diff options
| author | Lin Jen-Shin <godfat@godfat.org> | 2017-08-02 17:27:21 +0800 |
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2017-08-02 17:51:29 +0800 |
| commit | b3e058996c70aeae6f00cad7195bce421e02b39b (patch) | |
| tree | a6185dd806cf86d68f12e9a81ecbde8921bc2a8d /spec/services | |
| parent | 1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c (diff) | |
| download | gitlab-ce-b3e058996c70aeae6f00cad7195bce421e02b39b.tar.gz | |
Cleanup tests and add admin_container_image to
full_authentication_abilities. This is fine because
we're going to check with can?(..) anyway
Diffstat (limited to 'spec/services')
| -rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 54 |
1 files changed, 29 insertions, 25 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index a19ac911315..7ae7f4688a2 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -8,7 +8,7 @@ describe Auth::ContainerRegistryAuthenticationService do let(:payload) { JWT.decode(subject[:token], rsa_key).first } let(:authentication_abilities) do - [:read_container_image, :create_container_image] + [:read_container_image, :create_container_image, :admin_container_image] end subject do @@ -60,7 +60,7 @@ describe Auth::ContainerRegistryAuthenticationService do end shared_examples 'a deletable' do - it_behaves_like 'a accessible' do + it_behaves_like 'an accessible' do let(:actions) { ['*'] } end end @@ -126,7 +126,7 @@ describe Auth::ContainerRegistryAuthenticationService do context 'allow developer to push images' do before do - project.team << [current_user, :developer] + project.add_developer(current_user) end let(:current_params) do @@ -138,18 +138,21 @@ describe Auth::ContainerRegistryAuthenticationService do end context 'disallow developer to delete images' do - before { project.team << [current_user, :developer] } + before do + project.add_developer(current_user) + end let(:current_params) do { scope: "repository:#{project.path_with_namespace}:*" } end it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' end context 'allow reporter to pull images' do before do - project.team << [current_user, :reporter] + project.add_reporter(current_user) end context 'when pulling from root level repository' do @@ -172,11 +175,12 @@ describe Auth::ContainerRegistryAuthenticationService do end it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' end context 'return a least of privileges' do before do - project.team << [current_user, :reporter] + project.add_reporter(current_user) end let(:current_params) do @@ -189,7 +193,7 @@ describe Auth::ContainerRegistryAuthenticationService do context 'disallow guest to pull or push images' do before do - project.team << [current_user, :guest] + project.add_guest(current_user) end let(:current_params) do @@ -201,13 +205,16 @@ describe Auth::ContainerRegistryAuthenticationService do end context 'disallow guest to delete images' do - before { project.team << [current_user, :guest] } + before do + project.add_guest(current_user) + end let(:current_params) do { scope: "repository:#{project.path_with_namespace}:*" } end it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' end end @@ -238,6 +245,7 @@ describe Auth::ContainerRegistryAuthenticationService do end it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' end context 'when repository name is invalid' do @@ -248,14 +256,6 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' it_behaves_like 'not a container repository factory' end - - context 'disallow anyone to delete images' do - let(:current_params) do - { scope: "repository:#{project.path_with_namespace}:*" } - end - - it_behaves_like 'an inaccessible' - end end context 'for internal project' do @@ -286,6 +286,7 @@ describe Auth::ContainerRegistryAuthenticationService do end it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' end end @@ -313,13 +314,16 @@ describe Auth::ContainerRegistryAuthenticationService do end end - context 'delete authorized as admin' do + context 'delete authorized as master' do let(:current_project) { create(:empty_project) } - let(:current_user) { create(:admin) } + let(:current_user) { create(:user) } + let(:authentication_abilities) do - [ - :admin_container_image - ] + [:admin_container_image] + end + + before do + current_project.add_master(current_user) end it_behaves_like 'a valid token' @@ -344,7 +348,7 @@ describe Auth::ContainerRegistryAuthenticationService do end before do - current_project.team << [current_user, :developer] + current_project.add_developer(current_user) end it_behaves_like 'a valid token' @@ -394,7 +398,7 @@ describe Auth::ContainerRegistryAuthenticationService do context 'when you are member' do before do - project.team << [current_user, :developer] + project.add_developer(current_user) end it_behaves_like 'a pullable' @@ -424,7 +428,7 @@ describe Auth::ContainerRegistryAuthenticationService do context 'when you are member' do before do - project.team << [current_user, :developer] + project.add_developer(current_user) end it_behaves_like 'a pullable' @@ -451,7 +455,7 @@ describe Auth::ContainerRegistryAuthenticationService do let(:project) { create(:empty_project, :public) } before do - project.team << [current_user, :developer] + project.add_developer(current_user) end it_behaves_like 'an inaccessible' |