Add a spec for Gitlab::Auth when actor is a deploy key that can pushsh-fix-lfs-write-deploy-keys

Signed-off-by: Rémy Coutable <remy@rymai.me>

3 files changed, 28 insertions, 27 deletions

diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 3f981314c80..cbbc51db99e 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -218,9 +218,7 @@ module Gitlab
       end
 
       def full_authentication_abilities
-        read_authentication_abilities + [
-          :push_code,
-          :create_container_image,
+        read_write_authentication_abilities + [
           :admin_container_image
         ]
       end
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 265d88dddff..3164d2ebf04 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -353,9 +353,7 @@ describe Gitlab::Auth do
   end
 
   def full_authentication_abilities
-    read_authentication_abilities + [
-      :push_code,
-      :create_container_image,
+    read_write_authentication_abilities + [
       :admin_container_image
     ]
   end
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb
index 52e93e157f1..c597623bc4d 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -654,6 +654,20 @@ describe 'Git LFS API and storage' do
         }
       end
 
+      shared_examples 'pushes new LFS objects' do
+        let(:sample_size) { 150.megabytes }
+        let(:sample_oid) { '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897' }
+
+        it 'responds with upload hypermedia link' do
+          expect(response).to have_gitlab_http_status(200)
+          expect(json_response['objects']).to be_kind_of(Array)
+          expect(json_response['objects'].first['oid']).to eq(sample_oid)
+          expect(json_response['objects'].first['size']).to eq(sample_size)
+          expect(json_response['objects'].first['actions']['upload']['href']).to eq("#{Gitlab.config.gitlab.url}/#{project.full_path}.git/gitlab-lfs/objects/#{sample_oid}/#{sample_size}")
+          expect(json_response['objects'].first['actions']['upload']['header']).to eq('Authorization' => authorization)
+        end
+      end
+
       describe 'when request is authenticated' do
         describe 'when user has project push access' do
           let(:authorization) { authorize_user }
@@ -684,27 +698,7 @@ describe 'Git LFS API and storage' do
           end
 
           context 'when pushing a lfs object that does not exist' do
-            let(:body) do
-              {
-                'operation' => 'upload',
-                'objects' => [
-                  { 'oid' => '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897',
-                    'size' => 1575078 }
-                ]
-              }
-            end
-
-            it 'responds with status 200' do
-              expect(response).to have_gitlab_http_status(200)
-            end
-
-            it 'responds with upload hypermedia link' do
-              expect(json_response['objects']).to be_kind_of(Array)
-              expect(json_response['objects'].first['oid']).to eq("91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897")
-              expect(json_response['objects'].first['size']).to eq(1575078)
-              expect(json_response['objects'].first['actions']['upload']['href']).to eq("#{Gitlab.config.gitlab.url}/#{project.full_path}.git/gitlab-lfs/objects/91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897/1575078")
-              expect(json_response['objects'].first['actions']['upload']['header']).to eq('Authorization' => authorization)
-            end
+            it_behaves_like 'pushes new LFS objects'
           end
 
           context 'when pushing one new and one existing lfs object' do
@@ -785,6 +779,17 @@ describe 'Git LFS API and storage' do
             end
           end
         end
+
+        context 'when deploy key has project push access' do
+          let(:key) { create(:deploy_key, can_push: true) }
+          let(:authorization) { authorize_deploy_key }
+
+          let(:update_user_permissions) do
+            project.deploy_keys << key
+          end
+
+          it_behaves_like 'pushes new LFS objects'
+        end
       end
 
       context 'when user is not authenticated' do