diff options
author | Marius Bobin <mbobin@gitlab.com> | 2019-08-14 17:36:33 +0300 |
---|---|---|
committer | Marius Bobin <mbobin@gitlab.com> | 2019-08-22 11:39:51 +0300 |
commit | 1587b6aed9aa1555c612ae674e94231726537ecb (patch) | |
tree | 47967982b461534c9c54280b136d7d23c92a876c | |
parent | 7b5708d1d944547dfea9bc8b6b8e1c6c6e22901b (diff) | |
download | gitlab-ce-1587b6aed9aa1555c612ae674e94231726537ecb.tar.gz |
Read pipelines from public projects though API
Allow users to read pipelines for public projects
with public builds enabled without providing an access token.
-rw-r--r-- | lib/api/pipelines.rb | 3 | ||||
-rw-r--r-- | spec/requests/api/pipelines_spec.rb | 49 |
2 files changed, 51 insertions, 1 deletions
diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb index 667bf1ec801..9e888368e7b 100644 --- a/lib/api/pipelines.rb +++ b/lib/api/pipelines.rb @@ -4,7 +4,7 @@ module API class Pipelines < Grape::API include PaginationParams - before { authenticate! } + before { authenticate_non_get! } params do requires :id, type: String, desc: 'The project ID' @@ -32,6 +32,7 @@ module API end get ':id/pipelines' do authorize! :read_pipeline, user_project + authorize! :read_build, user_project pipelines = PipelinesFinder.new(user_project, current_user, params).execute present paginate(pipelines), with: Entities::PipelineBasic diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb index 35b3dd219f7..c87ab433e1e 100644 --- a/spec/requests/api/pipelines_spec.rb +++ b/spec/requests/api/pipelines_spec.rb @@ -285,6 +285,55 @@ describe API::Pipelines do expect(json_response).not_to be_an Array end end + + context 'projects with public visibility' do + let(:visibility) { 'public' } + let(:project) { create(:project, :repository, creator: user, visibility: visibility, public_builds: public_builds) } + + context 'with public builds' do + let(:public_builds) { true } + + context 'with non assigned user' do + it 'does return project pipelines' do + get api("/projects/#{project.id}/pipelines", non_member) + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to be_an Array + end + end + + context 'without any user' do + it 'does return project pipelines' do + get api("/projects/#{project.id}/pipelines") + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to be_an Array + end + end + end + + context 'without public builds' do + let(:public_builds) { false } + + context 'with non assigned user' do + it 'does return project pipelines' do + get api("/projects/#{project.id}/pipelines", non_member) + + expect(response).to have_gitlab_http_status(403) + expect(json_response).not_to be_an Array + end + end + + context 'without any user' do + it 'does return project pipelines' do + get api("/projects/#{project.id}/pipelines") + + expect(response).to have_gitlab_http_status(403) + expect(json_response).not_to be_an Array + end + end + end + end end describe 'POST /projects/:id/pipeline ' do |