summaryrefslogtreecommitdiff
path: root/spec/requests/api/builds_spec.rb
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-02-08 20:22:10 +0100
committerKamil Trzcinski <ayufan@ayufan.eu>2016-02-08 20:27:24 +0100
commit447f1e30db384ef28e00c84bef0ba92f8e982656 (patch)
tree852b11e43e42faff93afadd021637e0eba7e22b1 /spec/requests/api/builds_spec.rb
parent07556b561ead98741256de1c918f311d93566840 (diff)
downloadgitlab-ce-447f1e30db384ef28e00c84bef0ba92f8e982656.tar.gz
Limit guest access builds
This solves https://dev.gitlab.org/gitlab/gitlabhq/issues/2646 1. This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the status of a build, but doesn't allow to see a build details) - create_commit_status: allows to create a new commit status using API 2. I do make sure that the proper permissions are used in all places where the CI can be shown. 3. Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled. 4. Add CI setting: public_builds. 5. The artifacts specific permission are removed, since they are covered by `*_build`.
Diffstat (limited to 'spec/requests/api/builds_spec.rb')
-rw-r--r--spec/requests/api/builds_spec.rb8
1 files changed, 4 insertions, 4 deletions
diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb
index 8c9f5a382b7..6c07802db8b 100644
--- a/spec/requests/api/builds_spec.rb
+++ b/spec/requests/api/builds_spec.rb
@@ -113,7 +113,7 @@ describe API::API, api: true do
describe 'POST /projects/:id/builds/:build_id/cancel' do
context 'authorized user' do
- context 'user with :manage_builds persmission' do
+ context 'user with :update_build persmission' do
it 'should cancel running or pending build' do
post api("/projects/#{project.id}/builds/#{build.id}/cancel", user)
@@ -122,7 +122,7 @@ describe API::API, api: true do
end
end
- context 'user without :manage_builds permission' do
+ context 'user without :update_build permission' do
it 'should not cancel build' do
post api("/projects/#{project.id}/builds/#{build.id}/cancel", user2)
@@ -142,7 +142,7 @@ describe API::API, api: true do
describe 'POST /projects/:id/builds/:build_id/retry' do
context 'authorized user' do
- context 'user with :manage_builds persmission' do
+ context 'user with :update_build persmission' do
it 'should retry non-running build' do
post api("/projects/#{project.id}/builds/#{build_canceled.id}/retry", user)
@@ -152,7 +152,7 @@ describe API::API, api: true do
end
end
- context 'user without :manage_builds permission' do
+ context 'user without :update_build permission' do
it 'should not retry build' do
post api("/projects/#{project.id}/builds/#{build_canceled.id}/retry", user2)