Skip to content

Resolve "[BE] Remove user seat assignment on SM"

Bishwa Hang Rai requested to merge 432213-sm-remove-seat-assignment into master

What does this MR do and why?

This MR handles the scenario when namespace is nil for the purchased add-on.

In the context of self-managed instance, namespace is nil , as the subscription and add_on is bought for the entire SM instance, and not specific top-level (root) namespace.

The resolver itself doesn't have any vital usage of namespace, except for logging params. We have simply used safety navigation operation & to handle it.

New request specs are added to assert that only admin is authorized to remove seat assignment, when there is no namespace associated with add_on_purchase .

The query is agnostic of SaaS and SM, and performs the assignment removal, when called with correct authorization and parameters.

Screenshots or screen recordings

Removing user assignment from AddOnPurchase on SM instance:

Success Removal

Failure removal

Screenshot 2023-11-30 at 12.10.09.png

How to set up and validate locally

  1. Make sure that GDK is run as self-managed instance, i.e., GITLAB_SIMULATE_SAAS=0 gdk restart
  2. Open up a rails console GITLAB_SIMULATE_SAAS=0 gdk rails c
  3. Create a new AddOnPurchase record for testing:
# cleanup any existing old test records
::GitlabSubscriptions::AddOnPurchase.destroy_all
# create an add_on record if not already created
add_on = GitlabSubscriptions::AddOn.find_or_create_by!(name: "code_suggestions") {|e| e.description = "Test"}
# create add_on_purchase record without the namespace, mimicking SM instance
add_on_purchase = GitlabSubscriptions::AddOnPurchase.create!(add_on: add_on, expires_on: 1.year.from_now, quantity: 10, purchase_xid: 'A-12345')
add_on_purchase.to_global_id.to_s # "gid://gitlab/GitlabSubscriptions::AddOnPurchase/9"

# create some assignments
add_on_purchase.assigned_users.create!(user: (User.find 85))

# enable the feature flag
Feature.enable(:hamilton_seat_management)

Testing in GraphQL

mutation {
  userAddOnAssignmentRemove(
    input: {
      userId: "gid://gitlab/User/85",
      addOnPurchaseId: "gid://gitlab/GitlabSubscriptions::AddOnPurchase/9",
    }) {
    errors
  }
}
  1. Go to http://gdk.test:3000/-/graphql-explorer, logged in as admin
  2. Enter the query above, it should return correct response: "errors": []
  3. We can double check in console: add_on_purchase.assigned_users.count # returns 0
  4. Log out as admin, and log in as owner of some group
  5. Hard reset (CMD + SHIFT + R) the http://gdk.test:3000/-/graphql-explorer page to set correct cookies for newly logged user.
  6. The query should return null as owner doesn't have access.

Note: To check that mutation works for existing SaaS context, please follow the steps on this MR.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #432213

Edited by Bishwa Hang Rai

Merge request reports