Merge pull request #4212 from okriuchykhin/ok_SCI_6947

Update inventory global sharing logic to use new user assignments [SCI-6947]

app/models/repository.rb

@@ -30,8 +30,10 @@ class Repository < RepositoryBase
   has_many :repository_table_filters, dependent: :destroy
 
   before_save :sync_name_with_snapshots, if: :name_changed?
-  after_save :unassign_unshared_items, if: :saved_change_to_permission_level
+  before_save :assign_globally_shared_inventories, if: -> { permission_level_changed? && globally_shared? }
+  before_save :unassign_globally_shared_inventories, if: -> { permission_level_changed? && !globally_shared? }
   before_destroy :refresh_report_references_on_destroy, prepend: true
+  after_save :unassign_unshared_items, if: :saved_change_to_permission_level
 
   validates :name,
             presence: true,
@@ -40,6 +42,7 @@ class Repository < RepositoryBase
 
   scope :active, -> { where(archived: false) }
   scope :archived, -> { where(archived: true) }
+  scope :globally_shared, -> { where(permission_level: %i(shared_read shared_write)) }
 
   scope :accessible_by_teams, lambda { |teams|
     accessible_repositories = left_outer_joins(:team_shared_objects)
@@ -129,6 +132,10 @@ class Repository < RepositoryBase
     shared_with_anybody? && self.team == team
   end
 
+  def globally_shared?
+    shared_read? || shared_write?
+  end
+
   def shared_with_anybody?
     (!not_shared? || team_shared_objects.any?)
   end
@@ -240,6 +247,27 @@ class Repository < RepositoryBase
     repository_snapshots.update(name: name)
   end
 
+  def assign_globally_shared_inventories
+    viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
+    normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)
+
+    team_shared_objects.find_each(&:destroy!)
+
+    Team.where.not(id: team.id).find_each do |team|
+      team.users.find_each do |user|
+        team.repository_sharing_user_assignments.create!(
+          user: user,
+          user_role: shared_write? ? normal_user_role : viewer_role,
+          assignable: self
+        )
+      end
+    end
+  end
+
+  def unassign_globally_shared_inventories
+    user_assignments.where.not(team: team).find_each(&:destroy!)
+  end
+
   def refresh_report_references_on_destroy
     report_elements.find_each do |report_element|
       repository_snapshot = report_element.my_module

app/models/team_shared_object.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 class TeamSharedObject < ApplicationRecord
-  enum permission_level: Extends::SHARED_OBJECTS_PERMISSION_LEVELS
+  enum permission_level: Extends::SHARED_OBJECTS_PERMISSION_LEVELS.except(:not_shared)
+
 
   after_create :assign_shared_inventories, if: -> { shared_object.is_a?(Repository) }
   before_destroy :unassign_unshared_items, if: -> { shared_object.is_a?(Repository) }
@@ -20,6 +21,7 @@ class TeamSharedObject < ApplicationRecord
   validates :permission_level, presence: true
   validates :shared_object_type, uniqueness: { scope: %i(shared_object_id team_id) }
   validate :team_cannot_be_the_same
+  validate :not_globally_shared, if: -> { shared_object.is_a?(Repository) }
 
   private
 
@@ -27,6 +29,10 @@ class TeamSharedObject < ApplicationRecord
     errors.add(:team_id, :same_team) if shared_object.team.id == team_id
   end
 
+  def not_globally_shared
+    errors.add(:shared_object_id, :is_globally_shared) if shared_object.globally_shared?
+  end
+  
   def assign_shared_inventories
     viewer_role = UserRole.find_by(name: UserRole.public_send('viewer_role').name)
     normal_user_role = UserRole.find_by(name: UserRole.public_send('normal_user_role').name)

app/models/user_assignment.rb

@@ -28,6 +28,14 @@ class UserAssignment < ApplicationRecord
         assignable: team_shared_repository.shared_object
       )
     end
+
+    Repository.globally_shared.find_each do |repository|
+      assignable.repository_sharing_user_assignments.create!(
+        user: user,
+        user_role: repository.shared_write? ? normal_user_role : viewer_role,
+        assignable: repository
+      )
+    end
   end
 
   def unassign_shared_inventories

config/initializers/extends.rb

@@ -410,6 +410,7 @@ class Extends
   }.freeze
 
   SHARED_OBJECTS_PERMISSION_LEVELS = {
+    not_shared: 0,
     shared_read: 1,
     shared_write: 2
   }.freeze

config/locales/en.yml

@@ -125,10 +125,12 @@ en:
               not_unique: "State already exists for this user and parent object"
             state:
               wrong_state: "Wrong parameters"
-        team_repository:
+        team_shared_object:
           attributes:
             team_id:
               same_team: "Inventory can't be shared to the same team as it belongs to"
+            shared_object_id:
+              is_globally_shared: "Inventory is already globally shared"
         my_module:
           attributes:
             my_module_status_id:

db/migrate/20220624091046_migrate_shared_repositories_to_user_assignments.rb

@@ -29,6 +29,25 @@ class MigrateSharedRepositoriesToUserAssignments < ActiveRecord::Migration[6.1]
         end
         UserAssignment.import(user_assignments)
       end
+
+      Repository.globally_shared.find_each do |repository|
+        user_role = if repository.shared_read?
+                      viewer_role
+                    elsif repository.shared_write?
+                      normal_user_role
+                    end
+
+        Team.where.not(id: repository.team.id).find_each do |team|
+          team.users.find_in_batches(batch_size: 100) do |users_batch|
+            user_assignments = []
+            users_batch.each do |user|
+              user_assignments << UserAssignment.new(user: user, assignable: repository,
+                                                     user_role: user_role, team: team)
+            end
+            UserAssignment.import(user_assignments)
+          end
+        end
+      end
     end
 
     remove_index :repositories, :permission_level