render +correctly, but is not the current standard in GitLab documentation). + +Each formatting issue that mdl checks has an associated [rule](https://github.com/markdownlint/markdownlint/blob/master/docs/RULES.md), +and the rules that are currently enabled for GitLab documentation are listed in the +[`.mdlrc.style`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.mdlrc.style) file. +Configuration options are set in the [`.mdlrc`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.mdlrc.style) +file. + ## Structure ### Organize by topic, not by type -- cgit v1.2.1 From f38d76863d9a7e2545ebad28c2de833eab1c3687 Mon Sep 17 00:00:00 2001 From: Emeryao Date: Mon, 22 Jul 2019 06:17:05 +0000 Subject: use the property of name_with_namespace instead of name for the new issue form in boards add a new attribute for name_with_namespace prettier the changed code --- app/assets/javascripts/boards/components/project_select.vue | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/boards/components/project_select.vue b/app/assets/javascripts/boards/components/project_select.vue index a1cf1866faf..e8d25e84be1 100644 --- a/app/assets/javascripts/boards/components/project_select.vue +++ b/app/assets/javascripts/boards/components/project_select.vue @@ -68,13 +68,15 @@ export default {
  • - ${_.escape(project.name)} + }" data-project-name="${project.name}" data-project-name-with-namespace="${ + project.name_with_namespace + }"> + ${_.escape(project.name_with_namespace)}
    • `; }, - text: project => project.name, + text: project => project.name_with_namespace, }); }, }; -- cgit v1.2.1 From 51957ad56be9da3e1b1c640e3c763754ed65923f Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 22 Jul 2019 08:31:41 +0000 Subject: Update CHANGELOG.md for 12.1.0 [ci skip] --- CHANGELOG.md | 271 +++++++++++++++++++++ .../11039-moved-code-difference-from-EE-to-CE.yml | 5 - .../unreleased/11448-fix-cs-with-k8s-runners.yml | 5 - ...-markers-on-monitoring-graphs-not-clickable.yml | 5 - .../unreleased/12533-shared-runners-warning.yml | 5 - changelogs/unreleased/12550-fullscrean.yml | 5 - changelogs/unreleased/12553-preferences.yml | 5 - ...-when-a-branch-is-deleted-And-add-MR-option.yml | 5 - .../29775-fix-nested-lists-unnecessary-margin.yml | 5 - .../30355-use-hours-only-for-time-tracking.yml | 5 - .../unreleased/32452-multiple-discussions.yml | 5 - .../35757-move-issues-in-boards-pderichs.yml | 5 - changelogs/unreleased/38105-pre-release-tag.yml | 5 - .../unreleased/40379-CJK-search-min-chars.yml | 5 - .../unreleased/42399-registry-confirm-deletion.yml | 5 - .../44106-include-subgroups-in-group-activity.yml | 5 - ...e-updated_at-on-an-issue-when-reordering-it.yml | 5 - ...ent-users-from-using-the-container-registry.yml | 5 - ...ix-ide-editor-to-update-size-on-show-change.yml | 5 - ...abel-picker-line-break-on-long-label-titles.yml | 5 - ...in-admin-area-if-emails-are-verified-or-not.yml | 5 - .../50228-deploy-tokens-custom-username.yml | 5 - ...e-http-status-code-when-repository-disabled.yml | 5 - .../51794-add-ordering-to-runner-jobs-api.yml | 5 - changelogs/unreleased/51952-forking-via-webide.yml | 5 - .../51952-redirect-to-webide-in-fork.yml | 5 - .../unreleased/52366-improved-group-lists-ui.yml | 5 - .../52442-minimal-remove-mysql-support.yml | 5 - .../52954-allow-developers-to-delete-tags.yml | 5 - .../53357-fix-plus-in-upload-file-names.yml | 5 - ...11-issue-boards-to-core-projects-backend-ce.yml | 5 - .../unreleased/54117-transactional-rebase.yml | 5 - ...rect-reaction-emoji-placement-in-discussion.yml | 5 - .../55487-enable-group-terminals-button.yml | 5 - changelogs/unreleased/55623-group-cluster-apis.yml | 5 - ...le-creation-of-non-rbac-kubernetes-clusters.yml | 5 - .../55953-renamed-discussion-to-thread.yml | 5 - ...57538-normalize-users-private-profile-field.yml | 5 - changelogs/unreleased/57793-fix-line-age.yml | 5 - changelogs/unreleased/57815.yml | 5 - ...7918-encrypt-feature-flags-tokens-changelog.yml | 5 - ...pplication-settings-panel-shows-wrong-panel.yml | 5 - .../unreleased/58065-uniform-html-txt-email.yml | 5 - .../58689-regroup-jump-button-in-discussion.yml | 6 - changelogs/unreleased/58802-rename-webide.yml | 5 - .../unreleased/58808-fix-image-diff-on-text.yml | 5 - .../unreleased/59028-fix-extra-plus-in-diffs.yml | 5 - .../unreleased/59257-find-new-branches-harder.yml | 5 - .../60617-enable-project-cluster-jit.yml | 5 - ...66-kubernetes-applications-uninstall-runner.yml | 5 - .../unreleased/60856-deleting-binary-file.yml | 5 - .../unreleased/60859-upload-after-delete.yml | 5 - .../60860-keep-empty-folders-in-tree.yml | 5 - .../unreleased/60879-fix-reports-timing-out.yml | 5 - .../61005-grafanaInAdminSettingsMonitoringMenu.yml | 5 - ...-instance-level-cluster-pod-terminal-access.yml | 5 - ...1-pass-identities-to-external-authorization.yml | 5 - ...from-add-packages_size-to-projectstatistics.yml | 5 - ...search-result-doesn-t-pass-wcag-color-audit.yml | 5 - changelogs/unreleased/61613-spacing-mr-widgets.yml | 5 - changelogs/unreleased/62088-search-back.yml | 5 - .../62124-new-threaded-discussion-design.yml | 5 - ...-for-bulk-delete-api-for-container-registry.yml | 5 - ...2-disable-kubernetes-credential-passthrough.yml | 5 - ...62772-migrate-managed-clusters-to-unmanaged.yml | 6 - .../unreleased/62826-graphql-emoji-mutations.yml | 5 - .../unreleased/62826-graphql-note-mutations.yml | 5 - .../unreleased/62938-wcag-aa-edited-text-color.yml | 5 - ...nvironment-details-header-border-misaligned.yml | 5 - ...ailability-checker-breaks-inline-validation.yml | 5 - ...migrate-clusters-with-no-token-to-unmanaged.yml | 6 - .../unreleased/63200-reply-button-broken.yml | 5 - changelogs/unreleased/63227-fix-double-border.yml | 5 - .../unreleased/63247-add-conf-toast-and-link.yml | 5 - ...y-for-the-mr-popover-failes-on-the-frontend.yml | 6 - ...298-prevent-excessive-sanitization-asciidoc.yml | 5 - changelogs/unreleased/63475-fix-n-1.yml | 5 - .../unreleased/63479-jira-capitalization.yml | 5 - .../63507-fix-race-condition-fetching-token.yml | 5 - .../63559-remove-avatar-from-sign-in.yml | 5 - .../63590-pipeline-actions-cause-full-refresh.yml | 5 - .../63656-runner-tags-search-dropdown-is-empty.yml | 5 - ...67-hashed-storage-migration-count-correctly.yml | 5 - changelogs/unreleased/63691-fix-doc-link.yml | 5 - changelogs/unreleased/63873-process-start-time.yml | 6 - .../63945-update-mixin-deep-to-1-3-2.yml | 5 - changelogs/unreleased/63971-remove-istanbul.yml | 5 - .../unreleased/64066-fix-uneven-click-areas.yml | 5 - .../64070-asciidoctor-enable-section-anchors.yml | 5 - .../unreleased/64091-fix-broken-terminal.yml | 5 - changelogs/unreleased/64161-gitlab-fqdn.yml | 5 - changelogs/unreleased/64176-fix-error-handling.yml | 5 - ...registry-empty-state-with-design-guidelines.yml | 5 - changelogs/unreleased/64314-ci-icon.yml | 5 - .../unreleased/64315-mget_sessions_in_chunks.yml | 5 - ...lestones-from-instance-milestones-dashboard.yml | 5 - ...d-in-a-new-issue-has-an-incorrect-line-wrap.yml | 5 - ...zio-quirk-omniauth-strategies-openidconnect.yml | 5 - .../64416-lodash-4-6-2-for-prototype-pollution.yml | 5 - ...4645-asciidoctor-preserve-footnote-link-ids.yml | 5 - ...8ee-add-rule_type-to-approval-project-rules.yml | 5 - ...emove-unresolved-class-in-discussion-header.yml | 5 - .../unreleased/add-clusters-to-deployment.yml | 5 - .../add-metrics-dashboard-permission-check.yml | 5 - changelogs/unreleased/add-salesforce-logo.yml | 5 - .../add-strategies-column-to-scopes-table.yml | 5 - .../unreleased/allow-reactive-caching-of-nil.yml | 5 - .../always-allow-prometheus-access-in-dev.yml | 5 - .../always-display-environment-selector.yml | 5 - .../api-doc-negative-commit-message-push-rule.yml | 5 - .../asciidoc-enable-syntax-highlighting.yml | 5 - changelogs/unreleased/asciidoctor-upgrade.yml | 5 - ...e-performance-environment-statuses-endpoint.yml | 5 - changelogs/unreleased/bjk-fix_prom_example.yml | 5 - changelogs/unreleased/bvl-markdown-graphql.yml | 5 - .../bvl-rename-routes-after-user-rename.yml | 5 - .../unreleased/caneldem-master-patch-77839.yml | 5 - ...ate-merge-request-settings-description-text.yml | 5 - .../unreleased/centralize-markdownlint-config.yml | 5 - changelogs/unreleased/check-min-schema-migrate.yml | 5 - .../unreleased/ci_default_git_depth_only.yml | 5 - changelogs/unreleased/clusters-group-cte.yml | 5 - .../unreleased/create-merge-train-ref-ce.yml | 5 - .../unreleased/db-update-geo-nodes-primary.yml | 5 - changelogs/unreleased/dohtaset.yml | 5 - changelogs/unreleased/ds-charts-whitespace.yml | 5 - .../dz-remove-deprecated-group-routes.yml | 5 - .../dz-remove-deprecated-user-routes.yml | 5 - changelogs/unreleased/embedded-metrics-be-2.yml | 5 - .../expose-saml-provider-id-to-users-api.yml | 5 - ...-old-boardservice-on-component-modal-footer.yml | 6 - changelogs/unreleased/fe-issue-reorder.yml | 5 - .../feature-uninstall_cluster_ingress.yml | 5 - .../feature-uninstall_jupyter_hub_app.yml | 5 - .../unreleased/fix-broken-vue-i18n-strings.yml | 5 - .../unreleased/fix-comment-race-condition.yml | 5 - ...facivon-url-if-uploads-object-store-enabled.yml | 5 - changelogs/unreleased/fix-jupyter-git-v3.yml | 5 - .../fix-median-counting-for-cycle-analytics.yml | 5 - .../unreleased/fix-pipeline-schedule-edge-case.yml | 6 - .../fix-sidekiq-transaction-check-race.yml | 5 - .../fix-unicorn-sampler-workers-count.yml | 5 - .../unreleased/fj-fix-subgroup-search-url.yml | 5 - ...63955-fix-import-with-source-branch-deleted.yml | 5 - changelogs/unreleased/gitaly-version-v1-53-0.yml | 5 - changelogs/unreleased/gitaly-version-v1.49.0.yml | 5 - changelogs/unreleased/gitaly-version-v1.51.0.yml | 5 - changelogs/unreleased/gitaly-version-v1.52.0.yml | 5 - changelogs/unreleased/graphql-tree-last-commit.yml | 5 - ...directive-on-project-avatar-image-component.yml | 5 - ...ve-cluster-role-on-service-account-creation.yml | 5 - .../hide-restricted-visibility-radio.yml | 5 - changelogs/unreleased/id-clean-up-mr-assignees.yml | 5 - .../id-extract-widget-into-different-request.yml | 5 - changelogs/unreleased/id-stale-branches.yml | 5 - changelogs/unreleased/issue-63222.yml | 5 - changelogs/unreleased/issue-zoom-url.yml | 5 - changelogs/unreleased/issue_64021.yml | 5 - changelogs/unreleased/jc-detect-nfs-for-rugged.yml | 5 - changelogs/unreleased/jc-remove-catfile-flag.yml | 5 - .../jramsay-enable-object-dedupe-by-default.yml | 5 - changelogs/unreleased/knative-0-6.yml | 5 - .../unreleased/limit-amount-of-tests-returned.yml | 5 - changelogs/unreleased/mh-board-tooltips.yml | 5 - changelogs/unreleased/mh-boards-filter-bar.yml | 5 - changelogs/unreleased/mh-collapsible-boards.yml | 5 - changelogs/unreleased/mh-colon-autocomplete.yml | 5 - changelogs/unreleased/mh-mermaid-linebreaks.yml | 5 - .../unreleased/move-all-configs-to-global.yml | 5 - .../unreleased/mw-project-list-color-fix.yml | 5 - .../unreleased/osw-persist-tmp-snippet-uploads.yml | 5 - .../osw-sync-merge-ref-upon-mergeability-check.yml | 5 - .../unreleased/paginate-license-management.yml | 5 - changelogs/unreleased/patch-29.yml | 5 - changelogs/unreleased/po-raw-changes-encoding.yml | 5 - changelogs/unreleased/pre-releases-38105a.yml | 5 - .../prepare-cycle-analytics-for-group-level.yml | 5 - changelogs/unreleased/project_api.yml | 5 - changelogs/unreleased/refactor-sentry.yml | 5 - .../unreleased/registry-fix-multi-delete-modal.yml | 5 - changelogs/unreleased/remove-auto-ssl-ff.yml | 6 - ...move-kubernetes-service-deployment-platform.yml | 5 - ...remove-support-for-legacy-pipeline-triggers.yml | 5 - ...ve_group_and_instance_clusters_feature_flag.yml | 5 - ...bling-only-allow-merge-if-pipeline-succeeds.yml | 5 - changelogs/unreleased/rj-fix-manual-order.yml | 5 - .../unreleased/sanitize_rake_ldap_check_output.yml | 5 - changelogs/unreleased/search-blob-basenames.yml | 5 - .../security-2858-fix-color-validation.yml | 5 - ...security-59581-related-merge-requests-count.yml | 5 - .../security-DOS_issue_comments_banzai.yml | 5 - ...rity-bvl-enforce-graphql-type-authorization.yml | 5 - .../security-fp-prevent-billion-laughs-attack.yml | 5 - .../unreleased/security-mr-head-pipeline-leak.yml | 5 - .../security-notes-in-private-snippets.yml | 5 - ...nt-detection-of-merge-request-template-name.yml | 5 - .../unreleased/set-higher-ttl-for-trace-write.yml | 5 - .../sh-add-force-random-password-user-api.yml | 5 - ...sh-add-gitaly-ref-caching-search-controller.yml | 5 - .../unreleased/sh-add-thread-memory-cache.yml | 5 - .../sh-audit-event-json-log-format-from-and-to.yml | 5 - .../sh-avoid-loading-pipeline-status.yml | 5 - changelogs/unreleased/sh-bump-fog-aws.yml | 5 - .../unreleased/sh-cache-feature-flag-names.yml | 5 - .../sh-cache-flipper-checks-in-memory.yml | 5 - .../sh-cache-flipper-names-memory-cache.yml | 5 - .../sh-cache-negative-entries-find-commit.yml | 5 - .../sh-clean-up-bitbucket-import-errors.yml | 5 - ...-disable-reactive-caching-automatic-retries.yml | 5 - .../sh-enable-ref-name-caching-discussions.yml | 5 - .../unreleased/sh-fix-gitaly-server-info-cache.yml | 5 - changelogs/unreleased/sh-fix-httpclient-ssl.yml | 5 - changelogs/unreleased/sh-fix-issue-63349.yml | 5 - changelogs/unreleased/sh-fix-issue-63910.yml | 5 - .../unreleased/sh-handle-nil-replication-lag.yml | 5 - changelogs/unreleased/sh-improve-redis-peek.yml | 5 - .../unreleased/sh-optimize-todos-controller.yml | 5 - .../sh-remove-import-columns-from-projects.yml | 5 - changelogs/unreleased/sh-service-template-bug.yml | 5 - .../unreleased/sh-strong-memoize-appearances.yml | 5 - .../sh-support-subnets-ip-rate-limiter.yml | 5 - changelogs/unreleased/sh-update-mermaid.yml | 5 - changelogs/unreleased/sh-upgrade-rouge-3-5-1.yml | 5 - changelogs/unreleased/slugify.yml | 5 - .../small-s-in-elasticsearch-in-code.yml | 5 - changelogs/unreleased/small-s-in-elasticsearch.yml | 5 - .../unreleased/support-jsonb-default-value.yml | 5 - changelogs/unreleased/tc-rake-orphan-artifacts.yml | 5 - changelogs/unreleased/transaction-metrics.yml | 5 - .../unreleased/tz-update-mr-count-over-tabs.yml | 6 - changelogs/unreleased/unicorn-sampler-fix.yml | 5 - changelogs/unreleased/update-clair-version.yml | 6 - .../update-gitlab-runner-helm-chart-to-0-6-0.yml | 5 - changelogs/unreleased/update-pages-to-1-7-0.yml | 5 - changelogs/unreleased/update-pagination-texts.yml | 5 - changelogs/unreleased/update-tar-to-2-2-2.yml | 5 - changelogs/unreleased/update-todo-in-ui.yml | 5 - changelogs/unreleased/use-pg-9-6-11-on-ci.yml | 5 - .../unreleased/winh-jest-markdown-header.yml | 5 - .../unreleased/winh-multiple-issueboards-core.yml | 5 - .../winh-notes-service-applySuggestion.yml | 5 - .../unreleased/winh-notes-service-deleteNote.yml | 5 - .../unreleased/winh-notes-service-toggleAward.yml | 5 - ...winh-updateResolvableDiscussionsCounts-typo.yml | 5 - .../z-index-fix-for-diff-file-dropdown.yml | 5 - changelogs/unreleased/z-index-tools.yml | 5 - changelogs/unreleased/zj-gitaly-usage-data.yml | 5 - 247 files changed, 271 insertions(+), 1240 deletions(-) delete mode 100644 changelogs/unreleased/11039-moved-code-difference-from-EE-to-CE.yml delete mode 100644 changelogs/unreleased/11448-fix-cs-with-k8s-runners.yml delete mode 100644 changelogs/unreleased/11888-regression-deploy-correlation-markers-on-monitoring-graphs-not-clickable.yml delete mode 100644 changelogs/unreleased/12533-shared-runners-warning.yml delete mode 100644 changelogs/unreleased/12550-fullscrean.yml delete mode 100644 changelogs/unreleased/12553-preferences.yml delete mode 100644 changelogs/unreleased/17690-Protect-TeamCity-builds-for-triggering-when-a-branch-is-deleted-And-add-MR-option.yml delete mode 100644 changelogs/unreleased/29775-fix-nested-lists-unnecessary-margin.yml delete mode 100644 changelogs/unreleased/30355-use-hours-only-for-time-tracking.yml delete mode 100644 changelogs/unreleased/32452-multiple-discussions.yml delete mode 100644 changelogs/unreleased/35757-move-issues-in-boards-pderichs.yml delete mode 100644 changelogs/unreleased/38105-pre-release-tag.yml delete mode 100644 changelogs/unreleased/40379-CJK-search-min-chars.yml delete mode 100644 changelogs/unreleased/42399-registry-confirm-deletion.yml delete mode 100644 changelogs/unreleased/44106-include-subgroups-in-group-activity.yml delete mode 100644 changelogs/unreleased/44949-do-not-update-updated_at-on-an-issue-when-reordering-it.yml delete mode 100644 changelogs/unreleased/45104-special-characters-in-project-name-path-prevent-users-from-using-the-container-registry.yml delete mode 100644 changelogs/unreleased/45120-fix-ide-editor-to-update-size-on-show-change.yml delete mode 100644 changelogs/unreleased/48771-label-picker-line-break-on-long-label-titles.yml delete mode 100644 changelogs/unreleased/49814-display-in-admin-area-if-emails-are-verified-or-not.yml delete mode 100644 changelogs/unreleased/50228-deploy-tokens-custom-username.yml delete mode 100644 changelogs/unreleased/50834-change-http-status-code-when-repository-disabled.yml delete mode 100644 changelogs/unreleased/51794-add-ordering-to-runner-jobs-api.yml delete mode 100644 changelogs/unreleased/51952-forking-via-webide.yml delete mode 100644 changelogs/unreleased/51952-redirect-to-webide-in-fork.yml delete mode 100644 changelogs/unreleased/52366-improved-group-lists-ui.yml delete mode 100644 changelogs/unreleased/52442-minimal-remove-mysql-support.yml delete mode 100644 changelogs/unreleased/52954-allow-developers-to-delete-tags.yml delete mode 100644 changelogs/unreleased/53357-fix-plus-in-upload-file-names.yml delete mode 100644 changelogs/unreleased/53811-issue-boards-to-core-projects-backend-ce.yml delete mode 100644 changelogs/unreleased/54117-transactional-rebase.yml delete mode 100644 changelogs/unreleased/54595-incorrect-reaction-emoji-placement-in-discussion.yml delete mode 100644 changelogs/unreleased/55487-enable-group-terminals-button.yml delete mode 100644 changelogs/unreleased/55623-group-cluster-apis.yml delete mode 100644 changelogs/unreleased/55902-disable-creation-of-non-rbac-kubernetes-clusters.yml delete mode 100644 changelogs/unreleased/55953-renamed-discussion-to-thread.yml delete mode 100644 changelogs/unreleased/57538-normalize-users-private-profile-field.yml delete mode 100644 changelogs/unreleased/57793-fix-line-age.yml delete mode 100644 changelogs/unreleased/57815.yml delete mode 100644 changelogs/unreleased/57918-encrypt-feature-flags-tokens-changelog.yml delete mode 100644 changelogs/unreleased/57973-errors-in-application-settings-panel-shows-wrong-panel.yml delete mode 100644 changelogs/unreleased/58065-uniform-html-txt-email.yml delete mode 100644 changelogs/unreleased/58689-regroup-jump-button-in-discussion.yml delete mode 100644 changelogs/unreleased/58802-rename-webide.yml delete mode 100644 changelogs/unreleased/58808-fix-image-diff-on-text.yml delete mode 100644 changelogs/unreleased/59028-fix-extra-plus-in-diffs.yml delete mode 100644 changelogs/unreleased/59257-find-new-branches-harder.yml delete mode 100644 changelogs/unreleased/60617-enable-project-cluster-jit.yml delete mode 100644 changelogs/unreleased/60666-kubernetes-applications-uninstall-runner.yml delete mode 100644 changelogs/unreleased/60856-deleting-binary-file.yml delete mode 100644 changelogs/unreleased/60859-upload-after-delete.yml delete mode 100644 changelogs/unreleased/60860-keep-empty-folders-in-tree.yml delete mode 100644 changelogs/unreleased/60879-fix-reports-timing-out.yml delete mode 100644 changelogs/unreleased/61005-grafanaInAdminSettingsMonitoringMenu.yml delete mode 100644 changelogs/unreleased/61156-instance-level-cluster-pod-terminal-access.yml delete mode 100644 changelogs/unreleased/61201-pass-identities-to-external-authorization.yml delete mode 100644 changelogs/unreleased/61284-frontend-follow-up-from-add-packages_size-to-projectstatistics.yml delete mode 100644 changelogs/unreleased/61342-commit-search-result-doesn-t-pass-wcag-color-audit.yml delete mode 100644 changelogs/unreleased/61613-spacing-mr-widgets.yml delete mode 100644 changelogs/unreleased/62088-search-back.yml delete mode 100644 changelogs/unreleased/62124-new-threaded-discussion-design.yml delete mode 100644 changelogs/unreleased/62183-update-response-code-for-bulk-delete-api-for-container-registry.yml delete mode 100644 changelogs/unreleased/62772-disable-kubernetes-credential-passthrough.yml delete mode 100644 changelogs/unreleased/62772-migrate-managed-clusters-to-unmanaged.yml delete mode 100644 changelogs/unreleased/62826-graphql-emoji-mutations.yml delete mode 100644 changelogs/unreleased/62826-graphql-note-mutations.yml delete mode 100644 changelogs/unreleased/62938-wcag-aa-edited-text-color.yml delete mode 100644 changelogs/unreleased/62968-environment-details-header-border-misaligned.yml delete mode 100644 changelogs/unreleased/62980-username-availability-checker-breaks-inline-validation.yml delete mode 100644 changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml delete mode 100644 changelogs/unreleased/63200-reply-button-broken.yml delete mode 100644 changelogs/unreleased/63227-fix-double-border.yml delete mode 100644 changelogs/unreleased/63247-add-conf-toast-and-link.yml delete mode 100644 changelogs/unreleased/63261-the-graphql-query-for-the-mr-popover-failes-on-the-frontend.yml delete mode 100644 changelogs/unreleased/63298-prevent-excessive-sanitization-asciidoc.yml delete mode 100644 changelogs/unreleased/63475-fix-n-1.yml delete mode 100644 changelogs/unreleased/63479-jira-capitalization.yml delete mode 100644 changelogs/unreleased/63507-fix-race-condition-fetching-token.yml delete mode 100644 changelogs/unreleased/63559-remove-avatar-from-sign-in.yml delete mode 100644 changelogs/unreleased/63590-pipeline-actions-cause-full-refresh.yml delete mode 100644 changelogs/unreleased/63656-runner-tags-search-dropdown-is-empty.yml delete mode 100644 changelogs/unreleased/63667-hashed-storage-migration-count-correctly.yml delete mode 100644 changelogs/unreleased/63691-fix-doc-link.yml delete mode 100644 changelogs/unreleased/63873-process-start-time.yml delete mode 100644 changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml delete mode 100644 changelogs/unreleased/63971-remove-istanbul.yml delete mode 100644 changelogs/unreleased/64066-fix-uneven-click-areas.yml delete mode 100644 changelogs/unreleased/64070-asciidoctor-enable-section-anchors.yml delete mode 100644 changelogs/unreleased/64091-fix-broken-terminal.yml delete mode 100644 changelogs/unreleased/64161-gitlab-fqdn.yml delete mode 100644 changelogs/unreleased/64176-fix-error-handling.yml delete mode 100644 changelogs/unreleased/64249-align-container-registry-empty-state-with-design-guidelines.yml delete mode 100644 changelogs/unreleased/64314-ci-icon.yml delete mode 100644 changelogs/unreleased/64315-mget_sessions_in_chunks.yml delete mode 100644 changelogs/unreleased/64321-wrong-url-when-creating-milestones-from-instance-milestones-dashboard.yml delete mode 100644 changelogs/unreleased/64331-Assignee-field-in-a-new-issue-has-an-incorrect-line-wrap.yml delete mode 100644 changelogs/unreleased/64407-vfazio-quirk-omniauth-strategies-openidconnect.yml delete mode 100644 changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml delete mode 100644 changelogs/unreleased/64645-asciidoctor-preserve-footnote-link-ids.yml delete mode 100644 changelogs/unreleased/9928ee-add-rule_type-to-approval-project-rules.yml delete mode 100644 changelogs/unreleased/Remove-unresolved-class-in-discussion-header.yml delete mode 100644 changelogs/unreleased/add-clusters-to-deployment.yml delete mode 100644 changelogs/unreleased/add-metrics-dashboard-permission-check.yml delete mode 100644 changelogs/unreleased/add-salesforce-logo.yml delete mode 100644 changelogs/unreleased/add-strategies-column-to-scopes-table.yml delete mode 100644 changelogs/unreleased/allow-reactive-caching-of-nil.yml delete mode 100644 changelogs/unreleased/always-allow-prometheus-access-in-dev.yml delete mode 100644 changelogs/unreleased/always-display-environment-selector.yml delete mode 100644 changelogs/unreleased/api-doc-negative-commit-message-push-rule.yml delete mode 100644 changelogs/unreleased/asciidoc-enable-syntax-highlighting.yml delete mode 100644 changelogs/unreleased/asciidoctor-upgrade.yml delete mode 100644 changelogs/unreleased/backstage-gb-improve-performance-environment-statuses-endpoint.yml delete mode 100644 changelogs/unreleased/bjk-fix_prom_example.yml delete mode 100644 changelogs/unreleased/bvl-markdown-graphql.yml delete mode 100644 changelogs/unreleased/bvl-rename-routes-after-user-rename.yml delete mode 100644 changelogs/unreleased/caneldem-master-patch-77839.yml delete mode 100644 changelogs/unreleased/ce-11098-update-merge-request-settings-description-text.yml delete mode 100644 changelogs/unreleased/centralize-markdownlint-config.yml delete mode 100644 changelogs/unreleased/check-min-schema-migrate.yml delete mode 100644 changelogs/unreleased/ci_default_git_depth_only.yml delete mode 100644 changelogs/unreleased/clusters-group-cte.yml delete mode 100644 changelogs/unreleased/create-merge-train-ref-ce.yml delete mode 100644 changelogs/unreleased/db-update-geo-nodes-primary.yml delete mode 100644 changelogs/unreleased/dohtaset.yml delete mode 100644 changelogs/unreleased/ds-charts-whitespace.yml delete mode 100644 changelogs/unreleased/dz-remove-deprecated-group-routes.yml delete mode 100644 changelogs/unreleased/dz-remove-deprecated-user-routes.yml delete mode 100644 changelogs/unreleased/embedded-metrics-be-2.yml delete mode 100644 changelogs/unreleased/expose-saml-provider-id-to-users-api.yml delete mode 100644 changelogs/unreleased/fe-delete-old-boardservice-on-component-modal-footer.yml delete mode 100644 changelogs/unreleased/fe-issue-reorder.yml delete mode 100644 changelogs/unreleased/feature-uninstall_cluster_ingress.yml delete mode 100644 changelogs/unreleased/feature-uninstall_jupyter_hub_app.yml delete mode 100644 changelogs/unreleased/fix-broken-vue-i18n-strings.yml delete mode 100644 changelogs/unreleased/fix-comment-race-condition.yml delete mode 100644 changelogs/unreleased/fix-facivon-url-if-uploads-object-store-enabled.yml delete mode 100644 changelogs/unreleased/fix-jupyter-git-v3.yml delete mode 100644 changelogs/unreleased/fix-median-counting-for-cycle-analytics.yml delete mode 100644 changelogs/unreleased/fix-pipeline-schedule-edge-case.yml delete mode 100644 changelogs/unreleased/fix-sidekiq-transaction-check-race.yml delete mode 100644 changelogs/unreleased/fix-unicorn-sampler-workers-count.yml delete mode 100644 changelogs/unreleased/fj-fix-subgroup-search-url.yml delete mode 100644 changelogs/unreleased/georgekoltsov-63955-fix-import-with-source-branch-deleted.yml delete mode 100644 changelogs/unreleased/gitaly-version-v1-53-0.yml delete mode 100644 changelogs/unreleased/gitaly-version-v1.49.0.yml delete mode 100644 changelogs/unreleased/gitaly-version-v1.51.0.yml delete mode 100644 changelogs/unreleased/gitaly-version-v1.52.0.yml delete mode 100644 changelogs/unreleased/graphql-tree-last-commit.yml delete mode 100644 changelogs/unreleased/gt-remove-tooltip-directive-on-project-avatar-image-component.yml delete mode 100644 changelogs/unreleased/hfy-apply-knative-cluster-role-on-service-account-creation.yml delete mode 100644 changelogs/unreleased/hide-restricted-visibility-radio.yml delete mode 100644 changelogs/unreleased/id-clean-up-mr-assignees.yml delete mode 100644 changelogs/unreleased/id-extract-widget-into-different-request.yml delete mode 100644 changelogs/unreleased/id-stale-branches.yml delete mode 100644 changelogs/unreleased/issue-63222.yml delete mode 100644 changelogs/unreleased/issue-zoom-url.yml delete mode 100644 changelogs/unreleased/issue_64021.yml delete mode 100644 changelogs/unreleased/jc-detect-nfs-for-rugged.yml delete mode 100644 changelogs/unreleased/jc-remove-catfile-flag.yml delete mode 100644 changelogs/unreleased/jramsay-enable-object-dedupe-by-default.yml delete mode 100644 changelogs/unreleased/knative-0-6.yml delete mode 100644 changelogs/unreleased/limit-amount-of-tests-returned.yml delete mode 100644 changelogs/unreleased/mh-board-tooltips.yml delete mode 100644 changelogs/unreleased/mh-boards-filter-bar.yml delete mode 100644 changelogs/unreleased/mh-collapsible-boards.yml delete mode 100644 changelogs/unreleased/mh-colon-autocomplete.yml delete mode 100644 changelogs/unreleased/mh-mermaid-linebreaks.yml delete mode 100644 changelogs/unreleased/move-all-configs-to-global.yml delete mode 100644 changelogs/unreleased/mw-project-list-color-fix.yml delete mode 100644 changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml delete mode 100644 changelogs/unreleased/osw-sync-merge-ref-upon-mergeability-check.yml delete mode 100644 changelogs/unreleased/paginate-license-management.yml delete mode 100644 changelogs/unreleased/patch-29.yml delete mode 100644 changelogs/unreleased/po-raw-changes-encoding.yml delete mode 100644 changelogs/unreleased/pre-releases-38105a.yml delete mode 100644 changelogs/unreleased/prepare-cycle-analytics-for-group-level.yml delete mode 100644 changelogs/unreleased/project_api.yml delete mode 100644 changelogs/unreleased/refactor-sentry.yml delete mode 100644 changelogs/unreleased/registry-fix-multi-delete-modal.yml delete mode 100644 changelogs/unreleased/remove-auto-ssl-ff.yml delete mode 100644 changelogs/unreleased/remove-kubernetes-service-deployment-platform.yml delete mode 100644 changelogs/unreleased/remove-support-for-legacy-pipeline-triggers.yml delete mode 100644 changelogs/unreleased/remove_group_and_instance_clusters_feature_flag.yml delete mode 100644 changelogs/unreleased/require-pipeline-when-enabling-only-allow-merge-if-pipeline-succeeds.yml delete mode 100644 changelogs/unreleased/rj-fix-manual-order.yml delete mode 100644 changelogs/unreleased/sanitize_rake_ldap_check_output.yml delete mode 100644 changelogs/unreleased/search-blob-basenames.yml delete mode 100644 changelogs/unreleased/security-2858-fix-color-validation.yml delete mode 100644 changelogs/unreleased/security-59581-related-merge-requests-count.yml delete mode 100644 changelogs/unreleased/security-DOS_issue_comments_banzai.yml delete mode 100644 changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml delete mode 100644 changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml delete mode 100644 changelogs/unreleased/security-mr-head-pipeline-leak.yml delete mode 100644 changelogs/unreleased/security-notes-in-private-snippets.yml delete mode 100644 changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml delete mode 100644 changelogs/unreleased/set-higher-ttl-for-trace-write.yml delete mode 100644 changelogs/unreleased/sh-add-force-random-password-user-api.yml delete mode 100644 changelogs/unreleased/sh-add-gitaly-ref-caching-search-controller.yml delete mode 100644 changelogs/unreleased/sh-add-thread-memory-cache.yml delete mode 100644 changelogs/unreleased/sh-audit-event-json-log-format-from-and-to.yml delete mode 100644 changelogs/unreleased/sh-avoid-loading-pipeline-status.yml delete mode 100644 changelogs/unreleased/sh-bump-fog-aws.yml delete mode 100644 changelogs/unreleased/sh-cache-feature-flag-names.yml delete mode 100644 changelogs/unreleased/sh-cache-flipper-checks-in-memory.yml delete mode 100644 changelogs/unreleased/sh-cache-flipper-names-memory-cache.yml delete mode 100644 changelogs/unreleased/sh-cache-negative-entries-find-commit.yml delete mode 100644 changelogs/unreleased/sh-clean-up-bitbucket-import-errors.yml delete mode 100644 changelogs/unreleased/sh-disable-reactive-caching-automatic-retries.yml delete mode 100644 changelogs/unreleased/sh-enable-ref-name-caching-discussions.yml delete mode 100644 changelogs/unreleased/sh-fix-gitaly-server-info-cache.yml delete mode 100644 changelogs/unreleased/sh-fix-httpclient-ssl.yml delete mode 100644 changelogs/unreleased/sh-fix-issue-63349.yml delete mode 100644 changelogs/unreleased/sh-fix-issue-63910.yml delete mode 100644 changelogs/unreleased/sh-handle-nil-replication-lag.yml delete mode 100644 changelogs/unreleased/sh-improve-redis-peek.yml delete mode 100644 changelogs/unreleased/sh-optimize-todos-controller.yml delete mode 100644 changelogs/unreleased/sh-remove-import-columns-from-projects.yml delete mode 100644 changelogs/unreleased/sh-service-template-bug.yml delete mode 100644 changelogs/unreleased/sh-strong-memoize-appearances.yml delete mode 100644 changelogs/unreleased/sh-support-subnets-ip-rate-limiter.yml delete mode 100644 changelogs/unreleased/sh-update-mermaid.yml delete mode 100644 changelogs/unreleased/sh-upgrade-rouge-3-5-1.yml delete mode 100644 changelogs/unreleased/slugify.yml delete mode 100644 changelogs/unreleased/small-s-in-elasticsearch-in-code.yml delete mode 100644 changelogs/unreleased/small-s-in-elasticsearch.yml delete mode 100644 changelogs/unreleased/support-jsonb-default-value.yml delete mode 100644 changelogs/unreleased/tc-rake-orphan-artifacts.yml delete mode 100644 changelogs/unreleased/transaction-metrics.yml delete mode 100644 changelogs/unreleased/tz-update-mr-count-over-tabs.yml delete mode 100644 changelogs/unreleased/unicorn-sampler-fix.yml delete mode 100644 changelogs/unreleased/update-clair-version.yml delete mode 100644 changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-6-0.yml delete mode 100644 changelogs/unreleased/update-pages-to-1-7-0.yml delete mode 100644 changelogs/unreleased/update-pagination-texts.yml delete mode 100644 changelogs/unreleased/update-tar-to-2-2-2.yml delete mode 100644 changelogs/unreleased/update-todo-in-ui.yml delete mode 100644 changelogs/unreleased/use-pg-9-6-11-on-ci.yml delete mode 100644 changelogs/unreleased/winh-jest-markdown-header.yml delete mode 100644 changelogs/unreleased/winh-multiple-issueboards-core.yml delete mode 100644 changelogs/unreleased/winh-notes-service-applySuggestion.yml delete mode 100644 changelogs/unreleased/winh-notes-service-deleteNote.yml delete mode 100644 changelogs/unreleased/winh-notes-service-toggleAward.yml delete mode 100644 changelogs/unreleased/winh-updateResolvableDiscussionsCounts-typo.yml delete mode 100644 changelogs/unreleased/z-index-fix-for-diff-file-dropdown.yml delete mode 100644 changelogs/unreleased/z-index-tools.yml delete mode 100644 changelogs/unreleased/zj-gitaly-usage-data.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b73585722f..34ace58bb14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,277 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.1.0 + +### Security (11 changes, 2 of them are from the community) + +- Update tar to 2.2.2. !29949 (Takuya Noguchi) +- Update lodash to 4.7.14 and lodash.mergewith to 4.6.2. !30602 (Takuya Noguchi) +- Correctly check permissions when creating snippet notes. +- Gate MR head_pipeline behind read_pipeline ability. +- Prevent Billion Laughs attack. +- Add missing authorizations in GraphQL. +- Fix Denial of Service for comments when rendering issues/MR comments. +- Expose merge requests count based on user access. +- Fix DoS vulnerability in color validation regex. +- Prevent the detection of merge request templates by unauthorized users. +- Persist tmp snippet uploads at users. + +### Removed (7 changes) + +- Disable Kubernetes credential passthrough for managed project-level clusters. !29262 +- Remove deprecated group routes. !29351 +- Remove support for creating non-RBAC kubernetes clusters. !29614 +- Remove Kubernetes service integration and Kubernetes service template from available deployment platforms. !29786 +- Remove MySQL support. !29790 +- Remove depreated /u/:username routing. !30044 +- Remove support for legacy pipeline triggers. !30133 + +### Fixed (84 changes, 14 of them are from the community) + +- Update a user's routes after updating their name. !23272 +- Show poper panel when validation error occurs in admin settings panels. !25434 +- Expect bytes from Gitaly RPC GetRawChanges. !28164 +- Sanitize LDAP output in Rake tasks. !28427 +- Left align mr widget icons and text. !28561 +- Keep the empty folders in the tree. !29196 +- Fix incorrect emoji placement in commit diff discussion. !29445 +- Fix favicon path with uploads of object store. !29482 (Roger Meier) +- Remove duplicate trailing +/- char in merge request discussions. !29518 +- Fix the signup form's username validation messages not displaying. !29678 (Jiaan Louw) +- Fix broken environment selector and always display it on monitoring dashboard. !29705 +- Fix Container Scanning job timeout when using the kubernetes executor. !29706 +- Look for new branches more carefully. !29761 +- Fix nested lists unnecessary margin. !29775 (Kuba Kopeć) +- Fix reports jobs timing out because of cache. !29780 +- Fix Double Border in Profile Page. !29784 (Yoginth <@yo>) +- Remove minimum character limits for fuzzy searches when using a CTE. !29810 +- Set default sort method for dashboard projects list. !29830 (David Palubin) +- Protect TeamCity builds from triggering when a branch has been deleted. And a MR-option. !29836 (Nikolay Novikov, Raphael Tweitmann) +- Fix pipeline schedule does not run correctly when it's scheduled at the same time with the cron worker. !29848 +- Always shows author of created issue/started discussion/comment in HTML body and text of email. !29886 (Frank van Rest) +- Build correct basenames for title search results. !29898 +- Resolve "500 error when forking via the web IDE button". !29909 +- Turn commit sha in monitor charts popover to link. !29914 +- Fix broken URLs for uploads with a plus in the filename. !29915 +- Retry fetching Kubernetes Secret#token (#63507). !29922 +- Enforce presence of pipeline when "Pipeline must succeed" project setting is enabled. !29926 +- Fix unresponsive reply button in discussions. !29936 +- Allow asynchronous rebase operations to be monitored. !29940 +- Resolve Avatar in Please sign in pattern too large. !29944 +- Persist the cluster a deployment was deployed to. !29960 +- Fix runner tags search dropdown being empty when there are tags. !29985 +- Display the correct amount of projects being migrated/rolled-back to Hashed Storage when specifying ranges. !29996 +- Resolve Environment details header border misaligned. !30011 +- Correct link to docs for External Dashboard. !30019 +- Fix Jupyter-Git integration. !30020 (Amit Rathi) +- Update Mermaid to 8.1.0. !30036 +- Fix background migrations failing with unused replication slot. !30042 +- Disable Rails SQL query cache when applying service templates. !30060 +- Set higher TTL for write lock of trace to prevent concurrent archiving. !30064 +- Fix charts on Cluster health page. !30073 +- Display boards filter bar on mobile. !30120 +- Fix IDE editor not showing when switching back from preview. !30135 +- Support note position tracing on an image. !30158 +- Replace slugifyWithHyphens with improved slugify function. !30172 (Luke Ward) +- 'Open' and 'Closed' issue board lists no longer display a redundant tooltip. !30187 +- Fix pipelines table to update without refreshing after action. !30190 +- Change ruby_process_start_time_seconds metric to unix timestamp instead of seconds from boot. !30195 +- Fix attachments using the wrong URLs in e-mails. !30197 +- Make sure UnicornSampler is started only in master process. !30215 +- Don't show image diff note on text file. !30221 +- Fix median counting for cycle analytics. !30229 +- In WebIDE allow adding new entries of the same name as deleted entry. !30239 +- Don't let logged out user do manual order. !30264 +- Skip spam check for task list updates. !30279 +- Make Housekeeping button do a full garbage collection. !30289 +- Removing an image should not output binary data. !30314 +- Fix spacing issues for toasts. !30345 +- Fix race in forbid_sidekiq_in_transactions.rb. !30359 +- Fixed back navigation for projects filter. !30373 +- Fix environments broken terminal. !30401 +- Fix invalid SSL certificate errors on Drone CI service. !30422 +- Fix subgroup url in search drop down. !30457 +- Make unicorn_workers to return meaningful results. !30506 +- Fix wrong URL when creating milestones from instance milestones dashboard. !30512 +- Fixed incorrect line wrap for assignee label in issues. !30523 (Marc Schwede) +- Improves section header whitespace on the CI/CD Charts page. !30531 +- Prevent multiple confirmation modals from opening when deleting a repository. !30532 +- Aligns CI icon in Merge Request dashboard. !30558 +- Add text-secondary to controls in project list. !30567 +- Review Tools: Add large z-index to toolbar. !30583 +- Hide restricted and disallowed visibility radios. !30590 +- Resolve Label picker: Line break on long label titles. !30610 +- Fix a bug that prevented projects containing merge request diff comments from being imported. !30630 +- I fixed z index bug in diff page. !30657 (Faruk Can) +- Allow client authentication method to be configured for OpenID Connect. !30683 (Vincent Fazio) +- Fix commenting before discussions are loaded. !30724 +- Fix linebreak rendering in Mermaid flowcharts. !30730 +- Make httpclient respect system SSL configuration. !30749 +- Bump fog-aws to v3.5.2. !30803 +- API: Allow changing only ci_default_git_depth. !30888 (Mathieu Parent) +- Search issuables by iids. (Riccardo Padovani) +- Fix broken warnings while Editing Issues and Edit File on MR. +- Make sure we are receiving the proper information on the MR Popover by updating the IID in the graphql query. + +### Changed (39 changes, 8 of them are from the community) + +- Improve group list UI. !26542 +- Backport and Docs for Paginate license management and add license search. !27602 +- Update merge requests section description text on project settings page. !27838 +- Knative version bump 0.5 -> 0.6. !28798 (Chris Baumbauer) +- Add salesforce logo for salesforce SSO. !28857 +- Enforced requirements for UltraAuth users. !28941 (Kartikey Tanna) +- Return 400 when deleting tags more often than once per hour. !29448 +- Add identity information to external authorization requests. !29461 +- Enable just-in-time Kubernetes resource creation for project-level clusters. !29515 +- renamed discussion to thread in merge-request and issue timeline. !29553 (Michel Engelen) +- Changed HTTP Status Code for disabled repository on /branches and /commits to 404. !29585 (Sam Battalio) +- Enable Git object pools. !29595 (jramsay) +- Updated container registry to display error message when special characters in path. Documentation has also been updated. !29616 +- Allow developers to delete tags. !29668 +- Will not update issue timestamps when changing positions in a list. !29677 +- Include a link back to the MR for Visual Review feedback form. !29719 +- Improve discussion reply buttons layout and how jump to next discussion button appears. !29779 +- Renders a pre-release tag for releases. !29797 +- Migrate NULL values for users.private_profile column and update users API to reject null value for private_profile. !29888 +- Re-name files in Web IDE in a more natural way. !29948 +- Include events from subgroups in group's activity. !29953 (Fabian Schneider @fabsrc) +- Upgrade to Gitaly v1.49.0. !29990 +- Remove group and instance clusters feature flag. !30124 +- Add support for creating random passwords in user creation API. !30138 +- Support CIDR notation in IP rate limiter. !30146 +- Add Redis call details in Peek performance bar. !30191 +- Create Knative role and binding with service account. !30235 +- Add cleanup migration for MR's multiple assignees. !30261 +- Updates PHP template to php:latest to ensure always targeting latest stable. !30319 (Paul Giberson) +- Format `from` and `to` fields in JSON audit log. !30333 +- Upgrade to Gitaly v1.51.0. !30353 +- Modify cycle analytics on project level. !30356 +- Extract clair version as CLAIR_EXECUTABLE_VERSION variable and update clair executable from v8 to v11. !30396 +- Upgrade Rouge to 3.5.1. !30431 +- Move multiple issue boards to core. !30503 +- Upgrade to Gitaly v1.52.0. !30568 +- Upgrade to Gitaly v1.53.0. !30614 +- Open WebIDE in fork when user doesn't have access. !30642 +- Propagate python version variable. (Can Eldem) + +### Performance (25 changes, 1 of them is from the community) + +- Remove tooltip directive on project avatar image component. !29631 (George Tsiolis) +- Use Rugged if we detect storage is NFS and we can access the disk. !29725 +- Add endpoint for fetching diverging commit counts. !29802 +- Cache feature flag names in Redis for a minute. !29816 +- Avoid storing backtraces from Bitbucket Cloud imports in the database. !29862 +- Remove import columns from projects table. !29863 +- Enable Gitaly ref name caching for discussions.json. !29951 +- Allow caching of negative FindCommit matches. !29952 +- Eliminate N+1 queries in Dashboard::TodosController. !29954 +- Memoize non-existent custom appearances. !29957 +- Add a separate endpoint for fetching MRs serialized as widgets. !29979 +- Use CTE to fetch clusters hierarchy in single query. !30063 +- Enable Gitaly ref caching for SearchController. !30105 +- Avoid loading pipeline status in search results. !30111 +- Improve performance of MergeRequestsController#ci_environment_status endpoint. !30224 +- Add a memory cache local to the thread to reduce Redis load. !30233 +- Cache Flipper persisted names directly to local memory storage. !30265 +- Limit amount of JUnit tests returned. !30274 +- Cache Flipper feature flags in L1 and L2 caches. !30276 +- Prevent amplification of ReactiveCachingWorker jobs upon failures. !30432 +- Allow ReactiveCaching to support nil value. !30456 +- Improve performance of fetching environments statuses. !30560 +- Do Redis lookup in batches in ActiveSession.sessions_from_ids. !30561 +- Remove catfile cache feature flag. !30750 +- Fix Gitaly auto-detection caching. !30954 + +### Added (46 changes, 12 of them are from the community) + +- Document the negative commit message push rule for the API. !14004 (Maikel Vlasman) +- Expose saml_provider_id in the users API. !14045 +- Improve Project API. !28327 (Mathieu Parent) +- Remove Sentry from application settings. !28447 (Roger Meier) +- Implement borderless discussion design with new reply field. !28580 +- Enable terminals for instance and group clusters. !28613 +- Resolve Multiple discussions per line in merge request diffs. !28748 +- Adds link to Grafana in Admin > Monitoring settings when grafana is enabled in config. !28937 (Romain Maneschi) +- Bring Manual Ordering on Issue List. !29410 +- Added commit type to tree GraphQL response. !29412 +- New API for User Counts, updates on success of an MR the count on top and in other tabs. !29441 +- Add option to limit time tracking units to hours. !29469 (Jon Kolb) +- Add confirmation for registry image deletion. !29505 +- Sync merge ref upon mergeability check. !29569 +- Show an Upcoming Status for Releases. !29577 +- Add order_by and sort params to list runner jobs api. !29629 (Sujay Patel) +- Allow custom username for deploy tokens. !29639 +- Add a verified pill next to email addresses under the admin users section. !29669 +- Add rake task to clean orphan artifact files. !29681 +- Render GFM in GraphQL. !29700 +- Upgrade asciidoctor version to 2.0.10. !29741 (Rajendra Kadam) +- Allow auto-completing scoped labels. !29749 +- Enable syntax highlighting for AsciiDoc. !29835 (Guillaume Grossetie) +- Expose placeholder element for metrics charts in GFM. !29861 +- Added a min schema version check to db:migrate. !29882 +- Extract zoom link from issue and pass to frontend. !29910 (raju249) +- GraphQL mutations for add, remove and toggle emoji. !29919 +- Labeled issue boards can now collapse. !29955 +- Allow Ingress to be uninstalled from the UI. !29977 +- Add permission check to metrics dashboards endpoint. !30017 +- Allow JupyterHub to be uninstalled from the UI. !30097 +- Allow GitLab Runner to be uninstalled from the UI. !30176 +- GraphQL mutations for managing Notes. !30210 +- Add API for CRUD group clusters. !30213 +- Add endpoint to move multiple issues in boards. !30216 +- Enable terminals button for group clusters. !30255 +- Prevent excessive sanitization of AsciiDoc ouptut. !30290 (Guillaume Grossetie) +- Extend `MergeToRefService` to create merge ref from an arbitrary ref. !30361 +- Add CI variable to provide GitLab HOST. !30417 +- Add migration for adding rule_type to approval_project_rules. !30575 +- Enable section anchors in Asciidoctor. !30666 (Guillaume Grossetie) +- Preserve footnote link ids in Asciidoctor. !30790 (Guillaume Grossetie) +- Add support for generating SSL certificates for custon pages domains through Let's Encrypt. +- Introduce default: for gitlab-ci.yml. +- Move Multiple Issue Boards for Projects to Core. +- Add Gitaly data to the usage ping. + +### Other (35 changes, 15 of them are from the community) + +- Remove unresolved class and fixed height in discussion header. !28440 (David Palubin) +- Moved EE/CE code differences for file `app/views/search/_category.html.haml` into CE. !28755 (Michel Engelen) +- Changes "Todo" to "To Do" in the UI for clarity. !28844 +- Migrate GitLab managed project-level clusters to unmanaged if a Kubernetes namespace was unable to be created. !29251 +- Migrate GitLab managed project-level clusters to unmanaged if they are missing a Kubernetes service account token. !29648 +- Add strategies column to operations_feature_flag_scopes table. !29808 +- Disallow `NULL` values for `geo_nodes.primary` column. !29818 (Arun Kumar Mohan) +- Replace 'JIRA' with 'Jira'. !29849 (Takuya Noguchi) +- Support jsonb default in add_column_with_default migration helper. !29871 +- Update pagination prev and next texts. !29911 +- Adds metrics to measure cost of expensive operations. !29928 +- Always allow access to health endpoints from localhost in dev. !29930 +- Update GitLab Runner Helm Chart to 0.6.0. !29982 +- Use darker gray color for system note metadata and edited text. !30054 +- Fix typo in docs about Elasticsearch. !30162 (Takuya Noguchi) +- Fix typo in code comments about Elasticsearch. !30163 (Takuya Noguchi) +- Update mixin-deep to 1.3.2. !30223 (Takuya Noguchi) +- Migrate markdown header_spec.js to Jest. !30228 (Martin Hobert) +- Remove istanbul JavaScript package. !30232 (Takuya Noguchi) +- Centralize markdownlint configuration. !30263 +- Use PostgreSQL 9.6.11 in CI tests. !30270 (Takuya Noguchi) +- Fix typo in updateResolvableDiscussionsCounts action. !30278 (Frank van Rest) +- Change color for namespace in commit search. !30312 +- Remove applySuggestion from notes service. !30399 (Frank van Rest) +- Improved readability of storage statistics in group / project admin area. !30406 +- Alignign empty container registry message with design guidelines. !30502 +- Remove toggleAward from notes service. !30536 (Frank van Rest) +- Remove deleteNote from notes service. !30537 (Frank van Rest) +- change the use of boardService in favor of boardsStore on footer for the board component. !30616 (eduarmreyes) +- Update example Prometheus scrape config. !30739 +- Update GitLab Pages to v1.7.0. +- Add token_encrypted column to operations_feature_flags_clients table. +- Removes EE diff for app/views/profiles/preferences/show.html.haml. +- Removes EE differences for app/views/layouts/fullscreen.html.haml. +- Removes EE differences for app/views/admin/users/show.html.haml. + + ## 12.0.3 (2019-06-27) - No changes. diff --git a/changelogs/unreleased/11039-moved-code-difference-from-EE-to-CE.yml b/changelogs/unreleased/11039-moved-code-difference-from-EE-to-CE.yml deleted file mode 100644 index 10c5eed9556..00000000000 --- a/changelogs/unreleased/11039-moved-code-difference-from-EE-to-CE.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Moved EE/CE code differences for file `app/views/search/_category.html.haml` into CE" -merge_request: 28755 -author: Michel Engelen -type: other diff --git a/changelogs/unreleased/11448-fix-cs-with-k8s-runners.yml b/changelogs/unreleased/11448-fix-cs-with-k8s-runners.yml deleted file mode 100644 index 191e64df4f1..00000000000 --- a/changelogs/unreleased/11448-fix-cs-with-k8s-runners.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Container Scanning job timeout when using the kubernetes executor -merge_request: 29706 -author: -type: fixed diff --git a/changelogs/unreleased/11888-regression-deploy-correlation-markers-on-monitoring-graphs-not-clickable.yml b/changelogs/unreleased/11888-regression-deploy-correlation-markers-on-monitoring-graphs-not-clickable.yml deleted file mode 100644 index 606abe818b4..00000000000 --- a/changelogs/unreleased/11888-regression-deploy-correlation-markers-on-monitoring-graphs-not-clickable.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Turn commit sha in monitor charts popover to link -merge_request: 29914 -author: -type: fixed diff --git a/changelogs/unreleased/12533-shared-runners-warning.yml b/changelogs/unreleased/12533-shared-runners-warning.yml deleted file mode 100644 index b2b526cc2e4..00000000000 --- a/changelogs/unreleased/12533-shared-runners-warning.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Removes EE differences for app/views/admin/users/show.html.haml -merge_request: -author: -type: other diff --git a/changelogs/unreleased/12550-fullscrean.yml b/changelogs/unreleased/12550-fullscrean.yml deleted file mode 100644 index f20b191f411..00000000000 --- a/changelogs/unreleased/12550-fullscrean.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Removes EE differences for app/views/layouts/fullscreen.html.haml -merge_request: -author: -type: other diff --git a/changelogs/unreleased/12553-preferences.yml b/changelogs/unreleased/12553-preferences.yml deleted file mode 100644 index c41a8c98e4e..00000000000 --- a/changelogs/unreleased/12553-preferences.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Removes EE diff for app/views/profiles/preferences/show.html.haml -merge_request: -author: -type: other diff --git a/changelogs/unreleased/17690-Protect-TeamCity-builds-for-triggering-when-a-branch-is-deleted-And-add-MR-option.yml b/changelogs/unreleased/17690-Protect-TeamCity-builds-for-triggering-when-a-branch-is-deleted-And-add-MR-option.yml deleted file mode 100644 index 741a0faf469..00000000000 --- a/changelogs/unreleased/17690-Protect-TeamCity-builds-for-triggering-when-a-branch-is-deleted-And-add-MR-option.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Protect TeamCity builds from triggering when a branch has been deleted. And a MR-option -merge_request: 29836 -author: Nikolay Novikov, Raphael Tweitmann -type: fixed diff --git a/changelogs/unreleased/29775-fix-nested-lists-unnecessary-margin.yml b/changelogs/unreleased/29775-fix-nested-lists-unnecessary-margin.yml deleted file mode 100644 index e7e43c54bab..00000000000 --- a/changelogs/unreleased/29775-fix-nested-lists-unnecessary-margin.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix nested lists unnecessary margin -merge_request: 29775 -author: Kuba Kopeć -type: fixed diff --git a/changelogs/unreleased/30355-use-hours-only-for-time-tracking.yml b/changelogs/unreleased/30355-use-hours-only-for-time-tracking.yml deleted file mode 100644 index b0252f9e81b..00000000000 --- a/changelogs/unreleased/30355-use-hours-only-for-time-tracking.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add option to limit time tracking units to hours -merge_request: 29469 -author: Jon Kolb -type: added diff --git a/changelogs/unreleased/32452-multiple-discussions.yml b/changelogs/unreleased/32452-multiple-discussions.yml deleted file mode 100644 index 5552340ee66..00000000000 --- a/changelogs/unreleased/32452-multiple-discussions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Resolve Multiple discussions per line in merge request diffs -merge_request: 28748 -author: -type: added diff --git a/changelogs/unreleased/35757-move-issues-in-boards-pderichs.yml b/changelogs/unreleased/35757-move-issues-in-boards-pderichs.yml deleted file mode 100644 index ae50350f70d..00000000000 --- a/changelogs/unreleased/35757-move-issues-in-boards-pderichs.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add endpoint to move multiple issues in boards -merge_request: 30216 -author: -type: added diff --git a/changelogs/unreleased/38105-pre-release-tag.yml b/changelogs/unreleased/38105-pre-release-tag.yml deleted file mode 100644 index d4c5dcacd19..00000000000 --- a/changelogs/unreleased/38105-pre-release-tag.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Renders a pre-release tag for releases -merge_request: 29797 -author: -type: changed diff --git a/changelogs/unreleased/40379-CJK-search-min-chars.yml b/changelogs/unreleased/40379-CJK-search-min-chars.yml deleted file mode 100644 index 6f6c4df464f..00000000000 --- a/changelogs/unreleased/40379-CJK-search-min-chars.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove minimum character limits for fuzzy searches when using a CTE -merge_request: 29810 -author: -type: fixed diff --git a/changelogs/unreleased/42399-registry-confirm-deletion.yml b/changelogs/unreleased/42399-registry-confirm-deletion.yml deleted file mode 100644 index 4d720e16721..00000000000 --- a/changelogs/unreleased/42399-registry-confirm-deletion.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add confirmation for registry image deletion -merge_request: 29505 -author: -type: added diff --git a/changelogs/unreleased/44106-include-subgroups-in-group-activity.yml b/changelogs/unreleased/44106-include-subgroups-in-group-activity.yml deleted file mode 100644 index 6e78d61ebc4..00000000000 --- a/changelogs/unreleased/44106-include-subgroups-in-group-activity.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Include events from subgroups in group's activity -merge_request: 29953 -author: Fabian Schneider @fabsrc -type: changed diff --git a/changelogs/unreleased/44949-do-not-update-updated_at-on-an-issue-when-reordering-it.yml b/changelogs/unreleased/44949-do-not-update-updated_at-on-an-issue-when-reordering-it.yml deleted file mode 100644 index efc6af7845c..00000000000 --- a/changelogs/unreleased/44949-do-not-update-updated_at-on-an-issue-when-reordering-it.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Will not update issue timestamps when changing positions in a list -merge_request: 29677 -author: -type: changed diff --git a/changelogs/unreleased/45104-special-characters-in-project-name-path-prevent-users-from-using-the-container-registry.yml b/changelogs/unreleased/45104-special-characters-in-project-name-path-prevent-users-from-using-the-container-registry.yml deleted file mode 100644 index ddde0cc9c39..00000000000 --- a/changelogs/unreleased/45104-special-characters-in-project-name-path-prevent-users-from-using-the-container-registry.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Updated container registry to display error message when special characters in path. Documentation has also been updated. -merge_request: 29616 -author: -type: changed diff --git a/changelogs/unreleased/45120-fix-ide-editor-to-update-size-on-show-change.yml b/changelogs/unreleased/45120-fix-ide-editor-to-update-size-on-show-change.yml deleted file mode 100644 index 592612c2615..00000000000 --- a/changelogs/unreleased/45120-fix-ide-editor-to-update-size-on-show-change.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix IDE editor not showing when switching back from preview -merge_request: 30135 -author: -type: fixed diff --git a/changelogs/unreleased/48771-label-picker-line-break-on-long-label-titles.yml b/changelogs/unreleased/48771-label-picker-line-break-on-long-label-titles.yml deleted file mode 100644 index e598247b5d8..00000000000 --- a/changelogs/unreleased/48771-label-picker-line-break-on-long-label-titles.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'Resolve Label picker: Line break on long label titles' -merge_request: 30610 -author: -type: fixed diff --git a/changelogs/unreleased/49814-display-in-admin-area-if-emails-are-verified-or-not.yml b/changelogs/unreleased/49814-display-in-admin-area-if-emails-are-verified-or-not.yml deleted file mode 100644 index db1391edd73..00000000000 --- a/changelogs/unreleased/49814-display-in-admin-area-if-emails-are-verified-or-not.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add a verified pill next to email addresses under the admin users section. -merge_request: 29669 -author: -type: added diff --git a/changelogs/unreleased/50228-deploy-tokens-custom-username.yml b/changelogs/unreleased/50228-deploy-tokens-custom-username.yml deleted file mode 100644 index fdafa7b1113..00000000000 --- a/changelogs/unreleased/50228-deploy-tokens-custom-username.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow custom username for deploy tokens -merge_request: 29639 -author: -type: added diff --git a/changelogs/unreleased/50834-change-http-status-code-when-repository-disabled.yml b/changelogs/unreleased/50834-change-http-status-code-when-repository-disabled.yml deleted file mode 100644 index b51079d5c74..00000000000 --- a/changelogs/unreleased/50834-change-http-status-code-when-repository-disabled.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Changed HTTP Status Code for disabled repository on /branches and /commits to 404" -merge_request: 29585 -author: Sam Battalio -type: changed diff --git a/changelogs/unreleased/51794-add-ordering-to-runner-jobs-api.yml b/changelogs/unreleased/51794-add-ordering-to-runner-jobs-api.yml deleted file mode 100644 index 908a132688c..00000000000 --- a/changelogs/unreleased/51794-add-ordering-to-runner-jobs-api.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add order_by and sort params to list runner jobs api -merge_request: 29629 -author: Sujay Patel -type: added diff --git a/changelogs/unreleased/51952-forking-via-webide.yml b/changelogs/unreleased/51952-forking-via-webide.yml deleted file mode 100644 index 4497c6b6ca4..00000000000 --- a/changelogs/unreleased/51952-forking-via-webide.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Resolve "500 error when forking via the web IDE button" -merge_request: 29909 -author: -type: fixed diff --git a/changelogs/unreleased/51952-redirect-to-webide-in-fork.yml b/changelogs/unreleased/51952-redirect-to-webide-in-fork.yml deleted file mode 100644 index ada0efca968..00000000000 --- a/changelogs/unreleased/51952-redirect-to-webide-in-fork.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Open WebIDE in fork when user doesn't have access -merge_request: 30642 -author: -type: changed diff --git a/changelogs/unreleased/52366-improved-group-lists-ui.yml b/changelogs/unreleased/52366-improved-group-lists-ui.yml deleted file mode 100644 index 99e5b67a56c..00000000000 --- a/changelogs/unreleased/52366-improved-group-lists-ui.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Improve group list UI -merge_request: 26542 -author: -type: changed diff --git a/changelogs/unreleased/52442-minimal-remove-mysql-support.yml b/changelogs/unreleased/52442-minimal-remove-mysql-support.yml deleted file mode 100644 index f1a50657383..00000000000 --- a/changelogs/unreleased/52442-minimal-remove-mysql-support.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove MySQL support -merge_request: 29790 -author: -type: removed diff --git a/changelogs/unreleased/52954-allow-developers-to-delete-tags.yml b/changelogs/unreleased/52954-allow-developers-to-delete-tags.yml deleted file mode 100644 index 38c65a67f2a..00000000000 --- a/changelogs/unreleased/52954-allow-developers-to-delete-tags.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow developers to delete tags -merge_request: 29668 -author: -type: changed diff --git a/changelogs/unreleased/53357-fix-plus-in-upload-file-names.yml b/changelogs/unreleased/53357-fix-plus-in-upload-file-names.yml deleted file mode 100644 index c11d74bd4fe..00000000000 --- a/changelogs/unreleased/53357-fix-plus-in-upload-file-names.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix broken URLs for uploads with a plus in the filename -merge_request: 29915 -author: -type: fixed diff --git a/changelogs/unreleased/53811-issue-boards-to-core-projects-backend-ce.yml b/changelogs/unreleased/53811-issue-boards-to-core-projects-backend-ce.yml deleted file mode 100644 index d8fbd7ec362..00000000000 --- a/changelogs/unreleased/53811-issue-boards-to-core-projects-backend-ce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Move Multiple Issue Boards for Projects to Core -merge_request: -author: -type: added diff --git a/changelogs/unreleased/54117-transactional-rebase.yml b/changelogs/unreleased/54117-transactional-rebase.yml deleted file mode 100644 index d0c93114c49..00000000000 --- a/changelogs/unreleased/54117-transactional-rebase.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow asynchronous rebase operations to be monitored -merge_request: 29940 -author: -type: fixed diff --git a/changelogs/unreleased/54595-incorrect-reaction-emoji-placement-in-discussion.yml b/changelogs/unreleased/54595-incorrect-reaction-emoji-placement-in-discussion.yml deleted file mode 100644 index 639eefb50cb..00000000000 --- a/changelogs/unreleased/54595-incorrect-reaction-emoji-placement-in-discussion.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix incorrect emoji placement in commit diff discussion -merge_request: 29445 -author: -type: fixed diff --git a/changelogs/unreleased/55487-enable-group-terminals-button.yml b/changelogs/unreleased/55487-enable-group-terminals-button.yml deleted file mode 100644 index 6bf16eaadd1..00000000000 --- a/changelogs/unreleased/55487-enable-group-terminals-button.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enable terminals button for group clusters -merge_request: 30255 -author: -type: added diff --git a/changelogs/unreleased/55623-group-cluster-apis.yml b/changelogs/unreleased/55623-group-cluster-apis.yml deleted file mode 100644 index fe987ef4a82..00000000000 --- a/changelogs/unreleased/55623-group-cluster-apis.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add API for CRUD group clusters -merge_request: 30213 -author: -type: added diff --git a/changelogs/unreleased/55902-disable-creation-of-non-rbac-kubernetes-clusters.yml b/changelogs/unreleased/55902-disable-creation-of-non-rbac-kubernetes-clusters.yml deleted file mode 100644 index 2af2d229c6c..00000000000 --- a/changelogs/unreleased/55902-disable-creation-of-non-rbac-kubernetes-clusters.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove support for creating non-RBAC kubernetes clusters -merge_request: 29614 -author: -type: removed diff --git a/changelogs/unreleased/55953-renamed-discussion-to-thread.yml b/changelogs/unreleased/55953-renamed-discussion-to-thread.yml deleted file mode 100644 index a5203ecf2e0..00000000000 --- a/changelogs/unreleased/55953-renamed-discussion-to-thread.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "renamed discussion to thread in merge-request and issue timeline" -merge_request: 29553 -author: Michel Engelen -type: changed diff --git a/changelogs/unreleased/57538-normalize-users-private-profile-field.yml b/changelogs/unreleased/57538-normalize-users-private-profile-field.yml deleted file mode 100644 index 85fc4cbf33c..00000000000 --- a/changelogs/unreleased/57538-normalize-users-private-profile-field.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Migrate NULL values for users.private_profile column and update users API to reject null value for private_profile. -merge_request: 29888 -author: -type: changed diff --git a/changelogs/unreleased/57793-fix-line-age.yml b/changelogs/unreleased/57793-fix-line-age.yml deleted file mode 100644 index cf4e328e54a..00000000000 --- a/changelogs/unreleased/57793-fix-line-age.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Support note position tracing on an image -merge_request: 30158 -author: -type: fixed diff --git a/changelogs/unreleased/57815.yml b/changelogs/unreleased/57815.yml deleted file mode 100644 index ae8ec7036ce..00000000000 --- a/changelogs/unreleased/57815.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enforced requirements for UltraAuth users -merge_request: 28941 -author: Kartikey Tanna -type: changed diff --git a/changelogs/unreleased/57918-encrypt-feature-flags-tokens-changelog.yml b/changelogs/unreleased/57918-encrypt-feature-flags-tokens-changelog.yml deleted file mode 100644 index 9701c8bc4a5..00000000000 --- a/changelogs/unreleased/57918-encrypt-feature-flags-tokens-changelog.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add token_encrypted column to operations_feature_flags_clients table -merge_request: -author: -type: other diff --git a/changelogs/unreleased/57973-errors-in-application-settings-panel-shows-wrong-panel.yml b/changelogs/unreleased/57973-errors-in-application-settings-panel-shows-wrong-panel.yml deleted file mode 100644 index 2b62992eda0..00000000000 --- a/changelogs/unreleased/57973-errors-in-application-settings-panel-shows-wrong-panel.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Show poper panel when validation error occurs in admin settings panels -merge_request: 25434 -author: -type: fixed diff --git a/changelogs/unreleased/58065-uniform-html-txt-email.yml b/changelogs/unreleased/58065-uniform-html-txt-email.yml deleted file mode 100644 index be34e93ff83..00000000000 --- a/changelogs/unreleased/58065-uniform-html-txt-email.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Always shows author of created issue/started discussion/comment in HTML body and text of email -merge_request: 29886 -author: Frank van Rest -type: fixed diff --git a/changelogs/unreleased/58689-regroup-jump-button-in-discussion.yml b/changelogs/unreleased/58689-regroup-jump-button-in-discussion.yml deleted file mode 100644 index bf6f314f0ce..00000000000 --- a/changelogs/unreleased/58689-regroup-jump-button-in-discussion.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Improve discussion reply buttons layout and how jump to next discussion button - appears -merge_request: 29779 -author: -type: changed diff --git a/changelogs/unreleased/58802-rename-webide.yml b/changelogs/unreleased/58802-rename-webide.yml deleted file mode 100644 index 40471d967ce..00000000000 --- a/changelogs/unreleased/58802-rename-webide.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Re-name files in Web IDE in a more natural way -merge_request: 29948 -author: -type: changed diff --git a/changelogs/unreleased/58808-fix-image-diff-on-text.yml b/changelogs/unreleased/58808-fix-image-diff-on-text.yml deleted file mode 100644 index 78955c24186..00000000000 --- a/changelogs/unreleased/58808-fix-image-diff-on-text.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't show image diff note on text file -merge_request: 30221 -author: -type: fixed diff --git a/changelogs/unreleased/59028-fix-extra-plus-in-diffs.yml b/changelogs/unreleased/59028-fix-extra-plus-in-diffs.yml deleted file mode 100644 index 0786f4dbc10..00000000000 --- a/changelogs/unreleased/59028-fix-extra-plus-in-diffs.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove duplicate trailing +/- char in merge request discussions -merge_request: 29518 -author: -type: fixed diff --git a/changelogs/unreleased/59257-find-new-branches-harder.yml b/changelogs/unreleased/59257-find-new-branches-harder.yml deleted file mode 100644 index 631eaa22ef0..00000000000 --- a/changelogs/unreleased/59257-find-new-branches-harder.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Look for new branches more carefully -merge_request: 29761 -author: -type: fixed diff --git a/changelogs/unreleased/60617-enable-project-cluster-jit.yml b/changelogs/unreleased/60617-enable-project-cluster-jit.yml deleted file mode 100644 index b7d745d4385..00000000000 --- a/changelogs/unreleased/60617-enable-project-cluster-jit.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enable just-in-time Kubernetes resource creation for project-level clusters -merge_request: 29515 -author: -type: changed diff --git a/changelogs/unreleased/60666-kubernetes-applications-uninstall-runner.yml b/changelogs/unreleased/60666-kubernetes-applications-uninstall-runner.yml deleted file mode 100644 index 3632c8eec20..00000000000 --- a/changelogs/unreleased/60666-kubernetes-applications-uninstall-runner.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow GitLab Runner to be uninstalled from the UI -merge_request: 30176 -author: -type: added diff --git a/changelogs/unreleased/60856-deleting-binary-file.yml b/changelogs/unreleased/60856-deleting-binary-file.yml deleted file mode 100644 index 9b587ed591b..00000000000 --- a/changelogs/unreleased/60856-deleting-binary-file.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Removing an image should not output binary data -merge_request: 30314 -author: -type: fixed diff --git a/changelogs/unreleased/60859-upload-after-delete.yml b/changelogs/unreleased/60859-upload-after-delete.yml deleted file mode 100644 index c36dfb84bfe..00000000000 --- a/changelogs/unreleased/60859-upload-after-delete.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: In WebIDE allow adding new entries of the same name as deleted entry -merge_request: 30239 -author: -type: fixed diff --git a/changelogs/unreleased/60860-keep-empty-folders-in-tree.yml b/changelogs/unreleased/60860-keep-empty-folders-in-tree.yml deleted file mode 100644 index 237d0fd6aef..00000000000 --- a/changelogs/unreleased/60860-keep-empty-folders-in-tree.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Keep the empty folders in the tree -merge_request: 29196 -author: -type: fixed diff --git a/changelogs/unreleased/60879-fix-reports-timing-out.yml b/changelogs/unreleased/60879-fix-reports-timing-out.yml deleted file mode 100644 index 845162fe10f..00000000000 --- a/changelogs/unreleased/60879-fix-reports-timing-out.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix reports jobs timing out because of cache -merge_request: 29780 -author: -type: fixed diff --git a/changelogs/unreleased/61005-grafanaInAdminSettingsMonitoringMenu.yml b/changelogs/unreleased/61005-grafanaInAdminSettingsMonitoringMenu.yml deleted file mode 100644 index 3ee512f3448..00000000000 --- a/changelogs/unreleased/61005-grafanaInAdminSettingsMonitoringMenu.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Adds link to Grafana in Admin > Monitoring settings when grafana is enabled in config -merge_request: 28937 -author: Romain Maneschi -type: added diff --git a/changelogs/unreleased/61156-instance-level-cluster-pod-terminal-access.yml b/changelogs/unreleased/61156-instance-level-cluster-pod-terminal-access.yml deleted file mode 100644 index 0b8d301352b..00000000000 --- a/changelogs/unreleased/61156-instance-level-cluster-pod-terminal-access.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enable terminals for instance and group clusters -merge_request: 28613 -author: -type: added diff --git a/changelogs/unreleased/61201-pass-identities-to-external-authorization.yml b/changelogs/unreleased/61201-pass-identities-to-external-authorization.yml deleted file mode 100644 index 82eea653de6..00000000000 --- a/changelogs/unreleased/61201-pass-identities-to-external-authorization.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add identity information to external authorization requests -merge_request: 29461 -author: -type: changed diff --git a/changelogs/unreleased/61284-frontend-follow-up-from-add-packages_size-to-projectstatistics.yml b/changelogs/unreleased/61284-frontend-follow-up-from-add-packages_size-to-projectstatistics.yml deleted file mode 100644 index 3445057f7fb..00000000000 --- a/changelogs/unreleased/61284-frontend-follow-up-from-add-packages_size-to-projectstatistics.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Improved readability of storage statistics in group / project admin area -merge_request: 30406 -author: -type: other diff --git a/changelogs/unreleased/61342-commit-search-result-doesn-t-pass-wcag-color-audit.yml b/changelogs/unreleased/61342-commit-search-result-doesn-t-pass-wcag-color-audit.yml deleted file mode 100644 index f4ed4551aab..00000000000 --- a/changelogs/unreleased/61342-commit-search-result-doesn-t-pass-wcag-color-audit.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Change color for namespace in commit search -merge_request: 30312 -author: -type: other diff --git a/changelogs/unreleased/61613-spacing-mr-widgets.yml b/changelogs/unreleased/61613-spacing-mr-widgets.yml deleted file mode 100644 index 7d37ef8da2e..00000000000 --- a/changelogs/unreleased/61613-spacing-mr-widgets.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Left align mr widget icons and text -merge_request: 28561 -author: -type: fixed diff --git a/changelogs/unreleased/62088-search-back.yml b/changelogs/unreleased/62088-search-back.yml deleted file mode 100644 index 4758e927880..00000000000 --- a/changelogs/unreleased/62088-search-back.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fixed back navigation for projects filter -merge_request: 30373 -author: -type: fixed diff --git a/changelogs/unreleased/62124-new-threaded-discussion-design.yml b/changelogs/unreleased/62124-new-threaded-discussion-design.yml deleted file mode 100644 index 6614e05be74..00000000000 --- a/changelogs/unreleased/62124-new-threaded-discussion-design.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Implement borderless discussion design with new reply field -merge_request: 28580 -author: -type: added diff --git a/changelogs/unreleased/62183-update-response-code-for-bulk-delete-api-for-container-registry.yml b/changelogs/unreleased/62183-update-response-code-for-bulk-delete-api-for-container-registry.yml deleted file mode 100644 index ce75a55efdc..00000000000 --- a/changelogs/unreleased/62183-update-response-code-for-bulk-delete-api-for-container-registry.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Return 400 when deleting tags more often than once per hour. -merge_request: 29448 -author: -type: changed diff --git a/changelogs/unreleased/62772-disable-kubernetes-credential-passthrough.yml b/changelogs/unreleased/62772-disable-kubernetes-credential-passthrough.yml deleted file mode 100644 index 35771e80821..00000000000 --- a/changelogs/unreleased/62772-disable-kubernetes-credential-passthrough.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disable Kubernetes credential passthrough for managed project-level clusters -merge_request: 29262 -author: -type: removed diff --git a/changelogs/unreleased/62772-migrate-managed-clusters-to-unmanaged.yml b/changelogs/unreleased/62772-migrate-managed-clusters-to-unmanaged.yml deleted file mode 100644 index 62a67c7b78d..00000000000 --- a/changelogs/unreleased/62772-migrate-managed-clusters-to-unmanaged.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Migrate GitLab managed project-level clusters to unmanaged if a Kubernetes - namespace was unable to be created -merge_request: 29251 -author: -type: other diff --git a/changelogs/unreleased/62826-graphql-emoji-mutations.yml b/changelogs/unreleased/62826-graphql-emoji-mutations.yml deleted file mode 100644 index 0c0aaedf844..00000000000 --- a/changelogs/unreleased/62826-graphql-emoji-mutations.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: GraphQL mutations for add, remove and toggle emoji -merge_request: 29919 -author: -type: added diff --git a/changelogs/unreleased/62826-graphql-note-mutations.yml b/changelogs/unreleased/62826-graphql-note-mutations.yml deleted file mode 100644 index 85273186bb6..00000000000 --- a/changelogs/unreleased/62826-graphql-note-mutations.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: GraphQL mutations for managing Notes -merge_request: 30210 -author: -type: added diff --git a/changelogs/unreleased/62938-wcag-aa-edited-text-color.yml b/changelogs/unreleased/62938-wcag-aa-edited-text-color.yml deleted file mode 100644 index 6652e495869..00000000000 --- a/changelogs/unreleased/62938-wcag-aa-edited-text-color.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Use darker gray color for system note metadata and edited text -merge_request: 30054 -author: -type: other diff --git a/changelogs/unreleased/62968-environment-details-header-border-misaligned.yml b/changelogs/unreleased/62968-environment-details-header-border-misaligned.yml deleted file mode 100644 index 749fe6a9cb0..00000000000 --- a/changelogs/unreleased/62968-environment-details-header-border-misaligned.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Resolve Environment details header border misaligned -merge_request: 30011 -author: -type: fixed diff --git a/changelogs/unreleased/62980-username-availability-checker-breaks-inline-validation.yml b/changelogs/unreleased/62980-username-availability-checker-breaks-inline-validation.yml deleted file mode 100644 index 7436f5d278e..00000000000 --- a/changelogs/unreleased/62980-username-availability-checker-breaks-inline-validation.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix the signup form's username validation messages not displaying -merge_request: 29678 -author: Jiaan Louw -type: fixed diff --git a/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml deleted file mode 100644 index 92133af03f7..00000000000 --- a/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Migrate GitLab managed project-level clusters to unmanaged if they are missing - a Kubernetes service account token -merge_request: 29648 -author: -type: other diff --git a/changelogs/unreleased/63200-reply-button-broken.yml b/changelogs/unreleased/63200-reply-button-broken.yml deleted file mode 100644 index 11f81dbd925..00000000000 --- a/changelogs/unreleased/63200-reply-button-broken.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix unresponsive reply button in discussions -merge_request: 29936 -author: -type: fixed diff --git a/changelogs/unreleased/63227-fix-double-border.yml b/changelogs/unreleased/63227-fix-double-border.yml deleted file mode 100644 index 6cc4040d333..00000000000 --- a/changelogs/unreleased/63227-fix-double-border.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Double Border in Profile Page -merge_request: 29784 -author: Yoginth <@yo> -type: fixed diff --git a/changelogs/unreleased/63247-add-conf-toast-and-link.yml b/changelogs/unreleased/63247-add-conf-toast-and-link.yml deleted file mode 100644 index 915cc20dcc8..00000000000 --- a/changelogs/unreleased/63247-add-conf-toast-and-link.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Include a link back to the MR for Visual Review feedback form -merge_request: 29719 -author: -type: changed diff --git a/changelogs/unreleased/63261-the-graphql-query-for-the-mr-popover-failes-on-the-frontend.yml b/changelogs/unreleased/63261-the-graphql-query-for-the-mr-popover-failes-on-the-frontend.yml deleted file mode 100644 index 87d74e3f4b4..00000000000 --- a/changelogs/unreleased/63261-the-graphql-query-for-the-mr-popover-failes-on-the-frontend.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Make sure we are receiving the proper information on the MR Popover by updating - the IID in the graphql query -merge_request: -author: -type: fixed diff --git a/changelogs/unreleased/63298-prevent-excessive-sanitization-asciidoc.yml b/changelogs/unreleased/63298-prevent-excessive-sanitization-asciidoc.yml deleted file mode 100644 index cd8206cdb99..00000000000 --- a/changelogs/unreleased/63298-prevent-excessive-sanitization-asciidoc.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Prevent excessive sanitization of AsciiDoc ouptut" -merge_request: 30290 -author: Guillaume Grossetie -type: added \ No newline at end of file diff --git a/changelogs/unreleased/63475-fix-n-1.yml b/changelogs/unreleased/63475-fix-n-1.yml deleted file mode 100644 index 3ed825290fd..00000000000 --- a/changelogs/unreleased/63475-fix-n-1.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Improve performance of MergeRequestsController#ci_environment_status endpoint -merge_request: 30224 -author: -type: performance diff --git a/changelogs/unreleased/63479-jira-capitalization.yml b/changelogs/unreleased/63479-jira-capitalization.yml deleted file mode 100644 index a4cc32beba6..00000000000 --- a/changelogs/unreleased/63479-jira-capitalization.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Replace 'JIRA' with 'Jira' -merge_request: 29849 -author: Takuya Noguchi -type: other diff --git a/changelogs/unreleased/63507-fix-race-condition-fetching-token.yml b/changelogs/unreleased/63507-fix-race-condition-fetching-token.yml deleted file mode 100644 index 7f2b59fc9eb..00000000000 --- a/changelogs/unreleased/63507-fix-race-condition-fetching-token.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Retry fetching Kubernetes Secret#token (#63507) -merge_request: 29922 -author: -type: fixed diff --git a/changelogs/unreleased/63559-remove-avatar-from-sign-in.yml b/changelogs/unreleased/63559-remove-avatar-from-sign-in.yml deleted file mode 100644 index 3f7a8e19de5..00000000000 --- a/changelogs/unreleased/63559-remove-avatar-from-sign-in.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Resolve Avatar in Please sign in pattern too large -merge_request: 29944 -author: -type: fixed diff --git a/changelogs/unreleased/63590-pipeline-actions-cause-full-refresh.yml b/changelogs/unreleased/63590-pipeline-actions-cause-full-refresh.yml deleted file mode 100644 index a1e7d4679d8..00000000000 --- a/changelogs/unreleased/63590-pipeline-actions-cause-full-refresh.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix pipelines table to update without refreshing after action -merge_request: 30190 -author: -type: fixed diff --git a/changelogs/unreleased/63656-runner-tags-search-dropdown-is-empty.yml b/changelogs/unreleased/63656-runner-tags-search-dropdown-is-empty.yml deleted file mode 100644 index 08c415f4a1c..00000000000 --- a/changelogs/unreleased/63656-runner-tags-search-dropdown-is-empty.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix runner tags search dropdown being empty when there are tags -merge_request: 29985 -author: -type: fixed diff --git a/changelogs/unreleased/63667-hashed-storage-migration-count-correctly.yml b/changelogs/unreleased/63667-hashed-storage-migration-count-correctly.yml deleted file mode 100644 index ead79be2505..00000000000 --- a/changelogs/unreleased/63667-hashed-storage-migration-count-correctly.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display the correct amount of projects being migrated/rolled-back to Hashed Storage when specifying ranges -merge_request: 29996 -author: -type: fixed diff --git a/changelogs/unreleased/63691-fix-doc-link.yml b/changelogs/unreleased/63691-fix-doc-link.yml deleted file mode 100644 index e63756e8227..00000000000 --- a/changelogs/unreleased/63691-fix-doc-link.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Correct link to docs for External Dashboard -merge_request: 30019 -author: -type: fixed diff --git a/changelogs/unreleased/63873-process-start-time.yml b/changelogs/unreleased/63873-process-start-time.yml deleted file mode 100644 index b11a66ca106..00000000000 --- a/changelogs/unreleased/63873-process-start-time.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Change ruby_process_start_time_seconds metric to unix timestamp instead of - seconds from boot. -merge_request: 30195 -author: -type: fixed diff --git a/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml b/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml deleted file mode 100644 index a0ef34f3700..00000000000 --- a/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update mixin-deep to 1.3.2 -merge_request: 30223 -author: Takuya Noguchi -type: other diff --git a/changelogs/unreleased/63971-remove-istanbul.yml b/changelogs/unreleased/63971-remove-istanbul.yml deleted file mode 100644 index 674df82db35..00000000000 --- a/changelogs/unreleased/63971-remove-istanbul.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove istanbul JavaScript package -merge_request: 30232 -author: Takuya Noguchi -type: other diff --git a/changelogs/unreleased/64066-fix-uneven-click-areas.yml b/changelogs/unreleased/64066-fix-uneven-click-areas.yml deleted file mode 100644 index ce0572cad34..00000000000 --- a/changelogs/unreleased/64066-fix-uneven-click-areas.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix spacing issues for toasts -merge_request: 30345 -author: -type: fixed diff --git a/changelogs/unreleased/64070-asciidoctor-enable-section-anchors.yml b/changelogs/unreleased/64070-asciidoctor-enable-section-anchors.yml deleted file mode 100644 index 51c1537a159..00000000000 --- a/changelogs/unreleased/64070-asciidoctor-enable-section-anchors.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Enable section anchors in Asciidoctor" -merge_request: 30666 -author: Guillaume Grossetie -type: added \ No newline at end of file diff --git a/changelogs/unreleased/64091-fix-broken-terminal.yml b/changelogs/unreleased/64091-fix-broken-terminal.yml deleted file mode 100644 index 156f6de5008..00000000000 --- a/changelogs/unreleased/64091-fix-broken-terminal.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix environments broken terminal -merge_request: 30401 -author: -type: fixed diff --git a/changelogs/unreleased/64161-gitlab-fqdn.yml b/changelogs/unreleased/64161-gitlab-fqdn.yml deleted file mode 100644 index 2946be37caa..00000000000 --- a/changelogs/unreleased/64161-gitlab-fqdn.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add CI variable to provide GitLab HOST -merge_request: 30417 -author: -type: added diff --git a/changelogs/unreleased/64176-fix-error-handling.yml b/changelogs/unreleased/64176-fix-error-handling.yml deleted file mode 100644 index e7a9a5897ae..00000000000 --- a/changelogs/unreleased/64176-fix-error-handling.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix invalid SSL certificate errors on Drone CI service -merge_request: 30422 -author: -type: fixed diff --git a/changelogs/unreleased/64249-align-container-registry-empty-state-with-design-guidelines.yml b/changelogs/unreleased/64249-align-container-registry-empty-state-with-design-guidelines.yml deleted file mode 100644 index ecdb4b6bed1..00000000000 --- a/changelogs/unreleased/64249-align-container-registry-empty-state-with-design-guidelines.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Alignign empty container registry message with design guidelines -merge_request: 30502 -author: -type: other diff --git a/changelogs/unreleased/64314-ci-icon.yml b/changelogs/unreleased/64314-ci-icon.yml deleted file mode 100644 index 8a550b6fa5b..00000000000 --- a/changelogs/unreleased/64314-ci-icon.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Aligns CI icon in Merge Request dashboard -merge_request: 30558 -author: -type: fixed diff --git a/changelogs/unreleased/64315-mget_sessions_in_chunks.yml b/changelogs/unreleased/64315-mget_sessions_in_chunks.yml deleted file mode 100644 index d50d86726e2..00000000000 --- a/changelogs/unreleased/64315-mget_sessions_in_chunks.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Do Redis lookup in batches in ActiveSession.sessions_from_ids -merge_request: 30561 -author: -type: performance diff --git a/changelogs/unreleased/64321-wrong-url-when-creating-milestones-from-instance-milestones-dashboard.yml b/changelogs/unreleased/64321-wrong-url-when-creating-milestones-from-instance-milestones-dashboard.yml deleted file mode 100644 index 825247db3e7..00000000000 --- a/changelogs/unreleased/64321-wrong-url-when-creating-milestones-from-instance-milestones-dashboard.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix wrong URL when creating milestones from instance milestones dashboard -merge_request: 30512 -author: -type: fixed diff --git a/changelogs/unreleased/64331-Assignee-field-in-a-new-issue-has-an-incorrect-line-wrap.yml b/changelogs/unreleased/64331-Assignee-field-in-a-new-issue-has-an-incorrect-line-wrap.yml deleted file mode 100644 index 7d67b94869d..00000000000 --- a/changelogs/unreleased/64331-Assignee-field-in-a-new-issue-has-an-incorrect-line-wrap.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fixed incorrect line wrap for assignee label in issues -merge_request: 30523 -author: Marc Schwede -type: fixed diff --git a/changelogs/unreleased/64407-vfazio-quirk-omniauth-strategies-openidconnect.yml b/changelogs/unreleased/64407-vfazio-quirk-omniauth-strategies-openidconnect.yml deleted file mode 100644 index c2e300863fb..00000000000 --- a/changelogs/unreleased/64407-vfazio-quirk-omniauth-strategies-openidconnect.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow client authentication method to be configured for OpenID Connect -merge_request: 30683 -author: Vincent Fazio -type: fixed diff --git a/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml b/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml deleted file mode 100644 index cd8885233de..00000000000 --- a/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update lodash to 4.7.14 and lodash.mergewith to 4.6.2 -merge_request: 30602 -author: Takuya Noguchi -type: security diff --git a/changelogs/unreleased/64645-asciidoctor-preserve-footnote-link-ids.yml b/changelogs/unreleased/64645-asciidoctor-preserve-footnote-link-ids.yml deleted file mode 100644 index 5427a035478..00000000000 --- a/changelogs/unreleased/64645-asciidoctor-preserve-footnote-link-ids.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Preserve footnote link ids in Asciidoctor" -merge_request: 30790 -author: Guillaume Grossetie -type: added \ No newline at end of file diff --git a/changelogs/unreleased/9928ee-add-rule_type-to-approval-project-rules.yml b/changelogs/unreleased/9928ee-add-rule_type-to-approval-project-rules.yml deleted file mode 100644 index 698ecebb971..00000000000 --- a/changelogs/unreleased/9928ee-add-rule_type-to-approval-project-rules.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add migration for adding rule_type to approval_project_rules -merge_request: 30575 -author: -type: added diff --git a/changelogs/unreleased/Remove-unresolved-class-in-discussion-header.yml b/changelogs/unreleased/Remove-unresolved-class-in-discussion-header.yml deleted file mode 100644 index 3695f3063f3..00000000000 --- a/changelogs/unreleased/Remove-unresolved-class-in-discussion-header.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove unresolved class and fixed height in discussion header -merge_request: 28440 -author: David Palubin -type: other diff --git a/changelogs/unreleased/add-clusters-to-deployment.yml b/changelogs/unreleased/add-clusters-to-deployment.yml deleted file mode 100644 index c85bd3635cc..00000000000 --- a/changelogs/unreleased/add-clusters-to-deployment.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Persist the cluster a deployment was deployed to -merge_request: 29960 -author: -type: fixed diff --git a/changelogs/unreleased/add-metrics-dashboard-permission-check.yml b/changelogs/unreleased/add-metrics-dashboard-permission-check.yml deleted file mode 100644 index 0ea2c4c8e41..00000000000 --- a/changelogs/unreleased/add-metrics-dashboard-permission-check.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add permission check to metrics dashboards endpoint -merge_request: 30017 -author: -type: added diff --git a/changelogs/unreleased/add-salesforce-logo.yml b/changelogs/unreleased/add-salesforce-logo.yml deleted file mode 100644 index 13766821b88..00000000000 --- a/changelogs/unreleased/add-salesforce-logo.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add salesforce logo for salesforce SSO -merge_request: 28857 -author: -type: changed diff --git a/changelogs/unreleased/add-strategies-column-to-scopes-table.yml b/changelogs/unreleased/add-strategies-column-to-scopes-table.yml deleted file mode 100644 index 0bb87fca014..00000000000 --- a/changelogs/unreleased/add-strategies-column-to-scopes-table.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add strategies column to operations_feature_flag_scopes table -merge_request: 29808 -author: -type: other diff --git a/changelogs/unreleased/allow-reactive-caching-of-nil.yml b/changelogs/unreleased/allow-reactive-caching-of-nil.yml deleted file mode 100644 index abd88c09d74..00000000000 --- a/changelogs/unreleased/allow-reactive-caching-of-nil.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow ReactiveCaching to support nil value -merge_request: 30456 -author: -type: performance diff --git a/changelogs/unreleased/always-allow-prometheus-access-in-dev.yml b/changelogs/unreleased/always-allow-prometheus-access-in-dev.yml deleted file mode 100644 index acd944ea684..00000000000 --- a/changelogs/unreleased/always-allow-prometheus-access-in-dev.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Always allow access to health endpoints from localhost in dev -merge_request: 29930 -author: -type: other diff --git a/changelogs/unreleased/always-display-environment-selector.yml b/changelogs/unreleased/always-display-environment-selector.yml deleted file mode 100644 index 7a55e8f3e5d..00000000000 --- a/changelogs/unreleased/always-display-environment-selector.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix broken environment selector and always display it on monitoring dashboard -merge_request: 29705 -author: -type: fixed diff --git a/changelogs/unreleased/api-doc-negative-commit-message-push-rule.yml b/changelogs/unreleased/api-doc-negative-commit-message-push-rule.yml deleted file mode 100644 index 0500978a2e1..00000000000 --- a/changelogs/unreleased/api-doc-negative-commit-message-push-rule.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Document the negative commit message push rule for the API." -merge_request: 14004 -author: Maikel Vlasman -type: added diff --git a/changelogs/unreleased/asciidoc-enable-syntax-highlighting.yml b/changelogs/unreleased/asciidoc-enable-syntax-highlighting.yml deleted file mode 100644 index 558ee7b6224..00000000000 --- a/changelogs/unreleased/asciidoc-enable-syntax-highlighting.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Enable syntax highlighting for AsciiDoc" -merge_request: 29835 -author: Guillaume Grossetie -type: added \ No newline at end of file diff --git a/changelogs/unreleased/asciidoctor-upgrade.yml b/changelogs/unreleased/asciidoctor-upgrade.yml deleted file mode 100644 index 50a7cb21e7d..00000000000 --- a/changelogs/unreleased/asciidoctor-upgrade.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade asciidoctor version to 2.0.10 -merge_request: 29741 -author: Rajendra Kadam -type: added diff --git a/changelogs/unreleased/backstage-gb-improve-performance-environment-statuses-endpoint.yml b/changelogs/unreleased/backstage-gb-improve-performance-environment-statuses-endpoint.yml deleted file mode 100644 index f614e076268..00000000000 --- a/changelogs/unreleased/backstage-gb-improve-performance-environment-statuses-endpoint.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Improve performance of fetching environments statuses -merge_request: 30560 -author: -type: performance diff --git a/changelogs/unreleased/bjk-fix_prom_example.yml b/changelogs/unreleased/bjk-fix_prom_example.yml deleted file mode 100644 index 2f81bc6196b..00000000000 --- a/changelogs/unreleased/bjk-fix_prom_example.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update example Prometheus scrape config -merge_request: 30739 -author: -type: other diff --git a/changelogs/unreleased/bvl-markdown-graphql.yml b/changelogs/unreleased/bvl-markdown-graphql.yml deleted file mode 100644 index c2432b3ae81..00000000000 --- a/changelogs/unreleased/bvl-markdown-graphql.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Render GFM in GraphQL -merge_request: 29700 -author: -type: added diff --git a/changelogs/unreleased/bvl-rename-routes-after-user-rename.yml b/changelogs/unreleased/bvl-rename-routes-after-user-rename.yml deleted file mode 100644 index 8b0a01dea53..00000000000 --- a/changelogs/unreleased/bvl-rename-routes-after-user-rename.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update a user's routes after updating their name -merge_request: 23272 -author: -type: fixed diff --git a/changelogs/unreleased/caneldem-master-patch-77839.yml b/changelogs/unreleased/caneldem-master-patch-77839.yml deleted file mode 100644 index 6239bcf67c4..00000000000 --- a/changelogs/unreleased/caneldem-master-patch-77839.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Propagate python version variable -merge_request: -author: Can Eldem -type: changed diff --git a/changelogs/unreleased/ce-11098-update-merge-request-settings-description-text.yml b/changelogs/unreleased/ce-11098-update-merge-request-settings-description-text.yml deleted file mode 100644 index 9f6a2040095..00000000000 --- a/changelogs/unreleased/ce-11098-update-merge-request-settings-description-text.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update merge requests section description text on project settings page -merge_request: 27838 -author: -type: changed \ No newline at end of file diff --git a/changelogs/unreleased/centralize-markdownlint-config.yml b/changelogs/unreleased/centralize-markdownlint-config.yml deleted file mode 100644 index 9ca36078cf1..00000000000 --- a/changelogs/unreleased/centralize-markdownlint-config.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Centralize markdownlint configuration -merge_request: 30263 -author: -type: other diff --git a/changelogs/unreleased/check-min-schema-migrate.yml b/changelogs/unreleased/check-min-schema-migrate.yml deleted file mode 100644 index d0f4ae1f5d7..00000000000 --- a/changelogs/unreleased/check-min-schema-migrate.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Added a min schema version check to db:migrate -merge_request: 29882 -author: -type: added diff --git a/changelogs/unreleased/ci_default_git_depth_only.yml b/changelogs/unreleased/ci_default_git_depth_only.yml deleted file mode 100644 index 928e2fe3ec4..00000000000 --- a/changelogs/unreleased/ci_default_git_depth_only.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'API: Allow changing only ci_default_git_depth' -merge_request: 30888 -author: Mathieu Parent -type: fixed diff --git a/changelogs/unreleased/clusters-group-cte.yml b/changelogs/unreleased/clusters-group-cte.yml deleted file mode 100644 index 4b51249062d..00000000000 --- a/changelogs/unreleased/clusters-group-cte.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Use CTE to fetch clusters hierarchy in single query -merge_request: 30063 -author: -type: performance diff --git a/changelogs/unreleased/create-merge-train-ref-ce.yml b/changelogs/unreleased/create-merge-train-ref-ce.yml deleted file mode 100644 index b0b95275f58..00000000000 --- a/changelogs/unreleased/create-merge-train-ref-ce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Extend `MergeToRefService` to create merge ref from an arbitrary ref -merge_request: 30361 -author: -type: added diff --git a/changelogs/unreleased/db-update-geo-nodes-primary.yml b/changelogs/unreleased/db-update-geo-nodes-primary.yml deleted file mode 100644 index 7c5203353ac..00000000000 --- a/changelogs/unreleased/db-update-geo-nodes-primary.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disallow `NULL` values for `geo_nodes.primary` column -merge_request: 29818 -author: Arun Kumar Mohan -type: other diff --git a/changelogs/unreleased/dohtaset.yml b/changelogs/unreleased/dohtaset.yml deleted file mode 100644 index 5b917bd06d8..00000000000 --- a/changelogs/unreleased/dohtaset.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix charts on Cluster health page -merge_request: 30073 -author: -type: fixed diff --git a/changelogs/unreleased/ds-charts-whitespace.yml b/changelogs/unreleased/ds-charts-whitespace.yml deleted file mode 100644 index 210261764a2..00000000000 --- a/changelogs/unreleased/ds-charts-whitespace.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Improves section header whitespace on the CI/CD Charts page -merge_request: 30531 -author: -type: fixed diff --git a/changelogs/unreleased/dz-remove-deprecated-group-routes.yml b/changelogs/unreleased/dz-remove-deprecated-group-routes.yml deleted file mode 100644 index bfa62c620d5..00000000000 --- a/changelogs/unreleased/dz-remove-deprecated-group-routes.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove deprecated group routes -merge_request: 29351 -author: -type: removed diff --git a/changelogs/unreleased/dz-remove-deprecated-user-routes.yml b/changelogs/unreleased/dz-remove-deprecated-user-routes.yml deleted file mode 100644 index 92c2e39dd20..00000000000 --- a/changelogs/unreleased/dz-remove-deprecated-user-routes.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove depreated /u/:username routing -merge_request: 30044 -author: -type: removed diff --git a/changelogs/unreleased/embedded-metrics-be-2.yml b/changelogs/unreleased/embedded-metrics-be-2.yml deleted file mode 100644 index 2623b4a2e0c..00000000000 --- a/changelogs/unreleased/embedded-metrics-be-2.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Expose placeholder element for metrics charts in GFM -merge_request: 29861 -author: -type: added diff --git a/changelogs/unreleased/expose-saml-provider-id-to-users-api.yml b/changelogs/unreleased/expose-saml-provider-id-to-users-api.yml deleted file mode 100644 index 6f0e4f4cf7f..00000000000 --- a/changelogs/unreleased/expose-saml-provider-id-to-users-api.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Expose saml_provider_id in the users API -merge_request: 14045 -author: -type: added diff --git a/changelogs/unreleased/fe-delete-old-boardservice-on-component-modal-footer.yml b/changelogs/unreleased/fe-delete-old-boardservice-on-component-modal-footer.yml deleted file mode 100644 index 4392b72443b..00000000000 --- a/changelogs/unreleased/fe-delete-old-boardservice-on-component-modal-footer.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: change the use of boardService in favor of boardsStore on footer for the board - component -merge_request: 30616 -author: eduarmreyes -type: other diff --git a/changelogs/unreleased/fe-issue-reorder.yml b/changelogs/unreleased/fe-issue-reorder.yml deleted file mode 100644 index aca334b6149..00000000000 --- a/changelogs/unreleased/fe-issue-reorder.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Bring Manual Ordering on Issue List -merge_request: 29410 -author: -type: added diff --git a/changelogs/unreleased/feature-uninstall_cluster_ingress.yml b/changelogs/unreleased/feature-uninstall_cluster_ingress.yml deleted file mode 100644 index c3f8464c4b4..00000000000 --- a/changelogs/unreleased/feature-uninstall_cluster_ingress.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow Ingress to be uninstalled from the UI -merge_request: 29977 -author: -type: added diff --git a/changelogs/unreleased/feature-uninstall_jupyter_hub_app.yml b/changelogs/unreleased/feature-uninstall_jupyter_hub_app.yml deleted file mode 100644 index 28753aa719c..00000000000 --- a/changelogs/unreleased/feature-uninstall_jupyter_hub_app.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow JupyterHub to be uninstalled from the UI -merge_request: 30097 -author: -type: added diff --git a/changelogs/unreleased/fix-broken-vue-i18n-strings.yml b/changelogs/unreleased/fix-broken-vue-i18n-strings.yml deleted file mode 100644 index 69cec8a6b1b..00000000000 --- a/changelogs/unreleased/fix-broken-vue-i18n-strings.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix broken warnings while Editing Issues and Edit File on MR -merge_request: -author: -type: fixed diff --git a/changelogs/unreleased/fix-comment-race-condition.yml b/changelogs/unreleased/fix-comment-race-condition.yml deleted file mode 100644 index d1f5b8fe01f..00000000000 --- a/changelogs/unreleased/fix-comment-race-condition.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix commenting before discussions are loaded -merge_request: 30724 -author: -type: fixed diff --git a/changelogs/unreleased/fix-facivon-url-if-uploads-object-store-enabled.yml b/changelogs/unreleased/fix-facivon-url-if-uploads-object-store-enabled.yml deleted file mode 100644 index 4e6d9c087ef..00000000000 --- a/changelogs/unreleased/fix-facivon-url-if-uploads-object-store-enabled.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'Fix favicon path with uploads of object store' -merge_request: 29482 -author: Roger Meier -type: fixed diff --git a/changelogs/unreleased/fix-jupyter-git-v3.yml b/changelogs/unreleased/fix-jupyter-git-v3.yml deleted file mode 100644 index 8aaaaf249fb..00000000000 --- a/changelogs/unreleased/fix-jupyter-git-v3.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Jupyter-Git integration -merge_request: 30020 -author: Amit Rathi -type: fixed diff --git a/changelogs/unreleased/fix-median-counting-for-cycle-analytics.yml b/changelogs/unreleased/fix-median-counting-for-cycle-analytics.yml deleted file mode 100644 index 6ae6db08ba1..00000000000 --- a/changelogs/unreleased/fix-median-counting-for-cycle-analytics.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix median counting for cycle analytics -merge_request: 30229 -author: -type: fixed diff --git a/changelogs/unreleased/fix-pipeline-schedule-edge-case.yml b/changelogs/unreleased/fix-pipeline-schedule-edge-case.yml deleted file mode 100644 index 2b7e3611567..00000000000 --- a/changelogs/unreleased/fix-pipeline-schedule-edge-case.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Fix pipeline schedule does not run correctly when it's scheduled at the same - time with the cron worker -merge_request: 29848 -author: -type: fixed diff --git a/changelogs/unreleased/fix-sidekiq-transaction-check-race.yml b/changelogs/unreleased/fix-sidekiq-transaction-check-race.yml deleted file mode 100644 index 89ae4abfe11..00000000000 --- a/changelogs/unreleased/fix-sidekiq-transaction-check-race.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix race in forbid_sidekiq_in_transactions.rb -merge_request: 30359 -author: -type: fixed diff --git a/changelogs/unreleased/fix-unicorn-sampler-workers-count.yml b/changelogs/unreleased/fix-unicorn-sampler-workers-count.yml deleted file mode 100644 index 9a263b7f460..00000000000 --- a/changelogs/unreleased/fix-unicorn-sampler-workers-count.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Make unicorn_workers to return meaningful results -merge_request: 30506 -author: -type: fixed diff --git a/changelogs/unreleased/fj-fix-subgroup-search-url.yml b/changelogs/unreleased/fj-fix-subgroup-search-url.yml deleted file mode 100644 index bee6e97fb6f..00000000000 --- a/changelogs/unreleased/fj-fix-subgroup-search-url.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix subgroup url in search drop down -merge_request: 30457 -author: -type: fixed diff --git a/changelogs/unreleased/georgekoltsov-63955-fix-import-with-source-branch-deleted.yml b/changelogs/unreleased/georgekoltsov-63955-fix-import-with-source-branch-deleted.yml deleted file mode 100644 index 72e2621c52a..00000000000 --- a/changelogs/unreleased/georgekoltsov-63955-fix-import-with-source-branch-deleted.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix a bug that prevented projects containing merge request diff comments from being imported -merge_request: 30630 -author: -type: fixed diff --git a/changelogs/unreleased/gitaly-version-v1-53-0.yml b/changelogs/unreleased/gitaly-version-v1-53-0.yml deleted file mode 100644 index 7d3e5ce3cb3..00000000000 --- a/changelogs/unreleased/gitaly-version-v1-53-0.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade to Gitaly v1.53.0 -merge_request: 30614 -author: -type: changed diff --git a/changelogs/unreleased/gitaly-version-v1.49.0.yml b/changelogs/unreleased/gitaly-version-v1.49.0.yml deleted file mode 100644 index 8795bab0209..00000000000 --- a/changelogs/unreleased/gitaly-version-v1.49.0.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade to Gitaly v1.49.0 -merge_request: 29990 -author: -type: changed diff --git a/changelogs/unreleased/gitaly-version-v1.51.0.yml b/changelogs/unreleased/gitaly-version-v1.51.0.yml deleted file mode 100644 index 00d52a190f3..00000000000 --- a/changelogs/unreleased/gitaly-version-v1.51.0.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade to Gitaly v1.51.0 -merge_request: 30353 -author: -type: changed diff --git a/changelogs/unreleased/gitaly-version-v1.52.0.yml b/changelogs/unreleased/gitaly-version-v1.52.0.yml deleted file mode 100644 index d56a392c4ff..00000000000 --- a/changelogs/unreleased/gitaly-version-v1.52.0.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade to Gitaly v1.52.0 -merge_request: 30568 -author: -type: changed diff --git a/changelogs/unreleased/graphql-tree-last-commit.yml b/changelogs/unreleased/graphql-tree-last-commit.yml deleted file mode 100644 index 5104ca6687e..00000000000 --- a/changelogs/unreleased/graphql-tree-last-commit.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Added commit type to tree GraphQL response -merge_request: 29412 -author: -type: added diff --git a/changelogs/unreleased/gt-remove-tooltip-directive-on-project-avatar-image-component.yml b/changelogs/unreleased/gt-remove-tooltip-directive-on-project-avatar-image-component.yml deleted file mode 100644 index d9ca20d9d4d..00000000000 --- a/changelogs/unreleased/gt-remove-tooltip-directive-on-project-avatar-image-component.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove tooltip directive on project avatar image component -merge_request: 29631 -author: George Tsiolis -type: performance diff --git a/changelogs/unreleased/hfy-apply-knative-cluster-role-on-service-account-creation.yml b/changelogs/unreleased/hfy-apply-knative-cluster-role-on-service-account-creation.yml deleted file mode 100644 index 958334cc28e..00000000000 --- a/changelogs/unreleased/hfy-apply-knative-cluster-role-on-service-account-creation.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Create Knative role and binding with service account -merge_request: 30235 -author: -type: changed diff --git a/changelogs/unreleased/hide-restricted-visibility-radio.yml b/changelogs/unreleased/hide-restricted-visibility-radio.yml deleted file mode 100644 index ebc8b787890..00000000000 --- a/changelogs/unreleased/hide-restricted-visibility-radio.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide restricted and disallowed visibility radios -merge_request: 30590 -author: -type: fixed diff --git a/changelogs/unreleased/id-clean-up-mr-assignees.yml b/changelogs/unreleased/id-clean-up-mr-assignees.yml deleted file mode 100644 index 7ff03c9f00b..00000000000 --- a/changelogs/unreleased/id-clean-up-mr-assignees.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add cleanup migration for MR's multiple assignees -merge_request: 30261 -author: -type: changed diff --git a/changelogs/unreleased/id-extract-widget-into-different-request.yml b/changelogs/unreleased/id-extract-widget-into-different-request.yml deleted file mode 100644 index 3b9f5fdd6bd..00000000000 --- a/changelogs/unreleased/id-extract-widget-into-different-request.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add a separate endpoint for fetching MRs serialized as widgets -merge_request: 29979 -author: -type: performance diff --git a/changelogs/unreleased/id-stale-branches.yml b/changelogs/unreleased/id-stale-branches.yml deleted file mode 100644 index 2f35c5a12c9..00000000000 --- a/changelogs/unreleased/id-stale-branches.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add endpoint for fetching diverging commit counts -merge_request: 29802 -author: -type: performance diff --git a/changelogs/unreleased/issue-63222.yml b/changelogs/unreleased/issue-63222.yml deleted file mode 100644 index bc6520b9fc5..00000000000 --- a/changelogs/unreleased/issue-63222.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Set default sort method for dashboard projects list -merge_request: 29830 -author: David Palubin -type: fixed diff --git a/changelogs/unreleased/issue-zoom-url.yml b/changelogs/unreleased/issue-zoom-url.yml deleted file mode 100644 index e0bd5478192..00000000000 --- a/changelogs/unreleased/issue-zoom-url.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Extract zoom link from issue and pass to frontend -merge_request: 29910 -author: raju249 -type: added diff --git a/changelogs/unreleased/issue_64021.yml b/changelogs/unreleased/issue_64021.yml deleted file mode 100644 index 088d9348619..00000000000 --- a/changelogs/unreleased/issue_64021.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Skip spam check for task list updates -merge_request: 30279 -author: -type: fixed diff --git a/changelogs/unreleased/jc-detect-nfs-for-rugged.yml b/changelogs/unreleased/jc-detect-nfs-for-rugged.yml deleted file mode 100644 index ca738181a55..00000000000 --- a/changelogs/unreleased/jc-detect-nfs-for-rugged.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Use Rugged if we detect storage is NFS and we can access the disk -merge_request: 29725 -author: -type: performance diff --git a/changelogs/unreleased/jc-remove-catfile-flag.yml b/changelogs/unreleased/jc-remove-catfile-flag.yml deleted file mode 100644 index 6b72de7bc45..00000000000 --- a/changelogs/unreleased/jc-remove-catfile-flag.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove catfile cache feature flag -merge_request: 30750 -author: -type: performance diff --git a/changelogs/unreleased/jramsay-enable-object-dedupe-by-default.yml b/changelogs/unreleased/jramsay-enable-object-dedupe-by-default.yml deleted file mode 100644 index b953d7c0fc8..00000000000 --- a/changelogs/unreleased/jramsay-enable-object-dedupe-by-default.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enable Git object pools -merge_request: 29595 -author: jramsay -type: changed diff --git a/changelogs/unreleased/knative-0-6.yml b/changelogs/unreleased/knative-0-6.yml deleted file mode 100644 index 66c5c7f343d..00000000000 --- a/changelogs/unreleased/knative-0-6.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Knative version bump 0.5 -> 0.6 -merge_request: 28798 -author: Chris Baumbauer -type: changed diff --git a/changelogs/unreleased/limit-amount-of-tests-returned.yml b/changelogs/unreleased/limit-amount-of-tests-returned.yml deleted file mode 100644 index 0e80a64b6b7..00000000000 --- a/changelogs/unreleased/limit-amount-of-tests-returned.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit amount of JUnit tests returned -merge_request: 30274 -author: -type: performance diff --git a/changelogs/unreleased/mh-board-tooltips.yml b/changelogs/unreleased/mh-board-tooltips.yml deleted file mode 100644 index 06fc64c52a7..00000000000 --- a/changelogs/unreleased/mh-board-tooltips.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "'Open' and 'Closed' issue board lists no longer display a redundant tooltip" -merge_request: 30187 -author: -type: fixed diff --git a/changelogs/unreleased/mh-boards-filter-bar.yml b/changelogs/unreleased/mh-boards-filter-bar.yml deleted file mode 100644 index 3e91b5ef443..00000000000 --- a/changelogs/unreleased/mh-boards-filter-bar.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display boards filter bar on mobile -merge_request: 30120 -author: -type: fixed diff --git a/changelogs/unreleased/mh-collapsible-boards.yml b/changelogs/unreleased/mh-collapsible-boards.yml deleted file mode 100644 index b69d6e81cc4..00000000000 --- a/changelogs/unreleased/mh-collapsible-boards.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Labeled issue boards can now collapse -merge_request: 29955 -author: -type: added diff --git a/changelogs/unreleased/mh-colon-autocomplete.yml b/changelogs/unreleased/mh-colon-autocomplete.yml deleted file mode 100644 index 8b169c22588..00000000000 --- a/changelogs/unreleased/mh-colon-autocomplete.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow auto-completing scoped labels -merge_request: 29749 -author: -type: added diff --git a/changelogs/unreleased/mh-mermaid-linebreaks.yml b/changelogs/unreleased/mh-mermaid-linebreaks.yml deleted file mode 100644 index e38820d8ce3..00000000000 --- a/changelogs/unreleased/mh-mermaid-linebreaks.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix linebreak rendering in Mermaid flowcharts -merge_request: 30730 -author: -type: fixed diff --git a/changelogs/unreleased/move-all-configs-to-global.yml b/changelogs/unreleased/move-all-configs-to-global.yml deleted file mode 100644 index ff311d57f8d..00000000000 --- a/changelogs/unreleased/move-all-configs-to-global.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'Introduce default: for gitlab-ci.yml' -merge_request: -author: -type: added diff --git a/changelogs/unreleased/mw-project-list-color-fix.yml b/changelogs/unreleased/mw-project-list-color-fix.yml deleted file mode 100644 index 6f8b2742ec6..00000000000 --- a/changelogs/unreleased/mw-project-list-color-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add text-secondary to controls in project list -merge_request: 30567 -author: -type: fixed diff --git a/changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml b/changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml deleted file mode 100644 index 9348626c41d..00000000000 --- a/changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Persist tmp snippet uploads at users -merge_request: -author: -type: security diff --git a/changelogs/unreleased/osw-sync-merge-ref-upon-mergeability-check.yml b/changelogs/unreleased/osw-sync-merge-ref-upon-mergeability-check.yml deleted file mode 100644 index d2744cddebd..00000000000 --- a/changelogs/unreleased/osw-sync-merge-ref-upon-mergeability-check.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Sync merge ref upon mergeability check -merge_request: 29569 -author: -type: added diff --git a/changelogs/unreleased/paginate-license-management.yml b/changelogs/unreleased/paginate-license-management.yml deleted file mode 100644 index c5134978612..00000000000 --- a/changelogs/unreleased/paginate-license-management.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Backport and Docs for Paginate license management and add license search -merge_request: 27602 -author: -type: changed diff --git a/changelogs/unreleased/patch-29.yml b/changelogs/unreleased/patch-29.yml deleted file mode 100644 index 674c06e1259..00000000000 --- a/changelogs/unreleased/patch-29.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Updates PHP template to php:latest to ensure always targeting latest stable -merge_request: 30319 -author: Paul Giberson -type: changed diff --git a/changelogs/unreleased/po-raw-changes-encoding.yml b/changelogs/unreleased/po-raw-changes-encoding.yml deleted file mode 100644 index 051d18f50c7..00000000000 --- a/changelogs/unreleased/po-raw-changes-encoding.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Expect bytes from Gitaly RPC GetRawChanges -merge_request: 28164 -author: -type: fixed diff --git a/changelogs/unreleased/pre-releases-38105a.yml b/changelogs/unreleased/pre-releases-38105a.yml deleted file mode 100644 index 8b7cf6065d4..00000000000 --- a/changelogs/unreleased/pre-releases-38105a.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Show an Upcoming Status for Releases -merge_request: 29577 -author: -type: added diff --git a/changelogs/unreleased/prepare-cycle-analytics-for-group-level.yml b/changelogs/unreleased/prepare-cycle-analytics-for-group-level.yml deleted file mode 100644 index d7bfc67b208..00000000000 --- a/changelogs/unreleased/prepare-cycle-analytics-for-group-level.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Modify cycle analytics on project level -merge_request: 30356 -author: -type: changed diff --git a/changelogs/unreleased/project_api.yml b/changelogs/unreleased/project_api.yml deleted file mode 100644 index a04f9bb5608..00000000000 --- a/changelogs/unreleased/project_api.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Improve Project API -merge_request: 28327 -author: Mathieu Parent -type: added diff --git a/changelogs/unreleased/refactor-sentry.yml b/changelogs/unreleased/refactor-sentry.yml deleted file mode 100644 index 25c5534fae0..00000000000 --- a/changelogs/unreleased/refactor-sentry.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove Sentry from application settings -merge_request: 28447 -author: Roger Meier -type: added diff --git a/changelogs/unreleased/registry-fix-multi-delete-modal.yml b/changelogs/unreleased/registry-fix-multi-delete-modal.yml deleted file mode 100644 index 94a2df7a7e7..00000000000 --- a/changelogs/unreleased/registry-fix-multi-delete-modal.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent multiple confirmation modals from opening when deleting a repository -merge_request: 30532 -author: -type: fixed diff --git a/changelogs/unreleased/remove-auto-ssl-ff.yml b/changelogs/unreleased/remove-auto-ssl-ff.yml deleted file mode 100644 index 1b4d0dcde08..00000000000 --- a/changelogs/unreleased/remove-auto-ssl-ff.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Add support for generating SSL certificates for custon pages domains through - Let's Encrypt -merge_request: -author: -type: added diff --git a/changelogs/unreleased/remove-kubernetes-service-deployment-platform.yml b/changelogs/unreleased/remove-kubernetes-service-deployment-platform.yml deleted file mode 100644 index 17421fca234..00000000000 --- a/changelogs/unreleased/remove-kubernetes-service-deployment-platform.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove Kubernetes service integration and Kubernetes service template from available deployment platforms -merge_request: 29786 -author: -type: removed diff --git a/changelogs/unreleased/remove-support-for-legacy-pipeline-triggers.yml b/changelogs/unreleased/remove-support-for-legacy-pipeline-triggers.yml deleted file mode 100644 index 3f4d4bbd432..00000000000 --- a/changelogs/unreleased/remove-support-for-legacy-pipeline-triggers.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove support for legacy pipeline triggers -merge_request: 30133 -author: -type: removed diff --git a/changelogs/unreleased/remove_group_and_instance_clusters_feature_flag.yml b/changelogs/unreleased/remove_group_and_instance_clusters_feature_flag.yml deleted file mode 100644 index fcc6c564345..00000000000 --- a/changelogs/unreleased/remove_group_and_instance_clusters_feature_flag.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove group and instance clusters feature flag -merge_request: 30124 -author: -type: changed diff --git a/changelogs/unreleased/require-pipeline-when-enabling-only-allow-merge-if-pipeline-succeeds.yml b/changelogs/unreleased/require-pipeline-when-enabling-only-allow-merge-if-pipeline-succeeds.yml deleted file mode 100644 index c105287532b..00000000000 --- a/changelogs/unreleased/require-pipeline-when-enabling-only-allow-merge-if-pipeline-succeeds.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enforce presence of pipeline when "Pipeline must succeed" project setting is enabled -merge_request: 29926 -author: -type: fixed diff --git a/changelogs/unreleased/rj-fix-manual-order.yml b/changelogs/unreleased/rj-fix-manual-order.yml deleted file mode 100644 index ecc39b78b06..00000000000 --- a/changelogs/unreleased/rj-fix-manual-order.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't let logged out user do manual order -merge_request: 30264 -author: -type: fixed diff --git a/changelogs/unreleased/sanitize_rake_ldap_check_output.yml b/changelogs/unreleased/sanitize_rake_ldap_check_output.yml deleted file mode 100644 index 92824d1dd48..00000000000 --- a/changelogs/unreleased/sanitize_rake_ldap_check_output.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Sanitize LDAP output in Rake tasks -merge_request: 28427 -author: -type: fixed diff --git a/changelogs/unreleased/search-blob-basenames.yml b/changelogs/unreleased/search-blob-basenames.yml deleted file mode 100644 index 48ad1130e3f..00000000000 --- a/changelogs/unreleased/search-blob-basenames.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Build correct basenames for title search results -merge_request: 29898 -author: -type: fixed diff --git a/changelogs/unreleased/security-2858-fix-color-validation.yml b/changelogs/unreleased/security-2858-fix-color-validation.yml deleted file mode 100644 index 3430207a2b6..00000000000 --- a/changelogs/unreleased/security-2858-fix-color-validation.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix DoS vulnerability in color validation regex -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-59581-related-merge-requests-count.yml b/changelogs/unreleased/security-59581-related-merge-requests-count.yml deleted file mode 100644 index 83faa2f7c13..00000000000 --- a/changelogs/unreleased/security-59581-related-merge-requests-count.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Expose merge requests count based on user access -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-DOS_issue_comments_banzai.yml b/changelogs/unreleased/security-DOS_issue_comments_banzai.yml deleted file mode 100644 index 2405b1a4f5f..00000000000 --- a/changelogs/unreleased/security-DOS_issue_comments_banzai.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Denial of Service for comments when rendering issues/MR comments -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml b/changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml deleted file mode 100644 index 7dedb9f6230..00000000000 --- a/changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add missing authorizations in GraphQL -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml b/changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml deleted file mode 100644 index 4e0cf848931..00000000000 --- a/changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent Billion Laughs attack -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-mr-head-pipeline-leak.yml b/changelogs/unreleased/security-mr-head-pipeline-leak.yml deleted file mode 100644 index fe8c4dfb3c8..00000000000 --- a/changelogs/unreleased/security-mr-head-pipeline-leak.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Gate MR head_pipeline behind read_pipeline ability. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-notes-in-private-snippets.yml b/changelogs/unreleased/security-notes-in-private-snippets.yml deleted file mode 100644 index 907d98cb16d..00000000000 --- a/changelogs/unreleased/security-notes-in-private-snippets.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Correctly check permissions when creating snippet notes -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml b/changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml deleted file mode 100644 index d7bb884cb4b..00000000000 --- a/changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent the detection of merge request templates by unauthorized users -merge_request: -author: -type: security diff --git a/changelogs/unreleased/set-higher-ttl-for-trace-write.yml b/changelogs/unreleased/set-higher-ttl-for-trace-write.yml deleted file mode 100644 index 9f17172100c..00000000000 --- a/changelogs/unreleased/set-higher-ttl-for-trace-write.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Set higher TTL for write lock of trace to prevent concurrent archiving -merge_request: 30064 -author: -type: fixed diff --git a/changelogs/unreleased/sh-add-force-random-password-user-api.yml b/changelogs/unreleased/sh-add-force-random-password-user-api.yml deleted file mode 100644 index 29f36978a0f..00000000000 --- a/changelogs/unreleased/sh-add-force-random-password-user-api.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add support for creating random passwords in user creation API -merge_request: 30138 -author: -type: changed diff --git a/changelogs/unreleased/sh-add-gitaly-ref-caching-search-controller.yml b/changelogs/unreleased/sh-add-gitaly-ref-caching-search-controller.yml deleted file mode 100644 index d4be28e9883..00000000000 --- a/changelogs/unreleased/sh-add-gitaly-ref-caching-search-controller.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enable Gitaly ref caching for SearchController -merge_request: 30105 -author: -type: performance diff --git a/changelogs/unreleased/sh-add-thread-memory-cache.yml b/changelogs/unreleased/sh-add-thread-memory-cache.yml deleted file mode 100644 index 025ad6d9f14..00000000000 --- a/changelogs/unreleased/sh-add-thread-memory-cache.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add a memory cache local to the thread to reduce Redis load -merge_request: 30233 -author: -type: performance diff --git a/changelogs/unreleased/sh-audit-event-json-log-format-from-and-to.yml b/changelogs/unreleased/sh-audit-event-json-log-format-from-and-to.yml deleted file mode 100644 index 5bd21d7ef2b..00000000000 --- a/changelogs/unreleased/sh-audit-event-json-log-format-from-and-to.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Format `from` and `to` fields in JSON audit log -merge_request: 30333 -author: -type: changed diff --git a/changelogs/unreleased/sh-avoid-loading-pipeline-status.yml b/changelogs/unreleased/sh-avoid-loading-pipeline-status.yml deleted file mode 100644 index 2dead948786..00000000000 --- a/changelogs/unreleased/sh-avoid-loading-pipeline-status.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Avoid loading pipeline status in search results -merge_request: 30111 -author: -type: performance diff --git a/changelogs/unreleased/sh-bump-fog-aws.yml b/changelogs/unreleased/sh-bump-fog-aws.yml deleted file mode 100644 index a936b81ff02..00000000000 --- a/changelogs/unreleased/sh-bump-fog-aws.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Bump fog-aws to v3.5.2 -merge_request: 30803 -author: -type: fixed diff --git a/changelogs/unreleased/sh-cache-feature-flag-names.yml b/changelogs/unreleased/sh-cache-feature-flag-names.yml deleted file mode 100644 index 6120c4870f8..00000000000 --- a/changelogs/unreleased/sh-cache-feature-flag-names.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cache feature flag names in Redis for a minute -merge_request: 29816 -author: -type: performance diff --git a/changelogs/unreleased/sh-cache-flipper-checks-in-memory.yml b/changelogs/unreleased/sh-cache-flipper-checks-in-memory.yml deleted file mode 100644 index 125b6244d80..00000000000 --- a/changelogs/unreleased/sh-cache-flipper-checks-in-memory.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cache Flipper feature flags in L1 and L2 caches -merge_request: 30276 -author: -type: performance diff --git a/changelogs/unreleased/sh-cache-flipper-names-memory-cache.yml b/changelogs/unreleased/sh-cache-flipper-names-memory-cache.yml deleted file mode 100644 index 00443e81244..00000000000 --- a/changelogs/unreleased/sh-cache-flipper-names-memory-cache.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cache Flipper persisted names directly to local memory storage -merge_request: 30265 -author: -type: performance diff --git a/changelogs/unreleased/sh-cache-negative-entries-find-commit.yml b/changelogs/unreleased/sh-cache-negative-entries-find-commit.yml deleted file mode 100644 index 98eb13ee620..00000000000 --- a/changelogs/unreleased/sh-cache-negative-entries-find-commit.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Allow caching of negative FindCommit matches -merge_request: 29952 -author: -type: performance diff --git a/changelogs/unreleased/sh-clean-up-bitbucket-import-errors.yml b/changelogs/unreleased/sh-clean-up-bitbucket-import-errors.yml deleted file mode 100644 index e4c9de74e6a..00000000000 --- a/changelogs/unreleased/sh-clean-up-bitbucket-import-errors.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Avoid storing backtraces from Bitbucket Cloud imports in the database -merge_request: 29862 -author: -type: performance diff --git a/changelogs/unreleased/sh-disable-reactive-caching-automatic-retries.yml b/changelogs/unreleased/sh-disable-reactive-caching-automatic-retries.yml deleted file mode 100644 index a0db68adb78..00000000000 --- a/changelogs/unreleased/sh-disable-reactive-caching-automatic-retries.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent amplification of ReactiveCachingWorker jobs upon failures -merge_request: 30432 -author: -type: performance diff --git a/changelogs/unreleased/sh-enable-ref-name-caching-discussions.yml b/changelogs/unreleased/sh-enable-ref-name-caching-discussions.yml deleted file mode 100644 index 12f4a5a499d..00000000000 --- a/changelogs/unreleased/sh-enable-ref-name-caching-discussions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enable Gitaly ref name caching for discussions.json -merge_request: 29951 -author: -type: performance diff --git a/changelogs/unreleased/sh-fix-gitaly-server-info-cache.yml b/changelogs/unreleased/sh-fix-gitaly-server-info-cache.yml deleted file mode 100644 index ef8f6e25856..00000000000 --- a/changelogs/unreleased/sh-fix-gitaly-server-info-cache.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Gitaly auto-detection caching -merge_request: 30954 -author: -type: performance diff --git a/changelogs/unreleased/sh-fix-httpclient-ssl.yml b/changelogs/unreleased/sh-fix-httpclient-ssl.yml deleted file mode 100644 index fda4e2e7084..00000000000 --- a/changelogs/unreleased/sh-fix-httpclient-ssl.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Make httpclient respect system SSL configuration -merge_request: 30749 -author: -type: fixed diff --git a/changelogs/unreleased/sh-fix-issue-63349.yml b/changelogs/unreleased/sh-fix-issue-63349.yml deleted file mode 100644 index 0e51a6b7b20..00000000000 --- a/changelogs/unreleased/sh-fix-issue-63349.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Make Housekeeping button do a full garbage collection -merge_request: 30289 -author: -type: fixed diff --git a/changelogs/unreleased/sh-fix-issue-63910.yml b/changelogs/unreleased/sh-fix-issue-63910.yml deleted file mode 100644 index 50312558c57..00000000000 --- a/changelogs/unreleased/sh-fix-issue-63910.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix attachments using the wrong URLs in e-mails -merge_request: 30197 -author: -type: fixed diff --git a/changelogs/unreleased/sh-handle-nil-replication-lag.yml b/changelogs/unreleased/sh-handle-nil-replication-lag.yml deleted file mode 100644 index 5638d7e79e3..00000000000 --- a/changelogs/unreleased/sh-handle-nil-replication-lag.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix background migrations failing with unused replication slot -merge_request: 30042 -author: -type: fixed diff --git a/changelogs/unreleased/sh-improve-redis-peek.yml b/changelogs/unreleased/sh-improve-redis-peek.yml deleted file mode 100644 index 940be103ab7..00000000000 --- a/changelogs/unreleased/sh-improve-redis-peek.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add Redis call details in Peek performance bar -merge_request: 30191 -author: -type: changed diff --git a/changelogs/unreleased/sh-optimize-todos-controller.yml b/changelogs/unreleased/sh-optimize-todos-controller.yml deleted file mode 100644 index 181ddd1b3bc..00000000000 --- a/changelogs/unreleased/sh-optimize-todos-controller.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Eliminate N+1 queries in Dashboard::TodosController -merge_request: 29954 -author: -type: performance diff --git a/changelogs/unreleased/sh-remove-import-columns-from-projects.yml b/changelogs/unreleased/sh-remove-import-columns-from-projects.yml deleted file mode 100644 index f4052b2bef5..00000000000 --- a/changelogs/unreleased/sh-remove-import-columns-from-projects.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove import columns from projects table -merge_request: 29863 -author: -type: performance diff --git a/changelogs/unreleased/sh-service-template-bug.yml b/changelogs/unreleased/sh-service-template-bug.yml deleted file mode 100644 index 1ea5ac84f26..00000000000 --- a/changelogs/unreleased/sh-service-template-bug.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disable Rails SQL query cache when applying service templates -merge_request: 30060 -author: -type: fixed diff --git a/changelogs/unreleased/sh-strong-memoize-appearances.yml b/changelogs/unreleased/sh-strong-memoize-appearances.yml deleted file mode 100644 index dc4fe1c4d8e..00000000000 --- a/changelogs/unreleased/sh-strong-memoize-appearances.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Memoize non-existent custom appearances -merge_request: 29957 -author: -type: performance diff --git a/changelogs/unreleased/sh-support-subnets-ip-rate-limiter.yml b/changelogs/unreleased/sh-support-subnets-ip-rate-limiter.yml deleted file mode 100644 index 3e78c58c764..00000000000 --- a/changelogs/unreleased/sh-support-subnets-ip-rate-limiter.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Support CIDR notation in IP rate limiter -merge_request: 30146 -author: -type: changed diff --git a/changelogs/unreleased/sh-update-mermaid.yml b/changelogs/unreleased/sh-update-mermaid.yml deleted file mode 100644 index 9a7726cf716..00000000000 --- a/changelogs/unreleased/sh-update-mermaid.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update Mermaid to 8.1.0 -merge_request: 30036 -author: -type: fixed diff --git a/changelogs/unreleased/sh-upgrade-rouge-3-5-1.yml b/changelogs/unreleased/sh-upgrade-rouge-3-5-1.yml deleted file mode 100644 index b408019c736..00000000000 --- a/changelogs/unreleased/sh-upgrade-rouge-3-5-1.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade Rouge to 3.5.1 -merge_request: 30431 -author: -type: changed diff --git a/changelogs/unreleased/slugify.yml b/changelogs/unreleased/slugify.yml deleted file mode 100644 index 853e90b8bed..00000000000 --- a/changelogs/unreleased/slugify.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Replace slugifyWithHyphens with improved slugify function -merge_request: 30172 -author: Luke Ward -type: fixed diff --git a/changelogs/unreleased/small-s-in-elasticsearch-in-code.yml b/changelogs/unreleased/small-s-in-elasticsearch-in-code.yml deleted file mode 100644 index 20d7a822cde..00000000000 --- a/changelogs/unreleased/small-s-in-elasticsearch-in-code.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix typo in code comments about Elasticsearch -merge_request: 30163 -author: Takuya Noguchi -type: other diff --git a/changelogs/unreleased/small-s-in-elasticsearch.yml b/changelogs/unreleased/small-s-in-elasticsearch.yml deleted file mode 100644 index 7cab5c37125..00000000000 --- a/changelogs/unreleased/small-s-in-elasticsearch.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix typo in docs about Elasticsearch -merge_request: 30162 -author: Takuya Noguchi -type: other diff --git a/changelogs/unreleased/support-jsonb-default-value.yml b/changelogs/unreleased/support-jsonb-default-value.yml deleted file mode 100644 index d46156276f9..00000000000 --- a/changelogs/unreleased/support-jsonb-default-value.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Support jsonb default in add_column_with_default migration helper -merge_request: 29871 -author: -type: other diff --git a/changelogs/unreleased/tc-rake-orphan-artifacts.yml b/changelogs/unreleased/tc-rake-orphan-artifacts.yml deleted file mode 100644 index 7081bee640a..00000000000 --- a/changelogs/unreleased/tc-rake-orphan-artifacts.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add rake task to clean orphan artifact files -merge_request: 29681 -author: -type: added diff --git a/changelogs/unreleased/transaction-metrics.yml b/changelogs/unreleased/transaction-metrics.yml deleted file mode 100644 index 8b6e9c7d9d1..00000000000 --- a/changelogs/unreleased/transaction-metrics.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Adds metrics to measure cost of expensive operations -merge_request: 29928 -author: -type: other diff --git a/changelogs/unreleased/tz-update-mr-count-over-tabs.yml b/changelogs/unreleased/tz-update-mr-count-over-tabs.yml deleted file mode 100644 index 61a49dd8ecc..00000000000 --- a/changelogs/unreleased/tz-update-mr-count-over-tabs.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: New API for User Counts, updates on success of an MR the count on top and in - other tabs -merge_request: 29441 -author: -type: added diff --git a/changelogs/unreleased/unicorn-sampler-fix.yml b/changelogs/unreleased/unicorn-sampler-fix.yml deleted file mode 100644 index 3f0e509f15f..00000000000 --- a/changelogs/unreleased/unicorn-sampler-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Make sure UnicornSampler is started only in master process. -merge_request: 30215 -author: -type: fixed diff --git a/changelogs/unreleased/update-clair-version.yml b/changelogs/unreleased/update-clair-version.yml deleted file mode 100644 index 59b6e113fd5..00000000000 --- a/changelogs/unreleased/update-clair-version.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Extract clair version as CLAIR_EXECUTABLE_VERSION variable and update clair - executable from v8 to v11 -merge_request: 30396 -author: -type: changed diff --git a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-6-0.yml b/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-6-0.yml deleted file mode 100644 index 6719fa94b19..00000000000 --- a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-6-0.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update GitLab Runner Helm Chart to 0.6.0 -merge_request: 29982 -author: -type: other diff --git a/changelogs/unreleased/update-pages-to-1-7-0.yml b/changelogs/unreleased/update-pages-to-1-7-0.yml deleted file mode 100644 index d41346f021c..00000000000 --- a/changelogs/unreleased/update-pages-to-1-7-0.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update GitLab Pages to v1.7.0 -merge_request: -author: -type: other diff --git a/changelogs/unreleased/update-pagination-texts.yml b/changelogs/unreleased/update-pagination-texts.yml deleted file mode 100644 index 6a398e26242..00000000000 --- a/changelogs/unreleased/update-pagination-texts.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update pagination prev and next texts -merge_request: 29911 -author: -type: other diff --git a/changelogs/unreleased/update-tar-to-2-2-2.yml b/changelogs/unreleased/update-tar-to-2-2-2.yml deleted file mode 100644 index f142fe59448..00000000000 --- a/changelogs/unreleased/update-tar-to-2-2-2.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update tar to 2.2.2 -merge_request: 29949 -author: Takuya Noguchi -type: security diff --git a/changelogs/unreleased/update-todo-in-ui.yml b/changelogs/unreleased/update-todo-in-ui.yml deleted file mode 100644 index dddcf0f3983..00000000000 --- a/changelogs/unreleased/update-todo-in-ui.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Changes "Todo" to "To Do" in the UI for clarity -merge_request: 28844 -author: -type: other diff --git a/changelogs/unreleased/use-pg-9-6-11-on-ci.yml b/changelogs/unreleased/use-pg-9-6-11-on-ci.yml deleted file mode 100644 index 785eb352895..00000000000 --- a/changelogs/unreleased/use-pg-9-6-11-on-ci.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Use PostgreSQL 9.6.11 in CI tests -merge_request: 30270 -author: Takuya Noguchi -type: other diff --git a/changelogs/unreleased/winh-jest-markdown-header.yml b/changelogs/unreleased/winh-jest-markdown-header.yml deleted file mode 100644 index 6bf9d75cc93..00000000000 --- a/changelogs/unreleased/winh-jest-markdown-header.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Migrate markdown header_spec.js to Jest -merge_request: 30228 -author: Martin Hobert -type: other diff --git a/changelogs/unreleased/winh-multiple-issueboards-core.yml b/changelogs/unreleased/winh-multiple-issueboards-core.yml deleted file mode 100644 index c45e420c133..00000000000 --- a/changelogs/unreleased/winh-multiple-issueboards-core.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Move multiple issue boards to core -merge_request: 30503 -author: -type: changed diff --git a/changelogs/unreleased/winh-notes-service-applySuggestion.yml b/changelogs/unreleased/winh-notes-service-applySuggestion.yml deleted file mode 100644 index 30e540237b6..00000000000 --- a/changelogs/unreleased/winh-notes-service-applySuggestion.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove applySuggestion from notes service -merge_request: 30399 -author: Frank van Rest -type: other diff --git a/changelogs/unreleased/winh-notes-service-deleteNote.yml b/changelogs/unreleased/winh-notes-service-deleteNote.yml deleted file mode 100644 index cf2b37755a2..00000000000 --- a/changelogs/unreleased/winh-notes-service-deleteNote.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove deleteNote from notes service -merge_request: 30537 -author: Frank van Rest -type: other diff --git a/changelogs/unreleased/winh-notes-service-toggleAward.yml b/changelogs/unreleased/winh-notes-service-toggleAward.yml deleted file mode 100644 index 0471888c285..00000000000 --- a/changelogs/unreleased/winh-notes-service-toggleAward.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Remove toggleAward from notes service -merge_request: 30536 -author: Frank van Rest -type: other diff --git a/changelogs/unreleased/winh-updateResolvableDiscussionsCounts-typo.yml b/changelogs/unreleased/winh-updateResolvableDiscussionsCounts-typo.yml deleted file mode 100644 index 24b10bb3edc..00000000000 --- a/changelogs/unreleased/winh-updateResolvableDiscussionsCounts-typo.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix typo in updateResolvableDiscussionsCounts action -merge_request: 30278 -author: Frank van Rest -type: other diff --git a/changelogs/unreleased/z-index-fix-for-diff-file-dropdown.yml b/changelogs/unreleased/z-index-fix-for-diff-file-dropdown.yml deleted file mode 100644 index 72108f6ab77..00000000000 --- a/changelogs/unreleased/z-index-fix-for-diff-file-dropdown.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: I fixed z index bug in diff page -merge_request: 30657 -author: Faruk Can -type: fixed diff --git a/changelogs/unreleased/z-index-tools.yml b/changelogs/unreleased/z-index-tools.yml deleted file mode 100644 index 1102612670b..00000000000 --- a/changelogs/unreleased/z-index-tools.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'Review Tools: Add large z-index to toolbar' -merge_request: 30583 -author: -type: fixed diff --git a/changelogs/unreleased/zj-gitaly-usage-data.yml b/changelogs/unreleased/zj-gitaly-usage-data.yml deleted file mode 100644 index ce5087292ed..00000000000 --- a/changelogs/unreleased/zj-gitaly-usage-data.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add Gitaly data to the usage ping -merge_request: -author: -type: added -- cgit v1.2.1 From 30a0d4600e46af1b01f90332679f64c432219d5a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Mon, 22 Jul 2019 08:35:01 +0000 Subject: Update VERSION to 12.2.0-pre --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 6edc7fa8d35..4dd919b3b06 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -12.1.0-pre +12.2.0-pre -- cgit v1.2.1 From 5322a0e768fb5f8b3293986b7b3674f12552fea8 Mon Sep 17 00:00:00 2001 From: Heinrich Lee Yu Date: Mon, 22 Jul 2019 16:37:02 +0800 Subject: Fix syntax error in script --- .gitlab/ci/test-metadata.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index b5201f97366..3a5735a2be9 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -39,7 +39,7 @@ update-tests-metadata: policy: push script: - retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document - - echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH}' + - echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} - scripts/merge-reports ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec_*_pg_node_*.json - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $KNAPSACK_RSPEC_SUITE_REPORT_PATH' - rm -f knapsack/${CI_PROJECT_NAME}/*_node_*.json -- cgit v1.2.1 From aba93fe2d5661cf3c086f65838db2965c746fdbf Mon Sep 17 00:00:00 2001 From: Steve Abrams Date: Mon, 22 Jul 2019 08:50:25 +0000 Subject: OAuth2 support for GitLab personal access tokens PATs are accepted using the OAuth2 compliant header "Authorization: Bearer {token}" in order to allow for OAuth requests while 2FA is enabled. --- app/models/personal_access_token.rb | 1 + ...2-support-with-gitlab-personal-access-token.yml | 5 +++++ doc/api/README.md | 6 ++++++ doc/user/project/packages/npm_registry.md | 23 ++++++++++------------ lib/gitlab/auth/user_auth_finders.rb | 17 +++++++++++++--- spec/lib/gitlab/auth/user_auth_finders_spec.rb | 14 +++++++++++++ 6 files changed, 50 insertions(+), 16 deletions(-) create mode 100644 changelogs/unreleased/63438-oauth2-support-with-gitlab-personal-access-token.yml diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb index f69f0e2dccb..7ae431eaad7 100644 --- a/app/models/personal_access_token.rb +++ b/app/models/personal_access_token.rb @@ -7,6 +7,7 @@ class PersonalAccessToken < ApplicationRecord add_authentication_token_field :token, digest: true REDIS_EXPIRY_TIME = 3.minutes + TOKEN_LENGTH = 20 serialize :scopes, Array # rubocop:disable Cop/ActiveRecordSerialize diff --git a/changelogs/unreleased/63438-oauth2-support-with-gitlab-personal-access-token.yml b/changelogs/unreleased/63438-oauth2-support-with-gitlab-personal-access-token.yml new file mode 100644 index 00000000000..815010e15ae --- /dev/null +++ b/changelogs/unreleased/63438-oauth2-support-with-gitlab-personal-access-token.yml @@ -0,0 +1,5 @@ +--- +title: Personal access tokens are accepted using OAuth2 header format +merge_request: 30277 +author: +type: added diff --git a/doc/api/README.md b/doc/api/README.md index 8e60d1c61df..f9cc1a09870 100644 --- a/doc/api/README.md +++ b/doc/api/README.md @@ -272,6 +272,12 @@ Example of using the personal access token in a header: curl --header "Private-Token: " https://gitlab.example.com/api/v4/projects ``` +You can also use personal access tokens with OAuth-compliant headers: + +```shell +curl --header "Authorization: Bearer " https://gitlab.example.com/api/v4/projects +``` + Read more about [personal access tokens][pat]. ### Session cookie diff --git a/doc/user/project/packages/npm_registry.md b/doc/user/project/packages/npm_registry.md index 481b1ce0337..ca0aa9965ef 100644 --- a/doc/user/project/packages/npm_registry.md +++ b/doc/user/project/packages/npm_registry.md @@ -49,35 +49,32 @@ Registry. ## Authenticating to the GitLab NPM Registry If a project is private or you want to upload an NPM package to GitLab, -credentials will need to be provided for authentication. Support is available -only for [OAuth tokens](../../../api/oauth2.md#resource-owner-password-credentials-flow). +credentials will need to be provided for authentication. Support is available for [OAuth tokens](../../../api/oauth2.md#resource-owner-password-credentials-flow) or [personal access tokens](../../profile/personal_access_tokens.md). -CAUTION: **2FA not supported:** -Authentication for personal access tokens is not yet supported -([#9140](https://gitlab.com/gitlab-org/gitlab-ee/issues/9140)). If you have 2FA -enabled, you won't be able to authenticate to the GitLab NPM Registry. +CAUTION: **2FA is only supported with personal access tokens:** +If you have 2FA enabled, you need to use a [personal access token](../../profile/personal_access_tokens.md) with OAuth headers. Standard OAuth tokens won't be able to authenticate to the GitLab NPM Registry. ### Authenticating with an OAuth token -To authenticate with an [OAuth token](../../../api/oauth2.md#resource-owner-password-credentials-flow), -add a corresponding section to your `.npmrc` file: +To authenticate with an [OAuth token](../../../api/oauth2.md#resource-owner-password-credentials-flow) +or [personal access token](../../profile/personal_access_tokens.md), add a corresponding section to your `.npmrc` file: ```ini ; Set URL for your scoped packages. ; For example package with name `@foo/bar` will use this URL for download @foo:registry=https://gitlab.com/api/v4/packages/npm/ -; Add the OAuth token for the scoped packages URL. This will allow you to download +; Add the token for the scoped packages URL. This will allow you to download ; `@foo/` packages from private projects. -//gitlab.com/api/v4/packages/npm/:_authToken= +//gitlab.com/api/v4/packages/npm/:_authToken= -; Add OAuth token for uploading to the registry. Replace +; Add token for uploading to the registry. Replace ; with the project you want your package to be uploaded to. -//gitlab.com/api/v4/projects//packages/npm/:_authToken= +//gitlab.com/api/v4/projects//packages/npm/:_authToken= ``` Replace `` with your project ID which can be found on the home page -of your project and `` with your OAuth token. +of your project and `` with your OAuth or personal access token. If you have a self-hosted GitLab installation, replace `gitlab.com` with your domain name. diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index a5efe33bdc6..bba7e2cbb3c 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -90,8 +90,8 @@ module Gitlab def find_personal_access_token token = current_request.params[PRIVATE_TOKEN_PARAM].presence || - current_request.env[PRIVATE_TOKEN_HEADER].presence - + current_request.env[PRIVATE_TOKEN_HEADER].presence || + parsed_oauth_token return unless token # Expiration, revocation and scopes are verified in `validate_access_token!` @@ -99,9 +99,12 @@ module Gitlab end def find_oauth_access_token - token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) + token = parsed_oauth_token return unless token + # PATs with OAuth headers are not handled by OauthAccessToken + return if matches_personal_access_token_length?(token) + # Expiration, revocation and scopes are verified in `validate_access_token!` oauth_token = OauthAccessToken.by_token(token) raise UnauthorizedError unless oauth_token @@ -110,6 +113,14 @@ module Gitlab oauth_token end + def parsed_oauth_token + Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) + end + + def matches_personal_access_token_length?(token) + token.length == PersonalAccessToken::TOKEN_LENGTH + end + # Check if the request is GET/HEAD, or if CSRF token is valid. def verified_request? Gitlab::RequestForgeryProtection.verified?(current_request.env) diff --git a/spec/lib/gitlab/auth/user_auth_finders_spec.rb b/spec/lib/gitlab/auth/user_auth_finders_spec.rb index 1e2aebdc84b..4751f880cee 100644 --- a/spec/lib/gitlab/auth/user_auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/user_auth_finders_spec.rb @@ -138,6 +138,20 @@ describe Gitlab::Auth::UserAuthFinders do expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError) end end + + context 'with OAuth headers' do + it 'returns user' do + env['HTTP_AUTHORIZATION'] = "Bearer #{personal_access_token.token}" + + expect(find_user_from_access_token).to eq user + end + + it 'returns exception if invalid personal_access_token' do + env['HTTP_AUTHORIZATION'] = 'Bearer invalid_20byte_token' + + expect { find_personal_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError) + end + end end describe '#find_user_from_web_access_token' do -- cgit v1.2.1 From 657a5cc9d5df9eb4607d360b57d499c896fe1f73 Mon Sep 17 00:00:00 2001 From: Sanad Liaquat Date: Mon, 22 Jul 2019 15:58:43 +0500 Subject: Adds visibility attr to project --- qa/qa/page/project/new.rb | 2 +- qa/qa/resource/project.rb | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/qa/qa/page/project/new.rb b/qa/qa/page/project/new.rb index 0918445d119..64aab9be056 100644 --- a/qa/qa/page/project/new.rb +++ b/qa/qa/page/project/new.rb @@ -59,7 +59,7 @@ module QA end def set_visibility(visibility) - choose visibility + choose visibility.capitalize end def click_github_link diff --git a/qa/qa/resource/project.rb b/qa/qa/resource/project.rb index c0a6004fe27..93a82094776 100644 --- a/qa/qa/resource/project.rb +++ b/qa/qa/resource/project.rb @@ -8,6 +8,7 @@ module QA include Events::Project attr_writer :initialize_with_readme + attr_writer :visibility attribute :id attribute :name @@ -44,6 +45,7 @@ module QA @standalone = false @description = 'My awesome project' @initialize_with_readme = false + @visibility = 'public' end def name=(raw_name) @@ -60,7 +62,7 @@ module QA page.choose_test_namespace page.choose_name(@name) page.add_description(@description) - page.set_visibility('Public') + page.set_visibility(@visibility) page.enable_initialize_with_readme if @initialize_with_readme page.create_new_project end @@ -88,7 +90,7 @@ module QA post_body = { name: name, description: description, - visibility: 'public', + visibility: @visibility, initialize_with_readme: @initialize_with_readme } -- cgit v1.2.1 From 0bc9b770e459f3e573be70a21221361dea2d9fa8 Mon Sep 17 00:00:00 2001 From: samdbeckham Date: Fri, 28 Jun 2019 17:41:21 +0100 Subject: Adds a waitForMutation helper for VueX --- spec/javascripts/helpers/vue_test_utils_helper.js | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/spec/javascripts/helpers/vue_test_utils_helper.js b/spec/javascripts/helpers/vue_test_utils_helper.js index 121e99c9783..68326e37ae7 100644 --- a/spec/javascripts/helpers/vue_test_utils_helper.js +++ b/spec/javascripts/helpers/vue_test_utils_helper.js @@ -1,5 +1,3 @@ -/* eslint-disable import/prefer-default-export */ - const vNodeContainsText = (vnode, text) => (vnode.text && vnode.text.includes(text)) || (vnode.children && vnode.children.filter(child => vNodeContainsText(child, text)).length); @@ -19,3 +17,19 @@ export const shallowWrapperContainsSlotText = (shallowWrapper, slotName, text) = Boolean( shallowWrapper.vm.$slots[slotName].filter(vnode => vNodeContainsText(vnode, text)).length, ); + +/** + * Returns a promise that waits for a mutation to be fired before resolving + * NOTE: There's no reject action here so it will hang if it waits for a mutation that won't happen. + * @param {Object} store - The Vue store that contains the mutations + * @param {String} expectedMutationType - The Mutation to wait for + */ +export const waitForMutation = (store, expectedMutationType) => + new Promise(resolve => { + const unsubscribe = store.subscribe(mutation => { + if (mutation.type === expectedMutationType) { + unsubscribe(); + resolve(); + } + }); + }); -- cgit v1.2.1 From be7ad341467ac101ace61e6c56df8abe84e4e481 Mon Sep 17 00:00:00 2001 From: Jeffrey Cafferata Date: Mon, 22 Jul 2019 13:41:02 +0200 Subject: Removed the unnecessary loop through `../project_services/slack.md`. --- doc/integration/slack.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/integration/slack.md b/doc/integration/slack.md index f84ab769218..9fcf2c2d99a 100644 --- a/doc/integration/slack.md +++ b/doc/integration/slack.md @@ -1,5 +1,5 @@ --- -redirect_to: '../project_services/slack.md' +redirect_to: '../user/project/integrations/slack.md' --- -This document was moved to [project_services/slack.md](../project_services/slack.md). +This document was moved to [project_services/slack.md](../user/project/integrations/slack.md). -- cgit v1.2.1 From 972b5f4555f70fdb47c5b3dc78127377b7220cad Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Mon, 22 Jul 2019 11:44:20 +0000 Subject: Removed project autocomplete pagination This pagination is not used anywhere so there is no reason to keep it. It seems the usage of offset_id was probably removed in 90c60138db4e1f86026aac5760febe4ba066ca30 --- app/finders/autocomplete/move_to_project_finder.rb | 9 +++-- app/models/project.rb | 17 +-------- changelogs/unreleased/jprovazn-project-search.yml | 5 +++ spec/controllers/autocomplete_controller_spec.rb | 22 ------------ .../autocomplete/move_to_project_finder_spec.rb | 40 +++++++--------------- spec/models/project_spec.rb | 20 ----------- 6 files changed, 23 insertions(+), 90 deletions(-) create mode 100644 changelogs/unreleased/jprovazn-project-search.yml diff --git a/app/finders/autocomplete/move_to_project_finder.rb b/app/finders/autocomplete/move_to_project_finder.rb index edaf74c5f92..491cce2232e 100644 --- a/app/finders/autocomplete/move_to_project_finder.rb +++ b/app/finders/autocomplete/move_to_project_finder.rb @@ -3,7 +3,9 @@ module Autocomplete # Finder that retrieves a list of projects that an issue can be moved to. class MoveToProjectFinder - attr_reader :current_user, :search, :project_id, :offset_id + attr_reader :current_user, :search, :project_id + + LIMIT = 20 # current_user - The User object of the user that wants to view the list of # projects. @@ -14,13 +16,10 @@ module Autocomplete # # * search: An optional search query to apply to the list of projects. # * project_id: The ID of a project to exclude from the returned relation. - # * offset_id: The ID of a project to use for pagination. When given, only - # projects with a lower ID are included in the list. def initialize(current_user, params = {}) @current_user = current_user @search = params[:search] @project_id = params[:project_id] - @offset_id = params[:offset_id] end def execute @@ -28,8 +27,8 @@ module Autocomplete .projects_where_can_admin_issues .optionally_search(search) .excluding_project(project_id) - .paginate_in_descending_order_using_id(before: offset_id) .eager_load_namespace_and_owner + .sorted_by_name_asc_limited(LIMIT) end end end diff --git a/app/models/project.rb b/app/models/project.rb index 8dfe2212282..ece7507e55c 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -357,6 +357,7 @@ class Project < ApplicationRecord scope :sorted_by_activity, -> { reorder(Arel.sql("GREATEST(COALESCE(last_activity_at, '1970-01-01'), COALESCE(last_repository_updated_at, '1970-01-01')) DESC")) } scope :sorted_by_stars_desc, -> { reorder(star_count: :desc) } scope :sorted_by_stars_asc, -> { reorder(star_count: :asc) } + scope :sorted_by_name_asc_limited, ->(limit) { reorder(name: :asc).limit(limit) } scope :in_namespace, ->(namespace_ids) { where(namespace_id: namespace_ids) } scope :personal, ->(user) { where(namespace_id: user.namespace_id) } @@ -441,22 +442,6 @@ class Project < ApplicationRecord without_deleted.find_by_id(id) end - # Paginates a collection using a `WHERE id < ?` condition. - # - # before - A project ID to use for filtering out projects with an equal or - # greater ID. If no ID is given, all projects are included. - # - # limit - The maximum number of rows to include. - def self.paginate_in_descending_order_using_id( - before: nil, - limit: Kaminari.config.default_per_page - ) - relation = order_id_desc.limit(limit) - relation = relation.where('projects.id < ?', before) if before - - relation - end - def self.eager_load_namespace_and_owner includes(namespace: :owner) end diff --git a/changelogs/unreleased/jprovazn-project-search.yml b/changelogs/unreleased/jprovazn-project-search.yml new file mode 100644 index 00000000000..f76d4858924 --- /dev/null +++ b/changelogs/unreleased/jprovazn-project-search.yml @@ -0,0 +1,5 @@ +--- +title: Order projects in 'Move issue' dropdown by name. +merge_request: 30778 +author: +type: fixed diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 3f1c0ae8ac4..eaa5d6cd073 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -295,28 +295,6 @@ describe AutocompleteController do end end - context 'authorized projects with offset' do - before do - authorized_project2 = create(:project) - authorized_project3 = create(:project) - - authorized_project.add_maintainer(user) - authorized_project2.add_maintainer(user) - authorized_project3.add_maintainer(user) - end - - describe 'GET #projects with project ID and offset_id' do - before do - get(:projects, params: { project_id: project.id, offset_id: authorized_project.id }) - end - - it 'returns projects' do - expect(json_response).to be_kind_of(Array) - expect(json_response.size).to eq 2 # Of a total of 3 - end - end - end - context 'authorized projects without admin_issue ability' do before do authorized_project.add_guest(user) diff --git a/spec/finders/autocomplete/move_to_project_finder_spec.rb b/spec/finders/autocomplete/move_to_project_finder_spec.rb index c3bc410a7f6..4a87b47bd08 100644 --- a/spec/finders/autocomplete/move_to_project_finder_spec.rb +++ b/spec/finders/autocomplete/move_to_project_finder_spec.rb @@ -6,9 +6,9 @@ describe Autocomplete::MoveToProjectFinder do let(:no_access_project) { create(:project) } let(:guest_project) { create(:project) } - let(:reporter_project) { create(:project) } - let(:developer_project) { create(:project) } - let(:maintainer_project) { create(:project) } + let(:reporter_project) { create(:project, name: 'name') } + let(:developer_project) { create(:project, name: 'name2') } + let(:maintainer_project) { create(:project, name: 'name3') } describe '#execute' do context 'filter' do @@ -20,14 +20,14 @@ describe Autocomplete::MoveToProjectFinder do expect(finder.execute).to be_empty end - it 'returns projects equal or above Gitlab::Access::REPORTER ordered by id in descending order' do + it 'returns projects equal or above Gitlab::Access::REPORTER ordered by name' do reporter_project.add_reporter(user) developer_project.add_developer(user) maintainer_project.add_maintainer(user) finder = described_class.new(user, project_id: project.id) - expect(finder.execute.to_a).to eq([maintainer_project, developer_project, reporter_project]) + expect(finder.execute.to_a).to eq([reporter_project, developer_project, maintainer_project]) end it 'does not include the source project' do @@ -60,46 +60,32 @@ describe Autocomplete::MoveToProjectFinder do expect(finder.execute.to_a).to eq([other_reporter_project]) end - it 'returns a page of projects ordered by id in descending order' do - allow(Kaminari.config).to receive(:default_per_page).and_return(2) + it 'returns a page of projects ordered by name' do + stub_const('Autocomplete::MoveToProjectFinder::LIMIT', 2) - projects = create_list(:project, 2) do |project| + projects = create_list(:project, 3) do |project| project.add_developer(user) end finder = described_class.new(user, project_id: project.id) page = finder.execute.to_a - expect(page.length).to eq(Kaminari.config.default_per_page) - expect(page[0]).to eq(projects.last) - end - - it 'returns projects after the given offset id' do - reporter_project.add_reporter(user) - developer_project.add_developer(user) - maintainer_project.add_maintainer(user) - - expect(described_class.new(user, project_id: project.id, offset_id: maintainer_project.id).execute.to_a) - .to eq([developer_project, reporter_project]) - - expect(described_class.new(user, project_id: project.id, offset_id: developer_project.id).execute.to_a) - .to eq([reporter_project]) - - expect(described_class.new(user, project_id: project.id, offset_id: reporter_project.id).execute.to_a) - .to be_empty + expected_projects = projects.sort_by(&:name).first(2) + expect(page.length).to eq(2) + expect(page).to eq(expected_projects) end end context 'search' do it 'returns projects matching a search query' do - foo_project = create(:project) + foo_project = create(:project, name: 'foo') foo_project.add_maintainer(user) wadus_project = create(:project, name: 'wadus') wadus_project.add_maintainer(user) expect(described_class.new(user, project_id: project.id).execute.to_a) - .to eq([wadus_project, foo_project]) + .to eq([foo_project, wadus_project]) expect(described_class.new(user, project_id: project.id, search: 'wadus').execute.to_a) .to eq([wadus_project]) diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 927c072be10..bcb2da7eed2 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -1675,26 +1675,6 @@ describe Project do end end - describe '.paginate_in_descending_order_using_id' do - let!(:project1) { create(:project) } - let!(:project2) { create(:project) } - - it 'orders the relation in descending order' do - expect(described_class.paginate_in_descending_order_using_id) - .to eq([project2, project1]) - end - - it 'applies a limit to the relation' do - expect(described_class.paginate_in_descending_order_using_id(limit: 1)) - .to eq([project2]) - end - - it 'limits projects by and ID when given' do - expect(described_class.paginate_in_descending_order_using_id(before: project2.id)) - .to eq([project1]) - end - end - describe '.including_namespace_and_owner' do it 'eager loads the namespace and namespace owner' do create(:project) -- cgit v1.2.1 From 97b325a4a28206d921523e2ce34af0ac4be31bd0 Mon Sep 17 00:00:00 2001 From: Tristan Read Date: Mon, 22 Jul 2019 12:01:42 +0000 Subject: Add ability to embed metrics See https://gitlab.com/gitlab-org/gitlab-ce/issues/30423 --- .../javascripts/behaviors/markdown/render_gfm.js | 4 + .../behaviors/markdown/render_metrics.js | 24 ++++++ .../monitoring/components/charts/area.vue | 96 +++++++++++---------- .../monitoring/components/dashboard.vue | 7 +- .../javascripts/monitoring/components/embed.vue | 97 ++++++++++++++++++++++ app/assets/javascripts/monitoring/constants.js | 2 + .../javascripts/monitoring/stores/actions.js | 12 ++- .../monitoring/stores/mutation_types.js | 1 + .../javascripts/monitoring/stores/mutations.js | 3 + app/assets/javascripts/monitoring/stores/state.js | 1 + app/assets/stylesheets/pages/prometheus.scss | 5 ++ .../behaviors/markdown/render_metrics_spec.js | 37 +++++++++ spec/frontend/monitoring/embed/embed_spec.js | 78 +++++++++++++++++ spec/frontend/monitoring/embed/mock_data.js | 87 +++++++++++++++++++ spec/frontend/test_setup.js | 6 ++ 15 files changed, 410 insertions(+), 50 deletions(-) create mode 100644 app/assets/javascripts/behaviors/markdown/render_metrics.js create mode 100644 app/assets/javascripts/monitoring/components/embed.vue create mode 100644 spec/frontend/behaviors/markdown/render_metrics_spec.js create mode 100644 spec/frontend/monitoring/embed/embed_spec.js create mode 100644 spec/frontend/monitoring/embed/mock_data.js diff --git a/app/assets/javascripts/behaviors/markdown/render_gfm.js b/app/assets/javascripts/behaviors/markdown/render_gfm.js index bfb073fdcdc..789a057caf8 100644 --- a/app/assets/javascripts/behaviors/markdown/render_gfm.js +++ b/app/assets/javascripts/behaviors/markdown/render_gfm.js @@ -2,6 +2,7 @@ import $ from 'jquery'; import syntaxHighlight from '~/syntax_highlight'; import renderMath from './render_math'; import renderMermaid from './render_mermaid'; +import renderMetrics from './render_metrics'; import highlightCurrentUser from './highlight_current_user'; import initUserPopovers from '../../user_popovers'; import initMRPopovers from '../../mr_popover'; @@ -17,6 +18,9 @@ $.fn.renderGFM = function renderGFM() { highlightCurrentUser(this.find('.gfm-project_member').get()); initUserPopovers(this.find('.gfm-project_member').get()); initMRPopovers(this.find('.gfm-merge_request').get()); + if (gon.features && gon.features.gfmEmbeddedMetrics) { + renderMetrics(this.find('.js-render-metrics').get()); + } return this; }; diff --git a/app/assets/javascripts/behaviors/markdown/render_metrics.js b/app/assets/javascripts/behaviors/markdown/render_metrics.js new file mode 100644 index 00000000000..252b98610b6 --- /dev/null +++ b/app/assets/javascripts/behaviors/markdown/render_metrics.js @@ -0,0 +1,24 @@ +import Vue from 'vue'; +import Metrics from '~/monitoring/components/embed.vue'; +import { createStore } from '~/monitoring/stores'; + +// TODO: Handle copy-pasting - https://gitlab.com/gitlab-org/gitlab-ce/issues/64369. +export default function renderMetrics(elements) { + if (!elements.length) { + return; + } + + elements.forEach(element => { + const { dashboardUrl } = element.dataset; + const MetricsComponent = Vue.extend(Metrics); + + // eslint-disable-next-line no-new + new MetricsComponent({ + el: element, + store: createStore(), + propsData: { + dashboardUrl, + }, + }); + }); +} diff --git a/app/assets/javascripts/monitoring/components/charts/area.vue b/app/assets/javascripts/monitoring/components/charts/area.vue index 454ff4f284e..edf9423c74c 100644 --- a/app/assets/javascripts/monitoring/components/charts/area.vue +++ b/app/assets/javascripts/monitoring/components/charts/area.vue @@ -37,7 +37,13 @@ export default { }, projectPath: { type: String, - required: true, + required: false, + default: () => '', + }, + showBorder: { + type: Boolean, + required: false, + default: () => false, }, thresholds: { type: Array, @@ -234,52 +240,54 @@ export default {