Precalculate user's authorized projects in database

Closes #23150

Precalculate user's authorized projects in database
fd05e266 · Ahmad Sherif · aea8baed · fd05e266 · fd05e266 · fd05e266
Commit fd05e266 authored 8 years ago by Ahmad Sherif
--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@@ -443,6 +443,16 @@ describe Member, models: true do
  
      member.accept_invite!(user)
    end
+
+    it "refreshes user's authorized projects", truncate: true do
+      project = member.source
+
+      expect(user.authorized_projects).not_to include(project)
+
+      member.accept_invite!(user)
+
+      expect(user.authorized_projects.reload).to include(project)
+    end
  end
  
  describe "#decline_invite!" do
@@ -468,4 +478,16 @@ describe Member, models: true do
      expect { member.generate_invite_token }.to change { member.invite_token}
    end
  end
+
+  describe "destroying a record", truncate: true do
+    it "refreshes user's authorized projects" do
+      project = create(:project, :private)
+      user    = create(:user)
+      member  = project.team << [user, :reporter]
+
+      member.destroy
+
+      expect(user.authorized_projects).not_to include(project)
+    end
+  end
 end
--- a/spec/models/project_group_link_spec.rb
+++ b/spec/models/project_group_link_spec.rb
@@ -14,4 +14,20 @@ describe ProjectGroupLink do
    it { should validate_presence_of(:group) }
    it { should validate_presence_of(:group_access) }
  end
+
+  describe "destroying a record", truncate: true do
+    it "refreshes group users' authorized projects" do
+      project     = create(:project, :private)
+      group       = create(:group)
+      reporter    = create(:user)
+      group_users = group.users
+
+      group.add_reporter(reporter)
+      project.project_group_links.create(group: group)
+      group_users.each { |user| expect(user.authorized_projects).to include(project) }
+
+      project.project_group_links.destroy_all
+      group_users.each { |user| expect(user.authorized_projects).not_to include(project) }
+    end
+  end
 end
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1514,7 +1514,7 @@ describe Project, models: true do
      members_project.team << [developer, :developer]
      members_project.team << [master, :master]
  
-      create(:project_group_link, project: shared_project, group: group)
+      create(:project_group_link, project: shared_project, group: group, group_access: Gitlab::Access::DEVELOPER)
    end
  
    it 'returns false for no user' do
@@ -1543,7 +1543,9 @@ describe Project, models: true do
      expect(members_project.authorized_for_user?(developer, Gitlab::Access::MASTER)).to be(false)
      expect(members_project.authorized_for_user?(master, Gitlab::Access::MASTER)).to be(true)
      expect(shared_project.authorized_for_user?(developer, Gitlab::Access::MASTER)).to be(false)
-      expect(shared_project.authorized_for_user?(master, Gitlab::Access::MASTER)).to be(true)
+      expect(shared_project.authorized_for_user?(master, Gitlab::Access::MASTER)).to be(false)
+      expect(shared_project.authorized_for_user?(developer, Gitlab::Access::DEVELOPER)).to be(true)
+      expect(shared_project.authorized_for_user?(master, Gitlab::Access::DEVELOPER)).to be(true)
    end
  end
  

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1072,7 +1072,7 @@ describe User, models: true do
    it { is_expected.to eq([private_group]) }
  end
  
-  describe '#authorized_projects' do
+  describe '#authorized_projects', truncate: true do
    context 'with a minimum access level' do
      it 'includes projects for which the user is an owner' do
        user = create(:user)
@@ -1092,6 +1092,80 @@ describe User, models: true do
          .to contain_exactly(project)
      end
    end
+
+    it "includes user's personal projects" do
+      user    = create(:user)
+      project = create(:project, :private, namespace: user.namespace)
+
+      expect(user.authorized_projects).to include(project)
+    end
+
+    it "includes personal projects user has been given access to" do
+      user1   = create(:user)
+      user2   = create(:user)
+      project = create(:project, :private, namespace: user1.namespace)
+
+      project.team << [user2, Gitlab::Access::DEVELOPER]
+
+      expect(user2.authorized_projects).to include(project)
+    end
+
+    it "includes projects of groups user has been added to" do
+      group   = create(:group)
+      project = create(:project, group: group)
+      user    = create(:user)
+
+      group.add_developer(user)
+
+      expect(user.authorized_projects).to include(project)
+    end
+
+    it "does not include projects of groups user has been removed from" do
+      group   = create(:group)
+      project = create(:project, group: group)
+      user    = create(:user)
+
+      member = group.add_developer(user)
+      expect(user.authorized_projects).to include(project)
+
+      member.destroy
+      expect(user.authorized_projects).not_to include(project)
+    end
+
+    it "includes projects shared with user's group" do
+      user    = create(:user)
+      project = create(:project, :private)
+      group   = create(:group)
+
+      group.add_reporter(user)
+      project.project_group_links.create(group: group)
+
+      expect(user.authorized_projects).to include(project)
+    end
+
+    it "does not include destroyed projects user had access to" do
+      user1   = create(:user)
+      user2   = create(:user)
+      project = create(:project, :private, namespace: user1.namespace)
+
+      project.team << [user2, Gitlab::Access::DEVELOPER]
+      expect(user2.authorized_projects).to include(project)
+
+      project.destroy
+      expect(user2.authorized_projects).not_to include(project)
+    end
+
+    it "does not include projects of destroyed groups user had access to" do
+      group   = create(:group)
+      project = create(:project, namespace: group)
+      user    = create(:user)
+
+      group.add_developer(user)
+      expect(user.authorized_projects).to include(project)
+
+      group.destroy
+      expect(user.authorized_projects).not_to include(project)
+    end
  end
  
  describe '#projects_where_can_admin_issues' do

--- a/spec/services/projects/create_service_spec.rb
+++ b/spec/services/projects/create_service_spec.rb
@@ -34,6 +34,8 @@ describe Projects::CreateService, services: true do
        @group = create :group
        @group.add_owner(@user)
  
+        @user.refresh_authorized_projects # Ensure cache is warm
+
        @opts.merge!(namespace_id: @group.id)
        @project = create_project(@user, @opts)
      end
@@ -41,6 +43,7 @@ describe Projects::CreateService, services: true do
      it { expect(@project).to be_valid }
      it { expect(@project.owner).to eq(@group) }
      it { expect(@project.namespace).to eq(@group) }
+      it { expect(@user.authorized_projects).to include(@project) }
    end
  
    context 'error handling' do

--- a/spec/support/db_cleaner.rb
+++ b/spec/support/db_cleaner.rb
@@ -11,6 +11,10 @@ RSpec.configure do |config|
    DatabaseCleaner.strategy = :truncation
  end
  
+  config.before(:each, truncate: true) do
+    DatabaseCleaner.strategy = :truncation
+  end
+
  config.before(:each) do
    DatabaseCleaner.start
  end

--- a/spec/workers/authorized_projects_worker_spec.rb
+++ b/spec/workers/authorized_projects_worker_spec.rb
+require 'spec_helper'
+
+describe AuthorizedProjectsWorker do
+  describe '#perform' do
+    it "refreshes user's authorized projects" do
+      user = create(:user)
+
+      expect(User).to receive(:find_by).with(id: user.id).and_return(user)
+      expect(user).to receive(:refresh_authorized_projects)
+
+      described_class.new.perform(user.id)
+    end
+
+    context "when user is not found" do
+      it "does nothing" do
+        expect_any_instance_of(User).not_to receive(:refresh_authorized_projects)
+
+        described_class.new.perform(999_999)
+      end
+    end
+  end
+end