diff options
| author | Alexis Reigel <mail@koffeinfrei.org> | 2017-09-25 15:28:49 +0200 |
|---|---|---|
| committer | Alexis Reigel <alexis.reigel.ext@siemens.com> | 2018-04-23 09:21:43 +0200 |
| commit | d0842d20758e2f33d44b41a250d361853abe47f4 (patch) | |
| tree | 7cb89ea266cc5126e696eee3437e8147031d7dcd | |
| parent | 4b1b2f3b104df455d5d3265adca92dd09e079ee9 (diff) | |
| download | gitlab-ce-d0842d20758e2f33d44b41a250d361853abe47f4.tar.gz | |
disallow group runners to become project runners
| -rw-r--r-- | lib/api/runners.rb | 1 | ||||
| -rw-r--r-- | spec/requests/api/runners_spec.rb | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/lib/api/runners.rb b/lib/api/runners.rb index ef4ec3f4800..84d33879c38 100644 --- a/lib/api/runners.rb +++ b/lib/api/runners.rb @@ -206,6 +206,7 @@ module API def authenticate_enable_runner!(runner) forbidden!("Runner is shared") if runner.is_shared? forbidden!("Runner is locked") if runner.locked? + forbidden!("Runner is a group runner") if runner.group? return if current_user.admin? forbidden!("No access granted") unless user_can_access_runner?(runner) diff --git a/spec/requests/api/runners_spec.rb b/spec/requests/api/runners_spec.rb index 5a2d607960e..ab807e399a4 100644 --- a/spec/requests/api/runners_spec.rb +++ b/spec/requests/api/runners_spec.rb @@ -658,6 +658,12 @@ describe API::Runners do expect(response).to have_gitlab_http_status(403) end + it 'does not enable group runner' do + post api("/projects/#{project.id}/runners", user), runner_id: group_runner.id + + expect(response).to have_http_status(403) + end + context 'user is admin' do it 'enables any specific runner' do expect do |