diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-11-02 21:50:44 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-11-09 12:27:17 +0100 |
| commit | b0bf92140f469db90ef378fd42a6f65eee1d4633 (patch) | |
| tree | ef70b549ced2aca1b92a9f463014707b393c58b0 /spec/models/guest_spec.rb | |
| parent | a14ee68fe4815d2906ece670bcc333303fd3c816 (diff) | |
| download | gitlab-ce-b0bf92140f469db90ef378fd42a6f65eee1d4633.tar.gz | |
Merge branch 'fix-unathorized-cloning' into 'security'
Ensure external users are not able to clone disabled repositories.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788
See merge request !2017
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec/models/guest_spec.rb')
| -rw-r--r-- | spec/models/guest_spec.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/models/guest_spec.rb b/spec/models/guest_spec.rb new file mode 100644 index 00000000000..d79f929f7a1 --- /dev/null +++ b/spec/models/guest_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +describe Guest, lib: true do + let(:public_project) { create(:project, :public) } + let(:private_project) { create(:project, :private) } + let(:internal_project) { create(:project, :internal) } + + describe '.can_pull?' do + context 'when project is private' do + it 'does not allow to pull the repo' do + expect(Guest.can?(:download_code, private_project)).to eq(false) + end + end + + context 'when project is internal' do + it 'does not allow to pull the repo' do + expect(Guest.can?(:download_code, internal_project)).to eq(false) + end + end + + context 'when project is public' do + context 'when repository is disabled' do + it 'does not allow to pull the repo' do + public_project.project_feature.update_attribute(:repository_access_level, ProjectFeature::DISABLED) + + expect(Guest.can?(:download_code, public_project)).to eq(false) + end + end + + context 'when repository is accessible only by team members' do + it 'does not allow to pull the repo' do + public_project.project_feature.update_attribute(:repository_access_level, ProjectFeature::PRIVATE) + + expect(Guest.can?(:download_code, public_project)).to eq(false) + end + end + + context 'when repository is enabled' do + it 'allows to pull the repo' do + public_project.project_feature.update_attribute(:repository_access_level, ProjectFeature::ENABLED) + + expect(Guest.can?(:download_code, public_project)).to eq(true) + end + end + end + end +end |