diff options
| author | Agustin Henze <tin@redhat.com> | 2019-04-09 14:53:44 +0000 |
|---|---|---|
| committer | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-04-09 14:53:44 +0000 |
| commit | 20093f9de0b34da88a8b01ca94ee773685b16308 (patch) | |
| tree | 6418fff41e2f5deeb5f3839d90472b28c18cf942 /spec/policies | |
| parent | 67c330841271537eddad6fc938aa638d68f48a11 (diff) | |
| download | gitlab-ce-20093f9de0b34da88a8b01ca94ee773685b16308.tar.gz | |
Add new permission model `read-pipeline-variable`
Used to get the variables via the API endpoint
`/projects/:id/pipelines/:pipeline_id/variables`
Signed-off-by: Agustin Henze <tin@redhat.com>
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/ci/pipeline_policy_spec.rb | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb index 844d96017de..126d44d1860 100644 --- a/spec/policies/ci/pipeline_policy_spec.rb +++ b/spec/policies/ci/pipeline_policy_spec.rb @@ -100,5 +100,51 @@ describe Ci::PipelinePolicy, :models do end end end + + describe 'read_pipeline_variable' do + let(:project) { create(:project, :public) } + + context 'when user has owner access' do + let(:user) { project.owner } + + it 'is enabled' do + expect(policy).to be_allowed :read_pipeline_variable + end + end + + context 'when user is developer and the creator of the pipeline' do + let(:pipeline) { create(:ci_empty_pipeline, project: project, user: user) } + + before do + project.add_developer(user) + create(:protected_branch, :developers_can_merge, + name: pipeline.ref, project: project) + end + + it 'is enabled' do + expect(policy).to be_allowed :read_pipeline_variable + end + end + + context 'when user is developer and it is not the creator of the pipeline' do + let(:pipeline) { create(:ci_empty_pipeline, project: project, user: project.owner) } + + before do + project.add_developer(user) + create(:protected_branch, :developers_can_merge, + name: pipeline.ref, project: project) + end + + it 'is disabled' do + expect(policy).to be_disallowed :read_pipeline_variable + end + end + + context 'when user is not owner nor developer' do + it 'is disabled' do + expect(policy).not_to be_allowed :read_pipeline_variable + end + end + end end end |