diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2019-08-22 16:06:41 +0000 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2019-08-22 16:06:41 +0000 |
commit | fdd5177ac3d85bedb7b28f71942d220c9a3edff7 (patch) | |
tree | 83a47024b73d6c0b6d1053ede6ae06cc3e9cb973 | |
parent | c1d315d4264e7fd5cad2af624a434db662186f93 (diff) | |
parent | a07efbdfd0ccb332df124b6c40287bdccb26fd89 (diff) | |
download | gitlab-ce-fdd5177ac3d85bedb7b28f71942d220c9a3edff7.tar.gz |
Merge branch 'ce-8631-archiving-a-project-should-create-an-audit-event' into 'master'
CE: Archiving a project should create an audit event
See merge request gitlab-org/gitlab-ce!32039
-rw-r--r-- | app/controllers/projects_controller.rb | 5 | ||||
-rw-r--r-- | doc/administration/audit_events.md | 2 | ||||
-rw-r--r-- | spec/controllers/projects_controller_spec.rb | 96 |
3 files changed, 99 insertions, 4 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index e04cbf10470..5f335de4d6b 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -29,6 +29,7 @@ class ProjectsController < Projects::ApplicationController # Authorize before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export] + before_action :authorize_archive_project!, only: [:archive, :unarchive] before_action :event_filter, only: [:show, :activity] layout :determine_layout @@ -164,8 +165,6 @@ class ProjectsController < Projects::ApplicationController end def archive - return access_denied! unless can?(current_user, :archive_project, @project) - ::Projects::UpdateService.new(@project, current_user, archived: true).execute respond_to do |format| @@ -174,8 +173,6 @@ class ProjectsController < Projects::ApplicationController end def unarchive - return access_denied! unless can?(current_user, :archive_project, @project) - ::Projects::UpdateService.new(@project, current_user, archived: false).execute respond_to do |format| diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index 02de2caf558..8075a40cae7 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -75,6 +75,8 @@ From there, you can see the following actions: - User was removed from project - Project export was downloaded - Project repository was downloaded +- Project was archived +- Project was unarchived ### Instance events **(PREMIUM ONLY)** diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 083a1c1383a..c732caa6160 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -318,6 +318,102 @@ describe ProjectsController do end end + describe 'POST #archive' do + let(:group) { create(:group) } + let(:project) { create(:project, group: group) } + + before do + sign_in(user) + end + + context 'for a user with the ability to archive a project' do + before do + group.add_owner(user) + + post :archive, params: { + namespace_id: project.namespace.path, + id: project.path + } + end + + it 'archives the project' do + expect(project.reload.archived?).to be_truthy + end + + it 'redirects to projects path' do + expect(response).to have_gitlab_http_status(302) + expect(response).to redirect_to(project_path(project)) + end + end + + context 'for a user that does not have the ability to archive a project' do + before do + project.add_maintainer(user) + + post :archive, params: { + namespace_id: project.namespace.path, + id: project.path + } + end + + it 'does not archive the project' do + expect(project.reload.archived?).to be_falsey + end + + it 'returns 404' do + expect(response).to have_gitlab_http_status(404) + end + end + end + + describe 'POST #unarchive' do + let(:group) { create(:group) } + let(:project) { create(:project, :archived, group: group) } + + before do + sign_in(user) + end + + context 'for a user with the ability to unarchive a project' do + before do + group.add_owner(user) + + post :unarchive, params: { + namespace_id: project.namespace.path, + id: project.path + } + end + + it 'unarchives the project' do + expect(project.reload.archived?).to be_falsey + end + + it 'redirects to projects path' do + expect(response).to have_gitlab_http_status(302) + expect(response).to redirect_to(project_path(project)) + end + end + + context 'for a user that does not have the ability to unarchive a project' do + before do + project.add_maintainer(user) + + post :unarchive, params: { + namespace_id: project.namespace.path, + id: project.path + } + end + + it 'does not unarchive the project' do + expect(project.reload.archived?).to be_truthy + end + + it 'returns 404' do + expect(response).to have_gitlab_http_status(404) + end + end + end + describe '#housekeeping' do let(:group) { create(:group) } let(:project) { create(:project, group: group) } |