diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 18:09:54 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 18:09:54 +0000 |
commit | f697dc5e76dfc5894df006d53b2b7e751653cf05 (patch) | |
tree | 1387cd225039e611f3683f96b318bb17d4c422cb /spec/controllers | |
parent | 874ead9c3a50de4c4ca4551eaf5b7eb976d26b50 (diff) | |
download | gitlab-ce-f697dc5e76dfc5894df006d53b2b7e751653cf05.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/controllers')
12 files changed, 218 insertions, 69 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 4a3d591e94d..2a913069acc 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -748,7 +748,7 @@ describe ApplicationController do end end - describe '#current_user_mode', :do_not_mock_admin_mode do + describe '#current_user_mode' do include_context 'custom session' controller(described_class) do diff --git a/spec/controllers/concerns/enforces_admin_authentication_spec.rb b/spec/controllers/concerns/enforces_admin_authentication_spec.rb index a8494543558..1809bb2d636 100644 --- a/spec/controllers/concerns/enforces_admin_authentication_spec.rb +++ b/spec/controllers/concerns/enforces_admin_authentication_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe EnforcesAdminAuthentication, :do_not_mock_admin_mode do +describe EnforcesAdminAuthentication do include AdminModeHelper let(:user) { create(:user) } diff --git a/spec/controllers/groups/settings/ci_cd_controller_spec.rb b/spec/controllers/groups/settings/ci_cd_controller_spec.rb index b5154f4f877..b2ae16e0ee6 100644 --- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb +++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb @@ -180,32 +180,38 @@ describe Groups::Settings::CiCdController do group.add_owner(user) end - it { is_expected.to redirect_to(group_settings_ci_cd_path) } + context 'when admin mode is disabled' do + it { is_expected.to have_gitlab_http_status(:not_found) } + end - context 'when service execution went wrong' do - let(:update_service) { double } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to redirect_to(group_settings_ci_cd_path) } - before do - allow(Groups::UpdateService).to receive(:new).and_return(update_service) - allow(update_service).to receive(:execute).and_return(false) - allow_any_instance_of(Group).to receive_message_chain(:errors, :full_messages) - .and_return(['Error 1']) + context 'when service execution went wrong' do + let(:update_service) { double } - subject - end + before do + allow(Groups::UpdateService).to receive(:new).and_return(update_service) + allow(update_service).to receive(:execute).and_return(false) + allow_any_instance_of(Group).to receive_message_chain(:errors, :full_messages) + .and_return(['Error 1']) - it 'returns a flash alert' do - expect(response).to set_flash[:alert] - .to eq("There was a problem updating the pipeline settings: [\"Error 1\"].") + subject + end + + it 'returns a flash alert' do + expect(response).to set_flash[:alert] + .to eq("There was a problem updating the pipeline settings: [\"Error 1\"].") + end end - end - context 'when service execution was successful' do - it 'returns a flash notice' do - subject + context 'when service execution was successful' do + it 'returns a flash notice' do + subject - expect(response).to set_flash[:notice] - .to eq('Pipeline settings was updated for the group') + expect(response).to set_flash[:notice] + .to eq('Pipeline settings was updated for the group') + end end end end diff --git a/spec/controllers/projects/clusters/applications_controller_spec.rb b/spec/controllers/projects/clusters/applications_controller_spec.rb index 8dcbf575627..6de3593be28 100644 --- a/spec/controllers/projects/clusters/applications_controller_spec.rb +++ b/spec/controllers/projects/clusters/applications_controller_spec.rb @@ -10,7 +10,12 @@ describe Projects::Clusters::ApplicationsController do end shared_examples 'a secure endpoint' do - it { expect { subject }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { subject }.to be_allowed_for(:admin) + end + it 'is denied for admin when admin mode disabled' do + expect { subject }.to be_denied_for(:admin) + end it { expect { subject }.to be_allowed_for(:owner).of(project) } it { expect { subject }.to be_allowed_for(:maintainer).of(project) } it { expect { subject }.to be_denied_for(:developer).of(project) } diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb index a5683a27837..07733ec30d9 100644 --- a/spec/controllers/projects/clusters_controller_spec.rb +++ b/spec/controllers/projects/clusters_controller_spec.rb @@ -65,7 +65,12 @@ describe Projects::ClustersController do describe 'security' do let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) } - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -151,7 +156,12 @@ describe Projects::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -240,7 +250,12 @@ describe Projects::ClustersController do allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil) end - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -346,7 +361,12 @@ describe Projects::ClustersController do stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace') end - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -414,7 +434,12 @@ describe Projects::ClustersController do allow(WaitForClusterCreationWorker).to receive(:perform_in) end - it { expect { post_create_aws }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { post_create_aws }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { post_create_aws }.to be_denied_for(:admin) + end it { expect { post_create_aws }.to be_allowed_for(:owner).of(project) } it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(project) } it { expect { post_create_aws }.to be_denied_for(:developer).of(project) } @@ -469,7 +494,12 @@ describe Projects::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -501,7 +531,12 @@ describe Projects::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -541,7 +576,12 @@ describe Projects::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -574,7 +614,12 @@ describe Projects::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -677,7 +722,12 @@ describe Projects::ClustersController do describe 'security' do let_it_be(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) } - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -746,7 +796,12 @@ describe Projects::ClustersController do describe 'security' do let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) } - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is disabled for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } diff --git a/spec/controllers/projects/deploy_keys_controller_spec.rb b/spec/controllers/projects/deploy_keys_controller_spec.rb index a97f9ebf36b..a6bbe6bd012 100644 --- a/spec/controllers/projects/deploy_keys_controller_spec.rb +++ b/spec/controllers/projects/deploy_keys_controller_spec.rb @@ -163,7 +163,7 @@ describe Projects::DeployKeysController do end end - context 'with admin' do + context 'with admin', :enable_admin_mode do before do sign_in(admin) end @@ -228,7 +228,7 @@ describe Projects::DeployKeysController do end end - context 'with admin' do + context 'with admin', :enable_admin_mode do before do sign_in(admin) end @@ -284,7 +284,7 @@ describe Projects::DeployKeysController do end end - context 'with admin' do + context 'with admin', :enable_admin_mode do before do sign_in(admin) end @@ -311,8 +311,16 @@ describe Projects::DeployKeysController do context 'public deploy key attached to project' do let(:extra_params) { deploy_key_params('updated title', '1') } - it 'updates the title of the deploy key' do - expect { subject }.to change { deploy_key.reload.title }.to('updated title') + context 'admin mode disabled' do + it 'does not update the title of the deploy key' do + expect { subject }.not_to change { deploy_key.reload.title } + end + end + + context 'admin mode enabled', :enable_admin_mode do + it 'updates the title of the deploy key' do + expect { subject }.to change { deploy_key.reload.title }.to('updated title') + end end it 'updates can_push of deploy_keys_project' do diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index fdc8fe5f082..9526e14a748 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -586,12 +586,23 @@ describe Projects::IssuesController do expect(assigns(:issues)).to include request_forgery_timing_attack end - it 'lists confidential issues for admin' do - sign_in(admin) - get_issues + context 'when admin mode is enabled', :enable_admin_mode do + it 'lists confidential issues for admin' do + sign_in(admin) + get_issues - expect(assigns(:issues)).to include unescaped_parameter_value - expect(assigns(:issues)).to include request_forgery_timing_attack + expect(assigns(:issues)).to include unescaped_parameter_value + expect(assigns(:issues)).to include request_forgery_timing_attack + end + end + + context 'when admin mode is disabled' do + it 'does not list confidential issues for admin' do + sign_in(admin) + get_issues + + expect(assigns(:issues)).to eq [issue] + end end def get_issues @@ -648,11 +659,22 @@ describe Projects::IssuesController do expect(response).to have_gitlab_http_status http_status[:success] end - it "returns #{http_status[:success]} for admin" do - sign_in(admin) - go(id: unescaped_parameter_value.to_param) + context 'when admin mode is enabled', :enable_admin_mode do + it "returns #{http_status[:success]} for admin" do + sign_in(admin) + go(id: unescaped_parameter_value.to_param) - expect(response).to have_gitlab_http_status http_status[:success] + expect(response).to have_gitlab_http_status http_status[:success] + end + end + + context 'when admin mode is disabled' do + xit 'returns 404 for admin' do + sign_in(admin) + go(id: unescaped_parameter_value.to_param) + + expect(response).to have_gitlab_http_status :not_found + end end end diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb index 0071e6c8a19..ef1253edda5 100644 --- a/spec/controllers/projects/jobs_controller_spec.rb +++ b/spec/controllers/projects/jobs_controller_spec.rb @@ -391,10 +391,20 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do sign_in(user) end - it 'settings_path is available' do - expect(response).to have_gitlab_http_status(:ok) - expect(response).to match_response_schema('job/job_details') - expect(json_response['runners']['settings_path']).to match(/runners/) + context 'when admin mode is disabled' do + it 'settings_path is not available' do + expect(response).to have_gitlab_http_status(:ok) + expect(response).to match_response_schema('job/job_details') + expect(json_response['runners']).not_to have_key('settings_path') + end + end + + context 'when admin mode is enabled', :enable_admin_mode do + it 'settings_path is available' do + expect(response).to have_gitlab_http_status(:ok) + expect(response).to match_response_schema('job/job_details') + expect(json_response['runners']['settings_path']).to match(/runners/) + end end end end diff --git a/spec/controllers/projects/mirrors_controller_spec.rb b/spec/controllers/projects/mirrors_controller_spec.rb index 3579e4aa2cf..faeade0d737 100644 --- a/spec/controllers/projects/mirrors_controller_spec.rb +++ b/spec/controllers/projects/mirrors_controller_spec.rb @@ -39,12 +39,24 @@ describe Projects::MirrorsController do expect(response).to have_gitlab_http_status(:not_found) end - it 'allows requests from an admin user' do - user.update!(admin: true) - sign_in(user) + context 'when admin mode is enabled', :enable_admin_mode do + it 'allows requests from an admin user' do + user.update!(admin: true) + sign_in(user) - subject_action - expect(response).to redirect_to(project_settings_path) + subject_action + expect(response).to redirect_to(project_settings_path) + end + end + + context 'when admin mode is disabled' do + it 'disallows requests from an admin user' do + user.update!(admin: true) + sign_in(user) + + subject_action + expect(response).to have_gitlab_http_status(:not_found) + end end end end diff --git a/spec/controllers/projects/pipeline_schedules_controller_spec.rb b/spec/controllers/projects/pipeline_schedules_controller_spec.rb index 72b282429e9..635980ba93b 100644 --- a/spec/controllers/projects/pipeline_schedules_controller_spec.rb +++ b/spec/controllers/projects/pipeline_schedules_controller_spec.rb @@ -127,7 +127,12 @@ describe Projects::PipelineSchedulesController do describe 'security' do let(:schedule) { attributes_for(:ci_pipeline_schedule) } - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is denied for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:developer).of(project) } @@ -279,7 +284,12 @@ describe Projects::PipelineSchedulesController do describe 'security' do let(:schedule) { { description: 'updated_desc' } } - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is denied for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) } @@ -343,7 +353,12 @@ describe Projects::PipelineSchedulesController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is denied for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) } @@ -361,7 +376,12 @@ describe Projects::PipelineSchedulesController do describe 'GET #take_ownership' do describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it 'is allowed for admin when admin mode enabled', :enable_admin_mode do + expect { go }.to be_allowed_for(:admin) + end + it 'is denied for admin when admin mode disabled' do + expect { go }.to be_denied_for(:admin) + end it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) } diff --git a/spec/controllers/projects/settings/ci_cd_controller_spec.rb b/spec/controllers/projects/settings/ci_cd_controller_spec.rb index 3684a1bb8d8..0facef85985 100644 --- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb +++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb @@ -245,11 +245,22 @@ describe Projects::Settings::CiCdController do context 'and user is an admin' do let(:user) { create(:admin) } - it 'sets max_artifacts_size' do - subject + context 'with admin mode disabled' do + it 'does not set max_artifacts_size' do + subject - project.reload - expect(project.max_artifacts_size).to eq(10) + project.reload + expect(project.max_artifacts_size).to be_nil + end + end + + context 'with admin mode enabled', :enable_admin_mode do + it 'sets max_artifacts_size' do + subject + + project.reload + expect(project.max_artifacts_size).to eq(10) + end end end end diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index d0e0dabc9f2..fc3efc8e805 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -362,7 +362,7 @@ describe ProjectsController do end describe 'GET edit' do - it 'allows an admin user to access the page' do + it 'allows an admin user to access the page', :enable_admin_mode do sign_in(create(:user, :admin)) get :edit, @@ -531,7 +531,7 @@ describe ProjectsController do end end - describe "#update" do + describe "#update", :enable_admin_mode do render_views let(:admin) { create(:admin) } @@ -672,7 +672,7 @@ describe ProjectsController do end end - describe '#transfer' do + describe '#transfer', :enable_admin_mode do render_views let(:project) { create(:project, :repository) } @@ -720,7 +720,7 @@ describe ProjectsController do end end - describe "#destroy" do + describe "#destroy", :enable_admin_mode do let(:admin) { create(:admin) } it "redirects to the dashboard", :sidekiq_might_not_need_inline do @@ -1094,7 +1094,7 @@ describe ProjectsController do end end - context 'for a DELETE request' do + context 'for a DELETE request', :enable_admin_mode do before do sign_in(create(:admin)) end |