From 1b1898aa37636ecfce3101ac6892357625131a45 Mon Sep 17 00:00:00 2001
From: Pavel Shutsin <pshutsin@gitlab.com>
Date: Fri, 22 Feb 2019 14:58:56 +0300
Subject: [PATCH] Add managing group relation to user & group classes

Group configuration allows to enforce dedicated accounts
for its members. This commit adds DB structure for storing
information about dedicated accounts provisioned for specific group
---
 db/schema.rb                                  |  5 +++-
 ee/app/models/ee/group.rb                     |  2 ++
 ee/app/models/ee/user.rb                      |  6 +++++
 ...105948_add_user_managing_group_relation.rb | 15 ++++++++++++
 ...418_add_user_managing_group_relation_fk.rb | 23 +++++++++++++++++++
 ee/spec/models/ee/user_spec.rb                | 18 +++++++++++++--
 6 files changed, 66 insertions(+), 3 deletions(-)
 create mode 100644 ee/db/migrate/20190222105948_add_user_managing_group_relation.rb
 create mode 100644 ee/db/migrate/20190222110418_add_user_managing_group_relation_fk.rb

diff --git a/db/schema.rb b/db/schema.rb
index e82e32c812615c..28a0572c2fca97 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20190220150130) do
+ActiveRecord::Schema.define(version: 20190222110418) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -3118,6 +3118,7 @@
     t.boolean "include_private_contributions"
     t.string "commit_email"
     t.integer "group_view"
+    t.integer "managing_group_id"
     t.index ["accepted_term_id"], name: "index_users_on_accepted_term_id", using: :btree
     t.index ["admin"], name: "index_users_on_admin", using: :btree
     t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
@@ -3128,6 +3129,7 @@
     t.index ["ghost"], name: "index_users_on_ghost", using: :btree
     t.index ["group_view"], name: "index_users_on_group_view", using: :btree
     t.index ["incoming_email_token"], name: "index_users_on_incoming_email_token", using: :btree
+    t.index ["managing_group_id"], name: "index_users_on_managing_group_id", using: :btree
     t.index ["name"], name: "index_users_on_name", using: :btree
     t.index ["name"], name: "index_users_on_name_trigram", using: :gin, opclasses: {"name"=>"gin_trgm_ops"}
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
@@ -3578,6 +3580,7 @@
   add_foreign_key "user_statuses", "users", on_delete: :cascade
   add_foreign_key "user_synced_attributes_metadata", "users", on_delete: :cascade
   add_foreign_key "users", "application_setting_terms", column: "accepted_term_id", name: "fk_789cd90b35", on_delete: :cascade
+  add_foreign_key "users", "namespaces", column: "managing_group_id", name: "fk_a4b8fefe3e", on_delete: :nullify
   add_foreign_key "users_ops_dashboard_projects", "projects", on_delete: :cascade
   add_foreign_key "users_ops_dashboard_projects", "users", on_delete: :cascade
   add_foreign_key "users_star_projects", "projects", name: "fk_22cd27ddfc", on_delete: :cascade
diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb
index 60c3c576febc66..f8966548360434 100644
--- a/ee/app/models/ee/group.rb
+++ b/ee/app/models/ee/group.rb
@@ -27,6 +27,8 @@ module Group
 
       has_many :project_templates, through: :projects, foreign_key: 'custom_project_templates_group_id'
 
+      has_many :managed_users, class_name: 'User', foreign_key: 'managing_group_id', inverse_of: :managing_group
+
       belongs_to :file_template_project, class_name: "Project"
 
       # Use +checked_file_template_project+ instead, which implements important
diff --git a/ee/app/models/ee/user.rb b/ee/app/models/ee/user.rb
index cec848b75aa6d9..da1be2653560e5 100644
--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -51,6 +51,8 @@ module User
 
       has_many :smartcard_identities
 
+      belongs_to :managing_group, class_name: 'Group', optional: true, inverse_of: :managed_users
+
       scope :excluding_guests, -> { joins(:members).where('members.access_level > ?', ::Gitlab::Access::GUEST).distinct }
 
       scope :subscribed_for_admin_email, -> { where(admin_email_unsubscribed_at: nil) }
@@ -231,6 +233,10 @@ def group_sso?(group)
       end
     end
 
+    def group_managed_account?
+      managing_group.present?
+    end
+
     override :ldap_sync_time
     def ldap_sync_time
       ::Gitlab.config.ldap['sync_time']
diff --git a/ee/db/migrate/20190222105948_add_user_managing_group_relation.rb b/ee/db/migrate/20190222105948_add_user_managing_group_relation.rb
new file mode 100644
index 00000000000000..053cff9a60b7e1
--- /dev/null
+++ b/ee/db/migrate/20190222105948_add_user_managing_group_relation.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddUserManagingGroupRelation < ActiveRecord::Migration[5.0]
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  def change
+    add_column :users, :managing_group_id, :integer
+  end
+end
diff --git a/ee/db/migrate/20190222110418_add_user_managing_group_relation_fk.rb b/ee/db/migrate/20190222110418_add_user_managing_group_relation_fk.rb
new file mode 100644
index 00000000000000..ebc09c033d1794
--- /dev/null
+++ b/ee/db/migrate/20190222110418_add_user_managing_group_relation_fk.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddUserManagingGroupRelationFk < ActiveRecord::Migration[5.0]
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :users, :managing_group_id
+    add_concurrent_foreign_key :users, :namespaces, column: :managing_group_id, on_delete: :nullify
+  end
+
+  def down
+    remove_foreign_key :users, column: :managing_group_id
+    remove_concurrent_index :users, :managing_group_id
+  end
+end
diff --git a/ee/spec/models/ee/user_spec.rb b/ee/spec/models/ee/user_spec.rb
index b529f818f4a680..f2b24ba7affdcf 100644
--- a/ee/spec/models/ee/user_spec.rb
+++ b/ee/spec/models/ee/user_spec.rb
@@ -1,10 +1,10 @@
 require 'spec_helper'
 
 describe EE::User do
+  subject(:user) { User.new }
+
   describe 'user creation' do
     describe 'with defaults' do
-      let(:user) { User.new }
-
       it "applies defaults to user" do
         expect(user.group_view).to eq('details')
       end
@@ -378,4 +378,18 @@
       end
     end
   end
+
+  describe '#group_managed_account?' do
+    context 'when user has managing group linked' do
+      before do
+        subject.managing_group = Group.new
+      end
+
+      it { is_expected.to be_group_managed_account }
+    end
+
+    context 'when user has no linked managing group' do
+      it { is_expected.not_to be_group_managed_account }
+    end
+  end
 end
-- 
GitLab