diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-08 20:22:10 +0100 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-08 20:27:24 +0100 |
commit | 447f1e30db384ef28e00c84bef0ba92f8e982656 (patch) | |
tree | 852b11e43e42faff93afadd021637e0eba7e22b1 /spec/requests/api/builds_spec.rb | |
parent | 07556b561ead98741256de1c918f311d93566840 (diff) | |
download | gitlab-ce-447f1e30db384ef28e00c84bef0ba92f8e982656.tar.gz |
Limit guest access builds
This solves https://dev.gitlab.org/gitlab/gitlabhq/issues/2646
1. This MR simplifies CI permission model:
- read_build: allows to read a list of builds, artifacts and trace
- update_build: allows to cancel and retry builds
- admin_build: allows to manage triggers, runners and variables
- read_commit_status: allows to read a list of commit statuses (including the status of a build, but doesn't allow to see a build details)
- create_commit_status: allows to create a new commit status using API
2. I do make sure that the proper permissions are used in all places where the CI can be shown.
3. Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled.
4. Add CI setting: public_builds.
5. The artifacts specific permission are removed, since they are covered by `*_build`.
Diffstat (limited to 'spec/requests/api/builds_spec.rb')
-rw-r--r-- | spec/requests/api/builds_spec.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb index 8c9f5a382b7..6c07802db8b 100644 --- a/spec/requests/api/builds_spec.rb +++ b/spec/requests/api/builds_spec.rb @@ -113,7 +113,7 @@ describe API::API, api: true do describe 'POST /projects/:id/builds/:build_id/cancel' do context 'authorized user' do - context 'user with :manage_builds persmission' do + context 'user with :update_build persmission' do it 'should cancel running or pending build' do post api("/projects/#{project.id}/builds/#{build.id}/cancel", user) @@ -122,7 +122,7 @@ describe API::API, api: true do end end - context 'user without :manage_builds permission' do + context 'user without :update_build permission' do it 'should not cancel build' do post api("/projects/#{project.id}/builds/#{build.id}/cancel", user2) @@ -142,7 +142,7 @@ describe API::API, api: true do describe 'POST /projects/:id/builds/:build_id/retry' do context 'authorized user' do - context 'user with :manage_builds persmission' do + context 'user with :update_build persmission' do it 'should retry non-running build' do post api("/projects/#{project.id}/builds/#{build_canceled.id}/retry", user) @@ -152,7 +152,7 @@ describe API::API, api: true do end end - context 'user without :manage_builds permission' do + context 'user without :update_build permission' do it 'should not retry build' do post api("/projects/#{project.id}/builds/#{build_canceled.id}/retry", user2) |