summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-06-14 14:43:45 +0200
committerKamil Trzcinski <ayufan@ayufan.eu>2016-06-14 14:43:45 +0200
commitbb6f246790fb3a6b85ab2fd9341566557da64a23 (patch)
treef215918327d82cc629f8faba6deeebffef92cb3e
parente129f66d9e597f43f7a85243ddedf3de0fc4946a (diff)
downloadgitlab-ce-bb6f246790fb3a6b85ab2fd9341566557da64a23.tar.gz
Authorize environments controller actions
-rw-r--r--app/controllers/projects/environments_controller.rb2
-rw-r--r--app/views/projects/environments/new.html.haml2
-rw-r--r--app/views/projects/environments/show.html.haml3
-rw-r--r--spec/features/security/project/public_access_spec.rb43
4 files changed, 48 insertions, 2 deletions
diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb
index c6a9a0a403a..4f8dadd6adf 100644
--- a/app/controllers/projects/environments_controller.rb
+++ b/app/controllers/projects/environments_controller.rb
@@ -1,6 +1,8 @@
class Projects::EnvironmentsController < Projects::ApplicationController
layout 'project'
before_action :authorize_read_environment!
+ before_action :authorize_create_environment!, only: [:new, :create]
+ before_action :authorize_update_environment!, only: [:destroy]
before_action :environment, only: [:show, :destroy]
def index
diff --git a/app/views/projects/environments/new.html.haml b/app/views/projects/environments/new.html.haml
index c7abac6e49f..ade41d9de2d 100644
--- a/app/views/projects/environments/new.html.haml
+++ b/app/views/projects/environments/new.html.haml
@@ -9,7 +9,7 @@
= form_for @environment, url: namespace_project_environments_path(@project.namespace, @project), html: { id: "new-environment-form", class: "col-lg-9 js-new-environment-form js-requires-input" } do |f|
= form_errors(@environment)
.form-group
- = f.label :ref, 'Environment name', class: 'label-light'
+ = f.label :name, 'Environment name', class: 'label-light'
= f.text_field :name, required: true, class: 'form-control'
= f.submit 'Create environment', class: 'btn btn-create'
= link_to "Cancel", namespace_project_environments_path(@project.namespace, @project), class: "btn btn-cancel"
diff --git a/app/views/projects/environments/show.html.haml b/app/views/projects/environments/show.html.haml
index f5e30d75b42..1d39bef9427 100644
--- a/app/views/projects/environments/show.html.haml
+++ b/app/views/projects/environments/show.html.haml
@@ -9,7 +9,8 @@
.col-md-3
.nav-controls
- = link_to 'Destroy', namespace_project_environment_path(@project.namespace, @project, @environment), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :delete
+ - if can?(current_user, :update_environment, @project)
+ = link_to 'Destroy', namespace_project_environment_path(@project.namespace, @project, @environment), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :delete
- if @deployments.blank?
%ul.content-list
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index c5f741709ad..f6c6687e162 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -175,6 +175,49 @@ describe "Public Project Access", feature: true do
end
end
+ describe "GET /:project_path/environments" do
+ subject { namespace_project_environments_path(project.namespace, project) }
+
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for owner }
+ it { is_expected.to be_allowed_for master }
+ it { is_expected.to be_allowed_for developer }
+ it { is_expected.to be_allowed_for reporter }
+ it { is_expected.to be_denied_for guest }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :external }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ describe "GET /:project_path/environments/:id" do
+ let(:environment) { create(:environment, project: project) }
+ subject { namespace_project_environments_path(project.namespace, project, environment) }
+
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for owner }
+ it { is_expected.to be_allowed_for master }
+ it { is_expected.to be_allowed_for developer }
+ it { is_expected.to be_allowed_for reporter }
+ it { is_expected.to be_denied_for guest }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :external }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ describe "GET /:project_path/environments/new" do
+ subject { new_namespace_project_environment_path(project.namespace, project) }
+
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for owner }
+ it { is_expected.to be_allowed_for master }
+ it { is_expected.to be_allowed_for developer }
+ it { is_expected.to be_denied_for reporter }
+ it { is_expected.to be_denied_for guest }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :external }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
describe "GET /:project_path/blob" do
let(:commit) { project.repository.commit }