diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-05-01 13:38:57 +0200 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-05-01 13:38:57 +0200 |
commit | 6baaa8a98e10ff93ba3f481052bb68fdafb6e2c1 (patch) | |
tree | 6b595de63b26a823d63d0d1d5a7089bf68fe9bd7 | |
parent | 52bfc0efa95f991f17618aa049f799f4e44e13ac (diff) | |
download | gitlab-ce-6baaa8a98e10ff93ba3f481052bb68fdafb6e2c1.tar.gz |
Add new ability check for stopping environment
-rw-r--r-- | app/policies/environment_policy.rb | 13 | ||||
-rw-r--r-- | app/services/ci/stop_environments_service.rb | 9 | ||||
-rw-r--r-- | spec/policies/environment_policy_spec.rb | 57 |
3 files changed, 71 insertions, 8 deletions
diff --git a/app/policies/environment_policy.rb b/app/policies/environment_policy.rb index f4219569161..0b976e5664d 100644 --- a/app/policies/environment_policy.rb +++ b/app/policies/environment_policy.rb @@ -1,5 +1,16 @@ class EnvironmentPolicy < BasePolicy + + alias_method :environment, :subject + def rules - delegate! @subject.project + delegate! environment.project + + if environment.stop_action? + delegate! environment.stop_action + end + + if can?(:create_deployment) && can?(:play_build) + can! :stop_environment + end end end diff --git a/app/services/ci/stop_environments_service.rb b/app/services/ci/stop_environments_service.rb index bd9735fc0ac..43c9a065fcf 100644 --- a/app/services/ci/stop_environments_service.rb +++ b/app/services/ci/stop_environments_service.rb @@ -5,12 +5,11 @@ module Ci def execute(branch_name) @ref = branch_name - return unless has_ref? - return unless can?(current_user, :create_deployment, project) + return unless @ref.present? environments.each do |environment| next unless environment.stop_action? - next unless can?(current_user, :play_build, environment.stop_action) + next unless can?(current_user, :stop_environment, environment) environment.stop_with_action!(current_user) end @@ -18,10 +17,6 @@ module Ci private - def has_ref? - @ref.present? - end - def environments @environments ||= EnvironmentsFinder .new(project, current_user, ref: @ref, recently_updated: true) diff --git a/spec/policies/environment_policy_spec.rb b/spec/policies/environment_policy_spec.rb new file mode 100644 index 00000000000..f43caffa946 --- /dev/null +++ b/spec/policies/environment_policy_spec.rb @@ -0,0 +1,57 @@ +require 'spec_helper' + +describe Ci::EnvironmentPolicy do + let(:user) { create(:user) } + let(:project) { create(:project) } + + let(:environment) do + create(:environment, :with_review_app, project: project) + end + + let(:policies) do + described_class.abilities(user, environment).to_set + end + + describe '#rules' do + context 'when user does not have access to the project' do + let(:project) { create(:project, :private) } + + it 'does not include ability to stop environment' do + expect(policies).not_to include :stop_environment + end + end + + context 'when anonymous user has access to the project' do + let(:project) { create(:project, :public) } + + it 'does not include ability to stop environment' do + expect(policies).not_to include :stop_environment + end + end + + context 'when team member has access to the project' do + let(:project) { create(:project, :public) } + + before do + project.add_master(user) + end + + context 'when team member has ability to stop environment' do + it 'does includes ability to stop environment' do + expect(policies).to include :stop_environment + end + end + + context 'when team member has no ability to stop environment' do + before do + create(:protected_branch, :no_one_can_push, + name: 'master', project: project) + end + + it 'does not include ability to stop environment' do + expect(policies).not_to include :stop_environment + end + end + end + end +end |