Reinstate org owner admin mode after revert
What does this MR do and why?
A merge of !151722 (merged) had to be reverted due to a master broken. The spec in master was corrected with !154507 (merged). Leading to one small adjustment in this MR. This MR reinstates the original MR of !151722 (merged).
I've copied the original MR description below:
In Broadly extend organization owner group permiss... (!145996 - merged) admin mode was ignored. This MR integrates admin mode so that an admin on an instance with admin mode enabled, will need to enable admin mode for their session for their organization ownership permissions to be acknowledged.
This MR removes a lot of uses of the :without_default_org
trait in the specs that were a temporary stop gap until this MR.
Here's some context on admin mode in case you're not familiar. Admin mode is a setting that can be enabled on an instance that forces an admin to perform a second authentication to receive admin rights. If the admin mode setting is disabled, then admins have full rights at all times.
DB Changes
The change in app/finders/concerns/finder_with_group_hierarchy.rb
results in an extra query for organizations: SELECT "organizations".* FROM "organizations" WHERE "organizations"."id" = 1
[4] pry(main)> LabelsFinder.new(User.last, {project_id: 6}).execute
User Load (0.8ms) SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/app/models/concerns/use_sql_function_for_primary_key_lookups.rb:8:in `_query_by_sql'*/
Project Load (0.8ms) SELECT "projects"."id", "projects"."name", "projects"."path", "projects"."description", "projects"."created_at", "projects"."updated_at", "projects"."creator_id", "projects"."namespace_id", "projects"."last_activity_at", "projects"."import_url", "projects"."visibility_level", "projects"."archived", "projects"."avatar", "projects"."merge_requests_template", "projects"."star_count", "projects"."merge_requests_rebase_enabled", "projects"."import_type", "projects"."import_source", "projects"."approvals_before_merge", "projects"."reset_approvals_on_push", "projects"."merge_requests_ff_only_enabled", "projects"."issues_template", "projects"."mirror", "projects"."mirror_last_update_at", "projects"."mirror_last_successful_update_at", "projects"."mirror_user_id", "projects"."shared_runners_enabled", "projects"."runners_token", "projects"."build_allow_git_fetch", "projects"."build_timeout", "projects"."mirror_trigger_builds", "projects"."pending_delete", "projects"."public_builds", "projects"."last_repository_check_failed", "projects"."last_repository_check_at", "projects"."only_allow_merge_if_pipeline_succeeds", "projects"."has_external_issue_tracker", "projects"."repository_storage", "projects"."repository_read_only", "projects"."request_access_enabled", "projects"."has_external_wiki", "projects"."ci_config_path", "projects"."lfs_enabled", "projects"."description_html", "projects"."only_allow_merge_if_all_discussions_are_resolved", "projects"."repository_size_limit", "projects"."printing_merge_request_link_enabled", "projects"."auto_cancel_pending_pipelines", "projects"."service_desk_enabled", "projects"."cached_markdown_version", "projects"."delete_error", "projects"."last_repository_updated_at", "projects"."disable_overriding_approvers_per_merge_request", "projects"."storage_version", "projects"."resolve_outdated_diff_discussions", "projects"."remote_mirror_available_overridden", "projects"."only_mirror_protected_branches", "projects"."pull_mirror_available_overridden", "projects"."jobs_cache_index", "projects"."external_authorization_classification_label", "projects"."mirror_overwrites_diverged_branches", "projects"."pages_https_only", "projects"."external_webhook_token", "projects"."packages_enabled", "projects"."merge_requests_author_approval", "projects"."pool_repository_id", "projects"."runners_token_encrypted", "projects"."bfg_object_map", "projects"."detected_repository_languages", "projects"."merge_requests_disable_committers_approval", "projects"."require_password_to_approve", "projects"."max_pages_size", "projects"."max_artifacts_size", "projects"."pull_mirror_branch_prefix", "projects"."remove_source_branch_after_merge", "projects"."marked_for_deletion_at", "projects"."marked_for_deletion_by_user_id", "projects"."autoclose_referenced_issues", "projects"."suggestion_commit_message", "projects"."project_namespace_id", "projects"."hidden", "projects"."organization_id" FROM "projects" WHERE "projects"."id" = 6 LIMIT 1 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/app/models/concerns/use_sql_function_for_primary_key_lookups.rb:8:in `_query_by_sql'*/
Group Load (0.4ms) SELECT "namespaces"."id", "namespaces"."name", "namespaces"."path", "namespaces"."owner_id", "namespaces"."created_at", "namespaces"."updated_at", "namespaces"."type", "namespaces"."description", "namespaces"."avatar", "namespaces"."membership_lock", "namespaces"."share_with_group_lock", "namespaces"."visibility_level", "namespaces"."request_access_enabled", "namespaces"."ldap_sync_status", "namespaces"."ldap_sync_error", "namespaces"."ldap_sync_last_update_at", "namespaces"."ldap_sync_last_successful_update_at", "namespaces"."ldap_sync_last_sync_at", "namespaces"."description_html", "namespaces"."lfs_enabled", "namespaces"."parent_id", "namespaces"."shared_runners_minutes_limit", "namespaces"."repository_size_limit", "namespaces"."require_two_factor_authentication", "namespaces"."two_factor_grace_period", "namespaces"."cached_markdown_version", "namespaces"."project_creation_level", "namespaces"."runners_token", "namespaces"."file_template_project_id", "namespaces"."saml_discovery_token", "namespaces"."runners_token_encrypted", "namespaces"."custom_project_templates_group_id", "namespaces"."auto_devops_enabled", "namespaces"."extra_shared_runners_minutes_limit", "namespaces"."last_ci_minutes_notification_at", "namespaces"."last_ci_minutes_usage_notification_level", "namespaces"."subgroup_creation_level", "namespaces"."max_pages_size", "namespaces"."max_artifacts_size", "namespaces"."mentions_disabled", "namespaces"."default_branch_protection", "namespaces"."max_personal_access_token_lifetime", "namespaces"."push_rule_id", "namespaces"."shared_runners_enabled", "namespaces"."allow_descendants_override_disabled_shared_runners", "namespaces"."traversal_ids", "namespaces"."organization_id" FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND "namespaces"."id" = 31 LIMIT 1 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/app/models/concerns/use_sql_function_for_primary_key_lookups.rb:8:in `_query_by_sql'*/
License Load (0.3ms) SELECT "licenses".* FROM "licenses" ORDER BY "licenses"."id" DESC LIMIT 100 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/ee/app/models/license.rb:94:in `filter_map'*/
Namespaces::NamespaceBan Load (2.4ms) SELECT "namespace_bans".* FROM "namespace_bans" WHERE "namespace_bans"."user_id" = 68 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/ee/app/policies/ee/project_policy.rb:213:in `block (2 levels) in <module:ProjectPolicy>'*/
ProjectFeature Load (0.1ms) SELECT "project_features".* FROM "project_features" WHERE "project_features"."project_id" = 6 LIMIT 1 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/app/policies/project_policy.rb:1103:in `access_allowed_to?'*/
Organizations::Organization Load (3.5ms) SELECT "organizations".* FROM "organizations" WHERE "organizations"."id" = 1 /*application:console,db_config_name:main,console_hostname:alexs-mbp.lan,console_username:alex,line:/app/finders/concerns/finder_with_group_hierarchy.rb:81:in `preload_associations'*/
...
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Closes #463948 (closed)