Fix project member access levels

168197cd · Valery Sizov · b1df8c4e · 168197cd · 168197cd · 168197cd
Commit 168197cd authored 8 years ago by Valery Sizov
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -137,6 +137,7 @@ Please view this file on the master branch, on stable branches it's out of date.
  - Fix buggy iOS tooltip layering behavior.
  - Make guests unable to view MRs on private projects
  - Fix broken Project API docs (Takuya Noguchi)
+  - Migrate invalid project members (owner -> master)
  
 ## 8.12.7
  

--- a/db/migrate/20161018124658_make_project_owners_masters.rb
+++ b/db/migrate/20161018124658_make_project_owners_masters.rb
+class MakeProjectOwnersMasters < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    update_column_in_batches(:members, :access_level, 40) do |table, query|
+      query.where(table[:access_level].eq(50).and(table[:source_type].eq('Project')))
+    end
+  end
+
+  def down
+    # do nothing
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -843,7 +843,7 @@ ActiveRecord::Schema.define(version: 20161019213545) do
    t.integer "builds_access_level"
    t.datetime "created_at"
    t.datetime "updated_at"
-    t.integer  "repository_access_level",     default: 20, null: false
+    t.integer "repository_access_level", default: 20, null: false
  end
  
  add_index "project_features", ["project_id"], name: "index_project_features_on_project_id", using: :btree

--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -228,4 +228,40 @@ describe Projects::ProjectMembersController do
      end
    end
  end
+
+  describe 'POST create' do
+    let(:stranger) { create(:user) }
+
+    context 'when creating owner' do
+      before do
+        project.team << [user, :master]
+        sign_in(user)
+      end
+
+      it 'does not create a member' do
+        expect do
+          post :create, user_ids: stranger.id,
+                        namespace_id: project.namespace,
+                        access_level: Member::OWNER,
+                        project_id: project
+        end.to change { project.members.count }.by(0)
+      end
+    end
+
+    context 'when create master' do
+      before do
+        project.team << [user, :master]
+        sign_in(user)
+      end
+
+      it 'creates a member' do
+        expect do
+          post :create, user_ids: stranger.id,
+                        namespace_id: project.namespace,
+                        access_level: Member::MASTER,
+                        project_id: project
+        end.to change { project.members.count }.by(1)
+      end
+    end
+  end
 end
--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -328,4 +328,15 @@ describe API::Members, api: true  do
  it_behaves_like 'DELETE /:sources/:id/members/:user_id', 'group' do
    let(:source) { group }
  end
+
+  context 'Adding owner to project' do
+    it 'returns 403' do
+      expect do
+        post api("/projects/#{project.id}/members", master),
+             user_id: stranger.id, access_level: Member::OWNER
+
+        expect(response).to have_http_status(422)
+      end.to change { project.members.count }.by(0)
+    end
+  end
 end