diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-05 22:02:13 -0500 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-06 21:20:17 -0500 |
commit | c4f56a88029c1fe73bf6efb062b5f77a65282fed (patch) | |
tree | 890a869e8ce06a5438b38c8e9dca9529362cc2f4 /spec/lib/gitlab/git_access_spec.rb | |
parent | a475411f4380ef4d0260940206e2553da3b2f3ee (diff) | |
download | gitlab-ce-c4f56a88029c1fe73bf6efb062b5f77a65282fed.tar.gz |
Increase test suite around deploy tokens behavior
Also, fixes broken specs
Diffstat (limited to 'spec/lib/gitlab/git_access_spec.rb')
-rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index 000e9e86813..6c625596605 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -147,21 +147,29 @@ describe Gitlab::GitAccess do end context 'when actor is DeployToken' do - let(:project_deploy_token) { create(:project_deploy_token, project: project) } - let(:actor) { project_deploy_token.deploy_token } + let(:actor) { create(:deploy_token, projects: [project]) } context 'when DeployToken is active and belongs to project' do it 'allows pull access' do expect { pull_access_check }.not_to raise_error end + + it 'blocks the push' do + expect { push_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:upload]) + end end context 'when DeployToken does not belong to project' do - let(:actor) { create(:deploy_token) } + let(:another_project) { create(:project) } + let(:actor) { create(:deploy_token, projects: [another_project]) } it 'blocks pull access' do expect { pull_access_check }.to raise_not_found end + + it 'blocks the push' do + expect { push_access_check }.to raise_not_found + end end end end @@ -613,6 +621,41 @@ describe Gitlab::GitAccess do end end + describe 'deploy token permissions' do + let(:deploy_token) { create(:deploy_token) } + let(:actor) { deploy_token } + + context 'pull code' do + context 'when project is authorized' do + before do + deploy_token.projects << project + end + + it { expect { pull_access_check }.not_to raise_error } + end + + context 'when unauthorized' do + context 'from public project' do + let(:project) { create(:project, :public, :repository) } + + it { expect { pull_access_check }.not_to raise_error } + end + + context 'from internal project' do + let(:project) { create(:project, :internal, :repository) } + + it { expect { pull_access_check }.to raise_not_found } + end + + context 'from private project' do + let(:project) { create(:project, :private, :repository) } + + it { expect { pull_access_check }.to raise_not_found } + end + end + end + end + describe 'build authentication_abilities permissions' do let(:authentication_abilities) { build_authentication_abilities } |