summaryrefslogtreecommitdiff
path: root/spec/services/auth
diff options
context:
space:
mode:
authorGiorgenes Gelatti <ggelatti@gitlab.com>2019-09-03 02:41:22 +0000
committerThong Kuah <tkuah@gitlab.com>2019-09-03 02:41:22 +0000
commitf5b2899422c8934339fd05ff94b2fdce0e812240 (patch)
tree7be7365b6f9749d49adcff3c57f5c9596f41027a /spec/services/auth
parent3feab2348f6045a0d30512bcac771650ac03c68c (diff)
downloadgitlab-ce-f5b2899422c8934339fd05ff94b2fdce0e812240.tar.gz
If user can push to docker then it can delete too
Extends the permission of $CI_REGISTRY_USER to allow them to delete tags in addition to just pushing. https://gitlab.com/gitlab-org/gitlab-ce/issues/40096
Diffstat (limited to 'spec/services/auth')
-rw-r--r--spec/services/auth/container_registry_authentication_service_spec.rb12
1 files changed, 6 insertions, 6 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 3ca389ba25b..2807b8c8c85 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -476,7 +476,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:current_user) { create(:user) }
let(:authentication_abilities) do
- [:build_read_container_image, :build_create_container_image]
+ [:build_read_container_image, :build_create_container_image, :build_destroy_container_image]
end
before do
@@ -507,19 +507,19 @@ describe Auth::ContainerRegistryAuthenticationService do
end
end
- context 'disallow to delete images' do
+ context 'allow to delete images since registry 2.7' do
let(:current_params) do
- { scopes: ["repository:#{current_project.full_path}:*"] }
+ { scopes: ["repository:#{current_project.full_path}:delete"] }
end
- it_behaves_like 'an inaccessible' do
+ it_behaves_like 'a deletable since registry 2.7' do
let(:project) { current_project }
end
end
- context 'disallow to delete images since registry 2.7' do
+ context 'disallow to delete images' do
let(:current_params) do
- { scopes: ["repository:#{current_project.full_path}:delete"] }
+ { scopes: ["repository:#{current_project.full_path}:*"] }
end
it_behaves_like 'an inaccessible' do