Implemented star auth capabilities on docker registry to enable deletion of images

author: Maxime Visonneau <maxime.visonneau@gmail.com> 2017-05-23 23:45:01 +0200
committer: Lin Jen-Shin <godfat@godfat.org> 2017-08-02 17:09:54 +0800
commit: 1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c (patch)
tree: 09dbe6e4a0dfd31b26f6d4eb67ef0c0bef8103fa /spec/services/auth
parent: a210ddaa1bee5222320108a654e52f4f4c26df05 (diff)
download: gitlab-ce-1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c.tar.gz
1 files changed, 28 insertions, 6 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 7f704629bfa..a19ac911315 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -163,7 +163,9 @@ describe Auth::ContainerRegistryAuthenticationService do
       end
 
       context 'disallow reporter to delete images' do
-        before { project.team << [current_user, :reporter] }
+        before do
+          project.add_reporter(current_user)
+        end
 
         let(:current_params) do
           { scope: "repository:#{project.path_with_namespace}:*" }
@@ -230,6 +232,14 @@ describe Auth::ContainerRegistryAuthenticationService do
         it_behaves_like 'not a container repository factory'
       end
 
+      context 'disallow anyone to delete images' do
+        let(:current_params) do
+          { scope: "repository:#{project.path_with_namespace}:*" }
+        end
+
+        it_behaves_like 'an inaccessible'
+      end
+
       context 'when repository name is invalid' do
         let(:current_params) do
           { scope: 'repository:invalid:push' }
@@ -280,13 +290,25 @@ describe Auth::ContainerRegistryAuthenticationService do
       end
 
       context 'for external user' do
-        let(:current_user) { create(:user, external: true) }
-        let(:current_params) do
-          { scope: "repository:#{project.full_path}:pull,push,*" }
+        context 'disallow anyone to pull or push images' do
+          let(:current_user) { create(:user, external: true) }
+          let(:current_params) do
+            { scope: "repository:#{project.path_with_namespace}:pull,push" }
+          end
+
+          it_behaves_like 'an inaccessible'
+          it_behaves_like 'not a container repository factory'
         end
 
-        it_behaves_like 'an inaccessible'
-        it_behaves_like 'not a container repository factory'
+        context 'disallow anyone to delete images' do
+          let(:current_user) { create(:user, external: true) }
+          let(:current_params) do
+            { scope: "repository:#{project.path_with_namespace}:*" }
+          end
+
+          it_behaves_like 'an inaccessible'
+          it_behaves_like 'not a container repository factory'
+        end
       end
     end
   end
author	Maxime Visonneau <maxime.visonneau@gmail.com>	2017-05-23 23:45:01 +0200
committer	Lin Jen-Shin <godfat@godfat.org>	2017-08-02 17:09:54 +0800
commit	1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c (patch)
tree	09dbe6e4a0dfd31b26f6d4eb67ef0c0bef8103fa /spec/services/auth
parent	a210ddaa1bee5222320108a654e52f4f4c26df05 (diff)
download	gitlab-ce-1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c.tar.gz