diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-11-02 21:50:44 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-11-04 18:17:38 +0100 |
| commit | 55289c10adbe1570235d9d54a7ecd94c0c58efe5 (patch) | |
| tree | 9e7c1b932f0a6e1a768089a833d619350a0b0886 /spec/models | |
| parent | 4b5489e5e98006285c041661a1255510f47db3cf (diff) | |
| download | gitlab-ce-55289c10adbe1570235d9d54a7ecd94c0c58efe5.tar.gz | |
Merge branch 'fix-unathorized-cloning' into 'security'
Ensure external users are not able to clone disabled repositories.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788
See merge request !2017
Diffstat (limited to 'spec/models')
| -rw-r--r-- | spec/models/guest_spec.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/models/guest_spec.rb b/spec/models/guest_spec.rb new file mode 100644 index 00000000000..d79f929f7a1 --- /dev/null +++ b/spec/models/guest_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +describe Guest, lib: true do + let(:public_project) { create(:project, :public) } + let(:private_project) { create(:project, :private) } + let(:internal_project) { create(:project, :internal) } + + describe '.can_pull?' do + context 'when project is private' do + it 'does not allow to pull the repo' do + expect(Guest.can?(:download_code, private_project)).to eq(false) + end + end + + context 'when project is internal' do + it 'does not allow to pull the repo' do + expect(Guest.can?(:download_code, internal_project)).to eq(false) + end + end + + context 'when project is public' do + context 'when repository is disabled' do + it 'does not allow to pull the repo' do + public_project.project_feature.update_attribute(:repository_access_level, ProjectFeature::DISABLED) + + expect(Guest.can?(:download_code, public_project)).to eq(false) + end + end + + context 'when repository is accessible only by team members' do + it 'does not allow to pull the repo' do + public_project.project_feature.update_attribute(:repository_access_level, ProjectFeature::PRIVATE) + + expect(Guest.can?(:download_code, public_project)).to eq(false) + end + end + + context 'when repository is enabled' do + it 'allows to pull the repo' do + public_project.project_feature.update_attribute(:repository_access_level, ProjectFeature::ENABLED) + + expect(Guest.can?(:download_code, public_project)).to eq(true) + end + end + end + end +end |