From 6edfeac1c405c9c6da47b93bf25b0c0c4f1f6fd0 Mon Sep 17 00:00:00 2001 From: Hinam Mehra Date: Tue, 2 Sep 2025 20:38:55 +1000 Subject: [PATCH 1/2] Use Authz::UserGroupMemberRole in GroupMembers page - Use cached custom role data stored in Authz::UserGroupMemberRole table to get the computed custom role for a user on the members page for a group - This change is behind feature flag, `use_user_group_member_roles` --- app/finders/group_members_finder.rb | 10 +----- app/models/member.rb | 12 +++---- ee/app/models/ee/member.rb | 19 ++++++++-- ee/app/models/ee/namespace.rb | 10 ++++++ ee/spec/models/ee/member_spec.rb | 55 ++++++++++++++++++++++++----- ee/spec/models/ee/namespace_spec.rb | 48 +++++++++++++++++++++++++ spec/models/member_spec.rb | 2 +- 7 files changed, 128 insertions(+), 28 deletions(-) diff --git a/app/finders/group_members_finder.rb b/app/finders/group_members_finder.rb index 122a391ea4fe1f..d9add292d1d59c 100644 --- a/app/finders/group_members_finder.rb +++ b/app/finders/group_members_finder.rb @@ -107,10 +107,7 @@ def members_of_groups(groups) # with the group or its ancestors because the shared members cannot have access greater than the `group_group_links` # with itself or its ancestors. shared_members = GroupMember.non_request.of_groups(shared_from_groups) - .with_group_group_sharing_access( - group.self_and_ancestors, - custom_role_for_group_link_enabled?(group) - ) + .with_group_group_sharing_access(group) # `members` and `shared_members` should have even select values find_union([members.select(Member.column_names), shared_members], GroupMember) end @@ -142,11 +139,6 @@ def apply_additional_filters(members) def static_roles_only? true end - - # overridden in EE - def custom_role_for_group_link_enabled?(_group) - false - end end GroupMembersFinder.prepend_mod_with('GroupMembersFinder') diff --git a/app/models/member.rb b/app/models/member.rb index d95c8d1b41fc02..a9b21f1013c336 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -468,17 +468,17 @@ def coerce_to_no_access select(member_columns_with_no_access) end - def with_group_group_sharing_access(shared_groups, custom_role_for_group_link_enabled) - columns = member_columns_with_group_sharing_access(custom_role_for_group_link_enabled) + def with_group_group_sharing_access(group) + columns = member_columns_with_group_sharing_access(group) joins("LEFT OUTER JOIN group_group_links ON members.source_id = group_group_links.shared_with_group_id") .select(columns) - .where(group_group_links: { shared_group_id: shared_groups }) + .where(group_group_links: { shared_group_id: group.self_and_ancestors }) end private - def member_columns_with_group_sharing_access(custom_role_for_group_link_enabled) + def member_columns_with_group_sharing_access(group) group_group_link_table = GroupGroupLink.arel_table column_names.map do |column_name| @@ -487,7 +487,7 @@ def member_columns_with_group_sharing_access(custom_role_for_group_link_enabled) args = [group_group_link_table[:group_access], arel_table[:access_level]] smallest_value_arel(args, 'access_level') when 'member_role_id' - member_role_id(group_group_link_table, custom_role_for_group_link_enabled) + member_role_id(group) else arel_table[column_name] end @@ -507,7 +507,7 @@ def no_access_arel end # overriden in EE - def member_role_id(_group_link_table, _custom_role_for_group_link_enabled) + def member_role_id(_group) Arel::Nodes::As.new(Arel::Nodes::SqlLiteral.new('NULL'), Arel::Nodes::SqlLiteral.new('member_role_id')) end end diff --git a/ee/app/models/ee/member.rb b/ee/app/models/ee/member.rb index e5d1cd7523c9ad..48e119e7b0d9ef 100644 --- a/ee/app/models/ee/member.rb +++ b/ee/app/models/ee/member.rb @@ -83,11 +83,24 @@ module Member extend ::Gitlab::Utils::Override include ::Authz::MemberRoleInSharedGroup + override :with_group_group_sharing_access + def with_group_group_sharing_access(group) + return super unless ::Feature.enabled?(:use_user_group_member_roles, ::Feature.current_request) + + super.joins("LEFT OUTER JOIN user_group_member_roles ON members.user_id = user_group_member_roles.user_id \ + AND user_group_member_roles.group_id = group_group_links.shared_group_id \ + AND user_group_member_roles.shared_with_group_id = group_group_links.shared_with_group_id") + end + override :member_role_id - def member_role_id(group_link_table, custom_role_for_group_link_enabled) - return super unless custom_role_for_group_link_enabled + def member_role_id(group) + return super unless group.can_assign_custom_roles_to_group_links? + + unless ::Feature.enabled?(:use_user_group_member_roles, ::Feature.current_request) + return member_role_id_in_shared_group + end - member_role_id_in_shared_group + ::Authz::UserGroupMemberRole.arel_table[:member_role_id] end end diff --git a/ee/app/models/ee/namespace.rb b/ee/app/models/ee/namespace.rb index 2bf453720afcde..86f35984d0f4c6 100644 --- a/ee/app/models/ee/namespace.rb +++ b/ee/app/models/ee/namespace.rb @@ -720,6 +720,16 @@ def custom_roles_enabled? root_ancestor.licensed_feature_available?(:custom_roles) end + def can_assign_custom_roles_to_group_links? + return false unless custom_roles_enabled? + + if ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) + return ::Feature.enabled?(:assign_custom_roles_to_group_links_saas, root_ancestor) + end + + ::Feature.enabled?(:assign_custom_roles_to_group_links_sm, :instance) + end + # This method is used to optimize preloading of custom roles on SaaS # where custom roles are required to be defined at the root group. # If there are no roles defined for the group, we return false and custom role queries are skipped. diff --git a/ee/spec/models/ee/member_spec.rb b/ee/spec/models/ee/member_spec.rb index 91dd84fba4ca6b..eaedea6dbd3f8f 100644 --- a/ee/spec/models/ee/member_spec.rb +++ b/ee/spec/models/ee/member_spec.rb @@ -4,6 +4,7 @@ RSpec.describe Member, type: :model, feature_category: :groups_and_projects do using RSpec::Parameterized::TableSyntax + include MemberRoleHelpers let_it_be(:user) { create(:user) } let_it_be(:group) { create(:group) } @@ -955,41 +956,77 @@ def webhook_data(group_member, event) let(:group_role) { create(:member_role, base_access_level: group_access, namespace: shared_group) } let(:member) do - create(:group_member, - access_level: user_access, + create_group_member( user: user, - group: invited_group, - member_role: user_role + source: invited_group, + member_role: user_role, + access_level: user_access ) end before do - create(:group_group_link, + create_group_link( group_access: group_access, shared_group: shared_group, shared_with_group: invited_group, - member_role: group_role) + member_role: group_role + ) end subject(:members) do invited_group - .members.with_group_group_sharing_access(shared_group, custom_roles_enabled) + .members.with_group_group_sharing_access(shared_group) .id_in(member.id).to_a end # more specs for group-sharing with custom roles are in Authz::MemberRoleInSharedGroup context 'when custom roles are enabled' do - let(:custom_roles_enabled) { true } + before do + allow(shared_group).to receive(:can_assign_custom_roles_to_group_links?).and_return(true) + end it 'returns minimum access level and expected member role' do expect(members.size).to eq(1) expect(members.first.access_level).to eq(expected_access_level) expect(members.first.member_role_id).to eq expected_member_role.id end + + context 'when `use_user_group_member_roles` feature flag is enabled' do + before do + stub_feature_flags(use_user_group_member_roles: true) + end + + it 'returns expected access level and member role' do + expect(members.size).to eq(1) + expect(members.first.access_level).to eq(expected_access_level) + expect(members.first.member_role_id).to eq expected_member_role.id + end + + context 'when user is also a direct member of the group' do + let_it_be(:role) { create(:member_role, :developer, namespace: shared_group) } + + let_it_be(:direct_member) do + create_group_member( + user: user, + source: shared_group, + member_role: role, + access_level: Gitlab::Access::DEVELOPER + ) + end + + it 'returns member role from the invited group' do + expect(members.size).to eq(1) + expect(members.first.access_level).to eq(expected_access_level) + expect(members.first.member_role_id).to eq expected_member_role.id + end + end + end end context 'when custom roles are not enabled' do - let(:custom_roles_enabled) { false } + before do + allow(shared_group).to receive(:can_assign_custom_roles_to_group_links?).and_return(false) + end it 'returns minimum access level and nil member role' do expect(members.size).to eq(1) diff --git a/ee/spec/models/ee/namespace_spec.rb b/ee/spec/models/ee/namespace_spec.rb index 087f5dea7ae185..f387c6e6fa84f2 100644 --- a/ee/spec/models/ee/namespace_spec.rb +++ b/ee/spec/models/ee/namespace_spec.rb @@ -2899,6 +2899,54 @@ def yielded_projects(group) end end + describe '#can_assign_custom_roles_to_group_links?', feature_category: :system_access do + let_it_be(:namespace) { create(:group) } + let(:group) { namespace } + + let(:licensed_feature_available) { true } + + before do + stub_licensed_features(custom_roles: licensed_feature_available) + end + + subject(:custom_roles_to_group_links) { group.can_assign_custom_roles_to_group_links? } + + it { is_expected.to eq true } + + context 'when on SaaS', :saas do + context 'when feature-flag `assign_custom_roles_to_group_links_saas` is disabled' do + before do + stub_feature_flags(assign_custom_roles_to_group_links_saas: false) + end + + it { is_expected.to eq false } + end + end + + context 'when on self-managed' do + context 'when feature-flag `assign_custom_roles_to_group_links_sm` is disabled' do + before do + stub_feature_flags(assign_custom_roles_to_group_links_sm: false) + end + + it { is_expected.to eq false } + end + end + + context 'when licensed feature is not available' do + let(:licensed_feature_available) { false } + + it { is_expected.to eq false } + end + + context 'when sub-group' do + let_it_be(:subgroup) { create(:group, parent: namespace) } + let(:group) { subgroup } + + it { is_expected.to eq true } + end + end + describe '#should_process_custom_roles?', feature_category: :system_access do let_it_be(:namespace, refind: true) { create(:group) } diff --git a/spec/models/member_spec.rb b/spec/models/member_spec.rb index 10583e8a964c57..9a5a48889906f6 100644 --- a/spec/models/member_spec.rb +++ b/spec/models/member_spec.rb @@ -1196,7 +1196,7 @@ specify do members = invited_group .members - .with_group_group_sharing_access(shared_group, false) + .with_group_group_sharing_access(shared_group) .id_in(member.id) .to_a -- GitLab From 31abe85d1c36ba1342f63fbb22464d5e3fc5c0a0 Mon Sep 17 00:00:00 2001 From: Hinam Mehra Date: Tue, 9 Sep 2025 12:18:26 +1000 Subject: [PATCH 2/2] Move can_assign_custom_roles_to_group_links method from helper to model - Remove the method from helpers into project & namespace model so it's in one place --- ee/app/helpers/ee/invite_members_helper.rb | 4 +- ee/app/helpers/group_links_helper.rb | 11 --- ee/app/helpers/project_links_helper.rb | 14 ---- ee/app/models/ee/group_group_link.rb | 2 +- ee/app/models/ee/project.rb | 10 +++ ee/app/models/ee/project_group_link.rb | 3 +- .../user_member_roles_in_groups_preloader.rb | 8 +- ...user_member_roles_in_projects_preloader.rb | 8 +- .../ee/group_link/group_link_entity.rb | 7 +- .../ee/groups/group_links/create_service.rb | 2 +- .../ee/groups/group_links/update_service.rb | 2 +- .../ee/projects/group_links/create_service.rb | 3 +- .../ee/projects/group_links/update_service.rb | 3 +- ee/lib/ee/api/entities/project_group_link.rb | 4 +- .../api/entities/shared_group_with_group.rb | 2 +- .../helpers/ee/invite_members_helper_spec.rb | 4 +- ee/spec/helpers/group_links_helper_spec.rb | 74 ------------------- ee/spec/helpers/project_links_helper_spec.rb | 53 ------------- ee/spec/models/ee/group_group_link_spec.rb | 2 +- ee/spec/requests/api/groups_spec.rb | 7 +- .../group_group_link_entity_spec.rb | 3 +- .../groups/group_links/create_service_spec.rb | 3 +- .../groups/group_links/update_service_spec.rb | 3 +- 23 files changed, 33 insertions(+), 199 deletions(-) delete mode 100644 ee/app/helpers/project_links_helper.rb delete mode 100644 ee/spec/helpers/project_links_helper_spec.rb diff --git a/ee/app/helpers/ee/invite_members_helper.rb b/ee/app/helpers/ee/invite_members_helper.rb index 6d2d8681dbc192..84b81408a7eb7a 100644 --- a/ee/app/helpers/ee/invite_members_helper.rb +++ b/ee/app/helpers/ee/invite_members_helper.rb @@ -88,9 +88,9 @@ def overage_members_modal_available private def custom_roles_enabled?(source) - return custom_role_for_project_link_enabled?(source) if source.is_a?(Project) + return source.can_assign_custom_roles_to_project_links? if source.is_a?(Project) - custom_role_for_group_link_enabled?(source) + source.can_assign_custom_roles_to_group_links? end end end diff --git a/ee/app/helpers/group_links_helper.rb b/ee/app/helpers/group_links_helper.rb index 74dbb51fe2ffd2..69cae4c6014a5e 100644 --- a/ee/app/helpers/group_links_helper.rb +++ b/ee/app/helpers/group_links_helper.rb @@ -19,15 +19,4 @@ def group_link_role_name(group_link) group_link.human_access end end - - def custom_role_for_group_link_enabled?(group) - return false unless group - return false unless group.custom_roles_enabled? - - if ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) - return ::Feature.enabled?(:assign_custom_roles_to_group_links_saas, group.root_ancestor) - end - - ::Feature.enabled?(:assign_custom_roles_to_group_links_sm, :instance) - end end diff --git a/ee/app/helpers/project_links_helper.rb b/ee/app/helpers/project_links_helper.rb deleted file mode 100644 index e081ed90e171ce..00000000000000 --- a/ee/app/helpers/project_links_helper.rb +++ /dev/null @@ -1,14 +0,0 @@ -# frozen_string_literal: true - -module ProjectLinksHelper - def custom_role_for_project_link_enabled?(project) - return false unless project - return false unless project.root_ancestor.custom_roles_enabled? - - if ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) - ::Feature.enabled?(:assign_custom_roles_to_project_links_saas, project.root_ancestor) - else - ::License.feature_available?(:custom_roles) - end - end -end diff --git a/ee/app/models/ee/group_group_link.rb b/ee/app/models/ee/group_group_link.rb index 540a651d9f6a26..2556f6f7d94949 100644 --- a/ee/app/models/ee/group_group_link.rb +++ b/ee/app/models/ee/group_group_link.rb @@ -22,7 +22,7 @@ module GroupGroupLink override :human_access def human_access - return member_role.name if custom_role_for_group_link_enabled?(group) && member_role + return member_role.name if group.can_assign_custom_roles_to_group_links? && member_role super end diff --git a/ee/app/models/ee/project.rb b/ee/app/models/ee/project.rb index 89f71aecdd2433..439e5d1094461e 100644 --- a/ee/app/models/ee/project.rb +++ b/ee/app/models/ee/project.rb @@ -617,6 +617,16 @@ def custom_roles_enabled? root_ancestor.custom_roles_enabled? end + def can_assign_custom_roles_to_project_links? + return false unless custom_roles_enabled? + + if ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) + return ::Feature.enabled?(:assign_custom_roles_to_project_links_saas, root_ancestor) + end + + ::License.feature_available?(:custom_roles) + end + def project_epics_enabled? return group.project_epics_enabled? if group diff --git a/ee/app/models/ee/project_group_link.rb b/ee/app/models/ee/project_group_link.rb index a711483b8d8bac..f33ec02b67577f 100644 --- a/ee/app/models/ee/project_group_link.rb +++ b/ee/app/models/ee/project_group_link.rb @@ -4,7 +4,6 @@ module EE module ProjectGroupLink extend ActiveSupport::Concern extend ::Gitlab::Utils::Override - include ProjectLinksHelper prepended do include ::MemberRoles::MemberRoleRelation @@ -53,7 +52,7 @@ def group_with_allowed_email_domains override :human_access def human_access - return member_role.name if member_role && custom_role_for_project_link_enabled?(project) + return member_role.name if member_role && project.can_assign_custom_roles_to_group_links? super end diff --git a/ee/app/models/preloaders/user_member_roles_in_groups_preloader.rb b/ee/app/models/preloaders/user_member_roles_in_groups_preloader.rb index af5584b726a7d6..bed696d0a84894 100644 --- a/ee/app/models/preloaders/user_member_roles_in_groups_preloader.rb +++ b/ee/app/models/preloaders/user_member_roles_in_groups_preloader.rb @@ -145,13 +145,7 @@ def enabled_group_permissions strong_memoize_attr :enabled_group_permissions def custom_role_for_group_link_enabled? - if ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) - group_relation.any? do |group| - ::Feature.enabled?(:assign_custom_roles_to_group_links_saas, group.root_ancestor) - end - else - ::Feature.enabled?(:assign_custom_roles_to_group_links_sm, :instance) - end + group_relation.any?(&:can_assign_custom_roles_to_group_links) end def log_statistics(group_ids) diff --git a/ee/app/models/preloaders/user_member_roles_in_projects_preloader.rb b/ee/app/models/preloaders/user_member_roles_in_projects_preloader.rb index f70b32c9f176f6..6734721e71b5bd 100644 --- a/ee/app/models/preloaders/user_member_roles_in_projects_preloader.rb +++ b/ee/app/models/preloaders/user_member_roles_in_projects_preloader.rb @@ -174,12 +174,8 @@ def enabled_project_permissions strong_memoize_attr :enabled_project_permissions def custom_role_for_group_link_enabled? - if ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) - projects_relation.any? do |project| - ::Feature.enabled?(:assign_custom_roles_to_group_links_saas, project.root_ancestor) - end - else - ::Feature.enabled?(:assign_custom_roles_to_group_links_sm, :instance) + projects_relation.any? do |project| + project&.root_ancestor&.can_assign_custom_roles_to_group_links? end end diff --git a/ee/app/serializers/ee/group_link/group_link_entity.rb b/ee/app/serializers/ee/group_link/group_link_entity.rb index 612b7ed3f77bf4..d06cfd206b711e 100644 --- a/ee/app/serializers/ee/group_link/group_link_entity.rb +++ b/ee/app/serializers/ee/group_link/group_link_entity.rb @@ -6,9 +6,6 @@ module GroupLinkEntity extend ActiveSupport::Concern prepended do - include GroupLinksHelper - include ProjectLinksHelper - expose :access_level, override: true do expose :human_access, as: :string_value expose :group_access, as: :integer_value @@ -37,9 +34,9 @@ def custom_roles(link) end def custom_role_assignable?(link) - return custom_role_for_project_link_enabled?(link.project) if link.is_a?(::ProjectGroupLink) + return link.project.can_assign_custom_roles_to_project_links? if link.is_a?(::ProjectGroupLink) - custom_role_for_group_link_enabled?(link.shared_group) + link.shared_group.can_assign_custom_roles_to_group_links? end end end diff --git a/ee/app/services/ee/groups/group_links/create_service.rb b/ee/app/services/ee/groups/group_links/create_service.rb index 51d6762ab5cf3e..042528360f338c 100644 --- a/ee/app/services/ee/groups/group_links/create_service.rb +++ b/ee/app/services/ee/groups/group_links/create_service.rb @@ -25,7 +25,7 @@ def after_successful_save override :remove_unallowed_params def remove_unallowed_params - params.delete(:member_role_id) unless custom_role_for_group_link_enabled?(group) + params.delete(:member_role_id) unless group.can_assign_custom_roles_to_group_links? super end diff --git a/ee/app/services/ee/groups/group_links/update_service.rb b/ee/app/services/ee/groups/group_links/update_service.rb index 3064929728b5b5..8fc9a939091b45 100644 --- a/ee/app/services/ee/groups/group_links/update_service.rb +++ b/ee/app/services/ee/groups/group_links/update_service.rb @@ -19,7 +19,7 @@ def execute(group_link_params) override :remove_unallowed_params def remove_unallowed_params - if group_link_params[:member_role_id] && !custom_role_for_group_link_enabled?(group_link.shared_group) + if group_link_params[:member_role_id] && !group_link.shared_group.can_assign_custom_roles_to_group_links? group_link_params.delete(:member_role_id) end diff --git a/ee/app/services/ee/projects/group_links/create_service.rb b/ee/app/services/ee/projects/group_links/create_service.rb index c49ed2768d6db8..699d1fe7b031aa 100644 --- a/ee/app/services/ee/projects/group_links/create_service.rb +++ b/ee/app/services/ee/projects/group_links/create_service.rb @@ -5,7 +5,6 @@ module Projects module GroupLinks module CreateService extend ::Gitlab::Utils::Override - include ProjectLinksHelper override :execute def execute @@ -66,7 +65,7 @@ def build_link super link.tap do |l| - l.member_role_id = params[:member_role_id] if custom_role_for_project_link_enabled?(project) + l.member_role_id = params[:member_role_id] if project.can_assign_custom_roles_to_project_links? end end end diff --git a/ee/app/services/ee/projects/group_links/update_service.rb b/ee/app/services/ee/projects/group_links/update_service.rb index 53cb6300a7d5bf..5abdf641d544ae 100644 --- a/ee/app/services/ee/projects/group_links/update_service.rb +++ b/ee/app/services/ee/projects/group_links/update_service.rb @@ -5,7 +5,6 @@ module Projects module GroupLinks module UpdateService extend ::Gitlab::Utils::Override - include ProjectLinksHelper override :execute def execute(group_link_params) @@ -18,7 +17,7 @@ def execute(group_link_params) override :permitted_attributes def permitted_attributes - return super unless custom_role_for_project_link_enabled?(group_link.project) + return super unless group_link.project.can_assign_custom_roles_to_project_links? super + %i[member_role_id] end diff --git a/ee/lib/ee/api/entities/project_group_link.rb b/ee/lib/ee/api/entities/project_group_link.rb index 634432f0946891..66975fdefb798b 100644 --- a/ee/lib/ee/api/entities/project_group_link.rb +++ b/ee/lib/ee/api/entities/project_group_link.rb @@ -7,10 +7,8 @@ module ProjectGroupLink extend ActiveSupport::Concern prepended do - include ProjectLinksHelper - expose :member_role_id, documentation: { type: 'integer', example: 12 }, if: ->(link, _) do - custom_role_for_project_link_enabled?(link.project) + link.project.can_assign_custom_roles_to_project_links? end end end diff --git a/ee/lib/ee/api/entities/shared_group_with_group.rb b/ee/lib/ee/api/entities/shared_group_with_group.rb index 9600c61c5b49c4..dbd37efb3678ad 100644 --- a/ee/lib/ee/api/entities/shared_group_with_group.rb +++ b/ee/lib/ee/api/entities/shared_group_with_group.rb @@ -10,7 +10,7 @@ module SharedGroupWithGroup include GroupLinksHelper expose :member_role_id, documentation: { type: 'integer', example: 12 }, if: ->(group_link, _) do - custom_role_for_group_link_enabled?(group_link.shared_group) + group_link.shared_group.can_assign_custom_roles_to_group_links? end end end diff --git a/ee/spec/helpers/ee/invite_members_helper_spec.rb b/ee/spec/helpers/ee/invite_members_helper_spec.rb index 7d18d0acb89431..cf66e344c5341b 100644 --- a/ee/spec/helpers/ee/invite_members_helper_spec.rb +++ b/ee/spec/helpers/ee/invite_members_helper_spec.rb @@ -25,7 +25,7 @@ subject(:data) { helper.common_invite_group_modal_data(group, GroupMember) } before do - allow(helper).to receive(:custom_role_for_group_link_enabled?).with(group) + allow(group).to receive(:can_assign_custom_roles_to_group_links?) .and_return(custom_role_for_group_link_enabled) end @@ -46,7 +46,7 @@ subject(:data) { helper.common_invite_group_modal_data(project, ProjectMember) } before do - allow(helper).to receive(:custom_role_for_project_link_enabled?).with(project) + allow(project).to receive(:can_assign_custom_roles_to_project_links?) .and_return(custom_role_for_project_link_enabled) end diff --git a/ee/spec/helpers/group_links_helper_spec.rb b/ee/spec/helpers/group_links_helper_spec.rb index 611eb171a9a25a..581825025fc927 100644 --- a/ee/spec/helpers/group_links_helper_spec.rb +++ b/ee/spec/helpers/group_links_helper_spec.rb @@ -62,78 +62,4 @@ it { is_expected.to eq('Guest') } end end - - describe '#custom_role_for_group_link_enabled?' do - subject(:custom_role_enabled) { helper.custom_role_for_group_link_enabled?(group) } - - before do - stub_licensed_features(custom_roles: true) - end - - context 'when on SaaS', :saas do - context 'when feature-flag `assign_custom_roles_to_group_links_saas` for group is enabled' do - before do - stub_feature_flags(assign_custom_roles_to_group_links_saas: [group]) - end - - it { is_expected.to be(true) } - - context 'when subject is sub-group' do - let(:sub_group) { build(:group, parent: group) } - - subject(:custom_role_enabled_for_subgroup) { helper.custom_role_for_group_link_enabled?(sub_group) } - - it { is_expected.to be(true) } - end - end - - context 'when feature-flag `assign_custom_roles_to_group_links_saas` for another group is enabled' do - let(:another_group) { build(:group) } - - before do - stub_feature_flags(assign_custom_roles_to_group_links_saas: [another_group]) - end - - it { is_expected.to be(false) } - end - - context 'when feature-flag `assign_custom_roles_to_group_links_saas` is disabled' do - before do - stub_feature_flags(assign_custom_roles_to_group_links_saas: false) - end - - it { is_expected.to be(false) } - end - - context 'when custom roles are disabled' do - before do - stub_licensed_features(custom_roles: false) - end - - it { is_expected.to be(false) } - end - end - - context 'when on self-managed' do - context 'when feature-flag `assign_custom_roles_to_group_links_sm` is enabled' do - it { is_expected.to be(true) } - end - - context 'when feature-flag `assign_custom_roles_to_group_links_sm` is disabled' do - before do - stub_feature_flags(assign_custom_roles_to_group_links_sm: false) - end - - it { is_expected.to be(false) } - end - - context 'when custom roles are disabled' do - before do - stub_licensed_features(custom_roles: false) - end - - it { is_expected.to be(false) } - end - end - end end diff --git a/ee/spec/helpers/project_links_helper_spec.rb b/ee/spec/helpers/project_links_helper_spec.rb deleted file mode 100644 index de4b2e3a16ec0b..00000000000000 --- a/ee/spec/helpers/project_links_helper_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe ProjectLinksHelper, feature_category: :system_access do - let_it_be(:project) { build(:project) } - - describe '#custom_role_for_project_link_enabled?' do - subject(:enabled) { helper.custom_role_for_project_link_enabled?(project) } - - before do - stub_licensed_features(custom_roles: true) - end - - context 'when on SaaS', :saas do - it { is_expected.to be(true) } - - context 'when feature flag `assign_custom_roles_to_project_links_saas` is disabled' do - before do - stub_feature_flags(assign_custom_roles_to_project_links_saas: false) - end - - it { is_expected.to be(false) } - end - - context 'when custom roles is disabled' do - before do - stub_licensed_features(custom_roles: false) - end - - it { is_expected.to be(false) } - end - end - - context 'when on self-managed' do - context 'when custom roles feature is available' do - before do - stub_licensed_features(custom_roles: true) - end - - it { is_expected.to be(true) } - end - - context 'when custom roles feature is not available' do - before do - stub_licensed_features(custom_roles: false) - end - - it { is_expected.to be(false) } - end - end - end -end diff --git a/ee/spec/models/ee/group_group_link_spec.rb b/ee/spec/models/ee/group_group_link_spec.rb index 9e8f97d3fe0603..dc4102591ffc84 100644 --- a/ee/spec/models/ee/group_group_link_spec.rb +++ b/ee/spec/models/ee/group_group_link_spec.rb @@ -110,7 +110,7 @@ let_it_be(:group_group_link) { create(:group_group_link, member_role_id: member_role.id) } before do - allow(group_group_link).to receive(:custom_role_for_group_link_enabled?) + allow(group_group_link.group).to receive(:can_assign_custom_roles_to_group_links?) .and_return(custom_role_for_group_link_enabled) end diff --git a/ee/spec/requests/api/groups_spec.rb b/ee/spec/requests/api/groups_spec.rb index caadac4b99b387..9f5d37d0e82892 100644 --- a/ee/spec/requests/api/groups_spec.rb +++ b/ee/spec/requests/api/groups_spec.rb @@ -2206,11 +2206,8 @@ let(:params) { { group_id: invited_group.id, group_access: Gitlab::Access::DEVELOPER, member_role_id: member_role.id } } before do - allow_next_instance_of(::Groups::GroupLinks::CreateService) do |service| - allow(service).to receive(:custom_role_for_group_link_enabled?) - .with(group) - .and_return(custom_role_for_group_link_enabled) - end + allow(group).to receive(:can_assign_custom_roles_to_group_links?) + .and_return(custom_role_for_group_link_enabled) end context 'when custom_roles feature is enabled' do diff --git a/ee/spec/serializers/ee/group_link/group_group_link_entity_spec.rb b/ee/spec/serializers/ee/group_link/group_group_link_entity_spec.rb index c1d2a6eeb3a50b..90085b2e104e7d 100644 --- a/ee/spec/serializers/ee/group_link/group_group_link_entity_spec.rb +++ b/ee/spec/serializers/ee/group_link/group_group_link_entity_spec.rb @@ -26,8 +26,7 @@ context 'when fetching member roles' do before do - allow(entity).to receive(:custom_role_for_group_link_enabled?) - .with(shared_group) + allow(shared_group).to receive(:can_assign_custom_roles_to_group_links?) .and_return(custom_role_for_group_link_enabled) end diff --git a/ee/spec/services/ee/groups/group_links/create_service_spec.rb b/ee/spec/services/ee/groups/group_links/create_service_spec.rb index 208ffcec9e0d83..de05b18d928b90 100644 --- a/ee/spec/services/ee/groups/group_links/create_service_spec.rb +++ b/ee/spec/services/ee/groups/group_links/create_service_spec.rb @@ -123,8 +123,7 @@ let(:opts) { { shared_group_access: Gitlab::Access::DEVELOPER, member_role_id: member_role.id } } before do - allow(service).to receive(:custom_role_for_group_link_enabled?) - .with(group) + allow(group).to receive(:can_assign_custom_roles_to_group_links?) .and_return(custom_role_for_group_link_enabled) end diff --git a/ee/spec/services/ee/groups/group_links/update_service_spec.rb b/ee/spec/services/ee/groups/group_links/update_service_spec.rb index bcde9ddaaacb75..0694890aaee2f7 100644 --- a/ee/spec/services/ee/groups/group_links/update_service_spec.rb +++ b/ee/spec/services/ee/groups/group_links/update_service_spec.rb @@ -48,8 +48,7 @@ let(:group_link_params) { { member_role_id: member_role.id } } before do - allow(service).to receive(:custom_role_for_group_link_enabled?) - .with(group) + allow(group).to receive(:can_assign_custom_roles_to_group_links?) .and_return(custom_role_for_group_link_enabled) end -- GitLab