Skip to content
Snippets Groups Projects
Commit 429302b3 authored by Rubén Dávila's avatar Rubén Dávila
Browse files

Bugfix: User can't change the access level of an access requester 

The endpoint was returning 404 because it was only searching on the
current members of a Group or Project and not the access requesters.
parent 806a68a8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/controllers/groups/group_members_controller.rb
+ 1
1
View file @ 429302b3
@@ -22,7 +22,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
end
 
def update
@group_member = @group.group_members.find(params[:id])
@group_member = @group.members_and_requesters.find(params[:id])
 
return render_403 unless can?(current_user, :update_group_member, @group_member)
 
app/controllers/projects/project_members_controller.rb
+ 1
1
View file @ 429302b3
@@ -26,7 +26,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
end
 
def update
@project_member = @project.project_members.find(params[:id])
@project_member = @project.members_and_requesters.find(params[:id])
 
return render_403 unless can?(current_user, :update_project_member, @project_member)
 
changelogs/unreleased/15832-fix-access-level-update-for-requesters.yml 0 → 100644
+ 5
0
View file @ 429302b3
---
title: Fix error that was preventing users to change the access level of access requests for Groups or Projects
merge_request: 15832
author:
type: fixed
spec/controllers/groups/group_members_controller_spec.rb
+ 19
0
View file @ 429302b3
@@ -62,6 +62,25 @@ describe Groups::GroupMembersController do
end
end
 
describe 'PUT update' do
let(:requester) { create(:group_member, :access_request, group: group) }
before do
group.add_owner(user)
sign_in(user)
end
Gitlab::Access.options.each do |label, value|
it "can change the access level to #{label}" do
xhr :put, :update, group_member: { access_level: value },
group_id: group,
id: requester
expect(requester.reload.human_access).to eq(label)
end
end
end
describe 'DELETE destroy' do
let(:member) { create(:group_member, :developer, group: group) }
 
spec/controllers/projects/project_members_controller_spec.rb
+ 20
0
View file @ 429302b3
@@ -66,6 +66,26 @@ describe Projects::ProjectMembersController do
end
end
 
describe 'PUT update' do
let(:requester) { create(:project_member, :access_request, project: project) }
before do
project.add_master(user)
sign_in(user)
end
Gitlab::Access.options.each do |label, value|
it "can change the access level to #{label}" do
xhr :put, :update, project_member: { access_level: value },
namespace_id: project.namespace,
project_id: project,
id: requester
expect(requester.reload.human_access).to eq(label)
end
end
end
describe 'DELETE destroy' do
let(:member) { create(:project_member, :developer, project: project) }
 
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment