diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-09-05 13:22:15 +0200 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-09-05 13:22:15 +0200 |
| commit | d4154ef30f52b30054e8e5d9bbf172d8700e8049 (patch) | |
| tree | 379a4046e5f6bc9689f5f6153b5af56e04a090f1 /spec | |
| parent | 3b874414c06156767117b7aa7ae705c7342d887c (diff) | |
| download | gitlab-ce-d4154ef30f52b30054e8e5d9bbf172d8700e8049.tar.gz | |
Do not require API authentication if artifacts are public
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/requests/api/jobs_spec.rb | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb index 9a113096951..dd2aed38412 100644 --- a/spec/requests/api/jobs_spec.rb +++ b/spec/requests/api/jobs_spec.rb @@ -196,13 +196,43 @@ describe API::Jobs do 'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif' end - context 'when user is not unauthorized' do + context 'when user is anonymous' do let(:api_user) { nil } - it 'does not return specific job artifacts' do - get_artifact_file(artifact) + context 'when project is public' do + it 'allows to access artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_http_status(200) + end + end + + context 'when project is public with builds access disabled' do + it 'rejects access to artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, false) - expect(response).to have_http_status(401) + get_artifact_file(artifact) + + expect(response).to have_http_status(403) + end + end + + context 'when project is private' do + it 'rejects access and hides existence of artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PRIVATE) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_http_status(404) + end end end @@ -257,11 +287,12 @@ describe API::Jobs do end end - context 'unauthorized user' do + context 'when anonymous user is accessing private artifacts' do let(:api_user) { nil } - it 'does not return specific job artifacts' do - expect(response).to have_http_status(401) + it 'hides artifacts and rejects request' do + expect(project).to be_private + expect(response).to have_http_status(404) end end end |