diff options
author | Z.J. van de Weg <zegerjan@gitlab.com> | 2016-10-13 09:38:03 +0200 |
---|---|---|
committer | Z.J. van de Weg <git@zjvandeweg.nl> | 2016-12-04 15:48:50 +0100 |
commit | 617f43c74b967a085f6cd7afb1408cfa28187b52 (patch) | |
tree | de6e860add1690c240806c5de4289bf2a633d3f7 /spec | |
parent | bd67459131e22273b502eb27d97709827ff42262 (diff) | |
download | gitlab-ce-617f43c74b967a085f6cd7afb1408cfa28187b52.tar.gz |
Guests can read builds if those are public
Fixes #18448
Diffstat (limited to 'spec')
-rw-r--r-- | spec/features/projects/guest_navigation_menu_spec.rb | 4 | ||||
-rw-r--r-- | spec/features/security/project/private_access_spec.rb | 52 | ||||
-rw-r--r-- | spec/policies/project_policy_spec.rb | 36 | ||||
-rw-r--r-- | spec/requests/api/builds_spec.rb | 2 |
4 files changed, 84 insertions, 10 deletions
diff --git a/spec/features/projects/guest_navigation_menu_spec.rb b/spec/features/projects/guest_navigation_menu_spec.rb index c22441f8929..8120a51c515 100644 --- a/spec/features/projects/guest_navigation_menu_spec.rb +++ b/spec/features/projects/guest_navigation_menu_spec.rb @@ -1,8 +1,8 @@ require 'spec_helper' describe "Guest navigation menu" do - let(:project) { create :empty_project, :private } - let(:guest) { create :user } + let(:project) { create(:empty_project, :private, public_builds: false) } + let(:guest) { create(:user) } before do project.team << [guest, :guest] diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index 290ddb4c6dd..a942a1ace3b 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -260,6 +260,19 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:visitor) } + + context 'when public builds is enabled' do + it { is_expected.to be_allowed_for guest } + end + + context 'when public buils are disabled' do + before do + project.public_builds = false + project.save + end + + it { is_expected.to be_denied_for guest } + end end describe "GET /:project_path/pipelines/:id" do @@ -275,6 +288,19 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:visitor) } + + context 'when public builds is enabled' do + it { is_expected.to be_allowed_for guest } + end + + context 'when public buils are disabled' do + before do + project.public_builds = false + project.save + end + + it { is_expected.to be_denied_for guest } + end end describe "GET /:project_path/builds" do @@ -289,6 +315,19 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:visitor) } + + context 'when public builds is enabled' do + it { is_expected.to be_allowed_for guest } + end + + context 'when public buils are disabled' do + before do + project.public_builds = false + project.save + end + + it { is_expected.to be_denied_for guest } + end end describe "GET /:project_path/builds/:id" do @@ -305,6 +344,19 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for(:user) } it { is_expected.to be_denied_for(:external) } it { is_expected.to be_denied_for(:visitor) } + + context 'when public builds is enabled' do + it { is_expected.to be_allowed_for guest } + end + + context 'when public buils are disabled' do + before do + project.public_builds = false + project.save + end + + it { is_expected.to be_denied_for guest } + end end describe "GET /:project_path/environments" do diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index b49e4f3a8bc..34a0937d9bc 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -111,13 +111,35 @@ describe ProjectPolicy, models: true do context 'guests' do let(:current_user) { guest } - it do - is_expected.to include(*guest_permissions) - is_expected.not_to include(*reporter_permissions) - is_expected.not_to include(*team_member_reporter_permissions) - is_expected.not_to include(*developer_permissions) - is_expected.not_to include(*master_permissions) - is_expected.not_to include(*owner_permissions) + context 'public builds enabled' do + let(:reporter_public_build_permissions) do + reporter_permissions - [:read_build, :read_pipeline] + end + + it do + is_expected.to include(*guest_permissions) + is_expected.not_to include(*reporter_public_build_permissions) + is_expected.not_to include(*team_member_reporter_permissions) + is_expected.not_to include(*developer_permissions) + is_expected.not_to include(*master_permissions) + is_expected.not_to include(*owner_permissions) + end + end + + context 'public builds disabled' do + before do + project.public_builds = false + project.save + end + + it do + is_expected.to include(*guest_permissions) + is_expected.not_to include(*reporter_permissions) + is_expected.not_to include(*team_member_reporter_permissions) + is_expected.not_to include(*developer_permissions) + is_expected.not_to include(*master_permissions) + is_expected.not_to include(*owner_permissions) + end end end diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb index 0ea991b18b8..7be7acebb19 100644 --- a/spec/requests/api/builds_spec.rb +++ b/spec/requests/api/builds_spec.rb @@ -5,7 +5,7 @@ describe API::Builds, api: true do let(:user) { create(:user) } let(:api_user) { user } - let!(:project) { create(:project, creator_id: user.id) } + let!(:project) { create(:project, creator_id: user.id, public_builds: false) } let!(:developer) { create(:project_member, :developer, user: user, project: project) } let(:reporter) { create(:project_member, :reporter, project: project) } let(:guest) { create(:project_member, :guest, project: project) } |