diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-20 18:43:11 -0500 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-20 18:43:11 -0500 |
| commit | 4474eab4f6a17861a6ed494034bc68acb0724e3c (patch) | |
| tree | 6a7e5b671a2d6bcd1b6c4c0f9328013070d99456 | |
| parent | ec86644545c1c2567dfaacb6d53d150a5dfa28d6 (diff) | |
| download | gitlab-ce-4474eab4f6a17861a6ed494034bc68acb0724e3c.tar.gz | |
Fix container deletion permission issue
3 files changed, 14 insertions, 3 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 3144e96ba31..f807b8ec09a 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -20,7 +20,7 @@ module Auth token.issuer = registry.issuer token.audience = AUDIENCE token[:access] = names.map do |name| - { type: 'repository', name: name, actions: %w(pull push) } + { type: 'repository', name: name, actions: %w(*) } end token.encoded end diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml index 40957993b22..e1e762410f2 100644 --- a/app/views/projects/container_registry/index.html.haml +++ b/app/views/projects/container_registry/index.html.haml @@ -4,7 +4,7 @@ %hr %ul.content-list - .light.prepend-top-default + %li.light.prepend-top-default %p A 'container image' is a snapshot of a container. You can host your container images with GitLab. diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 6c9f56a4fba..73b8c3f048f 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do subject { described_class.new(current_project, current_user, current_params).execute } before do - stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil) + allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil) allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key) end @@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do it { is_expected.to_not include(:token) } end + describe '#full_access_token' do + let(:project) { create(:empty_project) } + let(:token) { described_class.full_access_token(project.path_with_namespace) } + + subject { { token: token } } + + it_behaves_like 'a accessible' do + let(:actions) { ['*'] } + end + end + context 'user authorization' do let(:project) { create(:project) } let(:current_user) { create(:user) } |