Add post migration to set value of occupies_seat column

- If a member role has base_access_level greater than GUEST, or has any of the skip_seat_consumption = true abilities enabled, then occupies_seat column for that member role should be set to true - Updates logic in the MemberRole model to set occupies_seat based on base_access_level Changelog: added

Add post migration to set value of occupies_seat column
abdb1960 · Hinam Mehra · 2fd1bb6c · abdb1960 · abdb1960 · abdb1960
Verified Commit abdb1960 authored 11 months ago by Hinam Mehra
--- a/db/post_migrate/20240307051421_update_occupies_seat_on_member_roles.rb
+++ b/db/post_migrate/20240307051421_update_occupies_seat_on_member_roles.rb
+# frozen_string_literal: true
+
+class UpdateOccupiesSeatOnMemberRoles < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  disable_ddl_transaction!
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  def up
+    sql = <<~SQL
+      UPDATE member_roles SET occupies_seat = TRUE
+      WHERE base_access_level > 10 OR (
+        base_access_level = 10 AND (
+          admin_cicd_variables = true OR
+          admin_group_member = true OR
+          admin_merge_request = true OR
+          admin_terraform_state = true OR
+          admin_vulnerability = true OR
+          archive_project = true OR
+          manage_group_access_tokens = true OR
+          manage_project_access_tokens = true OR
+          read_dependency = true OR
+          read_vulnerability = true OR
+          remove_group = true OR
+          remove_project = true
+        )
+      )
+    SQL
+
+    execute(sql)
+  end
+
+  def down
+    sql = <<~SQL
+      UPDATE member_roles SET occupies_seat = FALSE
+    SQL
+
+    execute(sql)
+  end
+end
--- a/db/schema_migrations/20240307051421
+++ b/db/schema_migrations/20240307051421
+740d566113ba29e6202a5a09d3f5eda9f0a32a77238954f273d635263389832c
\ No newline at end of file
--- a/ee/app/models/members/member_role.rb
+++ b/ee/app/models/members/member_role.rb
@@ -177,6 +177,7 @@ def prevent_delete_after_member_associated
  end

  def set_occupies_seat
-    self.occupies_seat = self.class.elevating_permissions.any? { |attr| self[attr] }
+    self.occupies_seat = base_access_level > Gitlab::Access::GUEST ||
+      self.class.elevating_permissions.any? { |attr| self[attr] }
  end
 end
--- a/ee/spec/models/members/member_role_spec.rb
+++ b/ee/spec/models/members/member_role_spec.rb
@@ -301,19 +301,25 @@
  describe 'before_save' do
    describe '#set_occupies_seat' do
      it 'sets to false when skip_seat_consumption for custom ability is true' do
-        member_role = create(:member_role, :read_code)
+        member_role = create(:member_role, :guest, :read_code)

        expect(member_role.occupies_seat).to be(false)
      end

      it 'sets to true when skip_seat_consumption for custom ability is false or nil' do
-        member_role = create(:member_role, :admin_terraform_state)
+        member_role = create(:member_role, :guest, :admin_terraform_state)

        expect(member_role.occupies_seat).to be(true)
      end

      it 'sets to true when at least one custom ability has skip_seat_consumption set to false or nil' do
-        member_role = create(:member_role, :read_code, :admin_terraform_state)
+        member_role = create(:member_role, :guest, :read_code, :admin_terraform_state)
+
+        expect(member_role.occupies_seat).to be(true)
+      end
+
+      it 'sets to true when base role is not guest' do
+        member_role = create(:member_role, :reporter, :read_code)

        expect(member_role.occupies_seat).to be(true)
      end

--- a/spec/migrations/20240307051421_update_occupies_seat_on_member_roles_spec.rb
+++ b/spec/migrations/20240307051421_update_occupies_seat_on_member_roles_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe UpdateOccupiesSeatOnMemberRoles, feature_category: :system_access do
+  let(:member_roles) { table(:member_roles) }
+
+  let!(:guest_member_role) do
+    member_roles.create!(
+      name: 'Guest member role',
+      base_access_level: 10,
+      read_code: true
+    )
+  end
+
+  let!(:guest_plus_member_role) do
+    member_roles.create!(
+      name: 'Guest+ member role',
+      base_access_level: 10,
+      read_vulnerability: true
+    )
+  end
+
+  let!(:reporter_member_role) do
+    member_roles.create!(
+      name: 'Reporter member role',
+      base_access_level: 20,
+      read_code: true
+    )
+  end
+
+  describe '#up' do
+    it 'updates occupies_seat to true for guest+ member roles' do
+      migrate!
+
+      expect(member_roles.pluck(:id, :occupies_seat)).to contain_exactly(
+        [guest_member_role.id, false],
+        [guest_plus_member_role.id, true],
+        [reporter_member_role.id, true]
+      )
+    end
+  end
+
+  describe '#down' do
+    it 'updates occupies_seat to false for all member roles' do
+      migrate!
+      schema_migrate_down!
+
+      expect(member_roles.pluck(:id, :occupies_seat)).to contain_exactly(
+        [guest_member_role.id, false],
+        [guest_plus_member_role.id, false],
+        [reporter_member_role.id, false]
+      )
+    end
+  end
+end