diff options
author | Francisco Javier López <fjlopez@gitlab.com> | 2019-09-10 13:30:03 +0200 |
---|---|---|
committer | Francisco Javier López <fjlopez@gitlab.com> | 2019-09-10 13:30:03 +0200 |
commit | ae5aa1100c7e11fa5109b6fb79247d2884aaaffe (patch) | |
tree | 059223df43e8fabf3da2ac48a65667836ffa693e | |
parent | 4e9a93a38d0bbc6940a54b484b5d902f2d481a4d (diff) | |
download | gitlab-ce-fj-14330-external-user-snippet-creation.tar.gz |
Added rule to prevent external users from creating project snippetfj-14330-external-user-snippet-creation
-rw-r--r-- | app/policies/project_snippet_policy.rb | 1 | ||||
-rw-r--r-- | spec/policies/personal_snippet_policy_spec.rb | 14 | ||||
-rw-r--r-- | spec/policies/project_snippet_policy_spec.rb | 3 |
3 files changed, 18 insertions, 0 deletions
diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb index e5e005cee6d..03af719e750 100644 --- a/app/policies/project_snippet_policy.rb +++ b/app/policies/project_snippet_policy.rb @@ -45,4 +45,5 @@ class ProjectSnippetPolicy < BasePolicy end rule { ~can?(:read_project_snippet) }.prevent :create_note + rule { external_user }.prevent :create_project_snippet end diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb index 097000ceb6a..8fcedef64c3 100644 --- a/spec/policies/personal_snippet_policy_spec.rb +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -43,6 +43,18 @@ describe PersonalSnippetPolicy do end end + context 'external user' do + subject { permissions(external_user) } + + it do + is_expected.to be_allowed(:read_personal_snippet) + is_expected.to be_disallowed(:create_personal_snippet) + is_expected.to be_allowed(:create_note) + is_expected.to be_allowed(:award_emoji) + is_expected.to be_disallowed(*author_permissions) + end + end + context 'author' do subject { permissions(snippet.author) } @@ -85,6 +97,7 @@ describe PersonalSnippetPolicy do it do is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:create_personal_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) @@ -144,6 +157,7 @@ describe PersonalSnippetPolicy do it do is_expected.to be_disallowed(:read_personal_snippet) + is_expected.to be_disallowed(:create_personal_snippet) is_expected.to be_disallowed(:create_note) is_expected.to be_disallowed(:award_emoji) is_expected.to be_disallowed(*author_permissions) diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb index 2e9ef1e89fd..fab654223f8 100644 --- a/spec/policies/project_snippet_policy_spec.rb +++ b/spec/policies/project_snippet_policy_spec.rb @@ -41,6 +41,7 @@ describe ProjectSnippetPolicy do it do expect_allowed(:read_project_snippet, :create_note) + expect_disallowed(:create_project_snippet) expect_disallowed(*author_permissions) end end @@ -72,6 +73,7 @@ describe ProjectSnippetPolicy do it do expect_disallowed(:read_project_snippet, :create_note) + expect_disallowed(:create_project_snippet) expect_disallowed(*author_permissions) end @@ -139,6 +141,7 @@ describe ProjectSnippetPolicy do it do expect_allowed(:read_project_snippet, :create_note) + expect_disallowed(:create_project_snippet) expect_disallowed(*author_permissions) end end |