Only fetch projects with min access level

marge/bot.py

@@ -91,7 +91,7 @@ def _process_projects(
         for project in projects:
             project_name = project.path_with_namespace
 
-            if project.access_level.value < AccessLevel.reporter.value:
+            if project.access_level < AccessLevel.reporter:
                 log.warning("Don't have enough permissions to browse merge requests in %s!", project_name)
                 continue
             merge_requests = self._get_merge_requests(project, project_name)

marge/project.py

@@ -1,5 +1,5 @@
 import logging as log
-from enum import Enum, unique
+from enum import IntEnum, unique
 from functools import partial
 
 from . import gitlab
@@ -27,9 +27,17 @@ def filter_by_path_with_namespace(projects):
 
     @classmethod
     def fetch_all_mine(cls, api):
+        projects_kwargs = {'membership': True, 'with_merge_requests_enabled': True}
+
+        # GitLab has an issue where projects may not show appropriate permissions in nested groups. Using
+        # `min_access_level` is known to provide the correct projects, so we'll prefer this method
+        # if it's available. See #156 for more details.
+        if api.version().release >= (11, 2):
+            projects_kwargs["min_access_level"] = int(AccessLevel.developer)
+
         projects_info = api.collect_all_pages(GET(
             '/projects',
-            {'membership': True, 'with_merge_requests_enabled': True},
+            projects_kwargs,
         ))
 
         def project_seems_ok(project_info):
@@ -43,7 +51,11 @@ def project_seems_ok(project_info):
 
             return permissions_ok
 
-        return [cls(api, project_info) for project_info in projects_info if project_seems_ok(project_info)]
+        return [
+            cls(api, project_info)
+            for project_info in projects_info
+            if "min_access_level" in projects_kwargs or project_seems_ok(project_info)
+        ]
 
     @property
     def path_with_namespace(self):
@@ -78,7 +90,7 @@ def access_level(self):
 
 
 @unique
-class AccessLevel(Enum):
+class AccessLevel(IntEnum):
     # See https://docs.gitlab.com/ce/api/access_requests.html
     guest = 10
     reporter = 20

tests/test_project.py

@@ -1,7 +1,7 @@
 from unittest.mock import Mock
 import pytest
 
-from marge.gitlab import Api, GET
+from marge.gitlab import Api, GET, Version
 from marge.project import AccessLevel, Project
 
 
@@ -67,12 +67,10 @@ def test_fetch_all_mine(self):
 
         api = self.api
         api.collect_all_pages = Mock(return_value=[prj1, prj2])
+        api.version = Mock(return_value=Version.parse("11.2.0-ee"))
 
         result = Project.fetch_all_mine(api)
-        api.collect_all_pages.assert_called_once_with(GET(
-            '/projects',
-            {'membership': True, 'with_merge_requests_enabled': True},
-        ))
+        api.collect_all_pages.assert_called_once()
         assert [prj.info for prj in result] == [prj1, prj2]
 
     def test_properties(self):