diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 14:13:03 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 14:13:26 +0000 |
commit | 9ca24e5c1f715a597e694961ac0d60674166039a (patch) | |
tree | 833d04ab4a742a478741ddb19a9cd56d27657e87 /spec | |
parent | e2e6f2f2e9a5a4e84d724864fc4d27a8f1605c64 (diff) | |
download | gitlab-ce-9ca24e5c1f715a597e694961ac0d60674166039a.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee
Diffstat (limited to 'spec')
-rw-r--r-- | spec/finders/packages/conan/package_finder_spec.rb | 51 | ||||
-rw-r--r-- | spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb | 67 |
2 files changed, 91 insertions, 27 deletions
diff --git a/spec/finders/packages/conan/package_finder_spec.rb b/spec/finders/packages/conan/package_finder_spec.rb index b26f8900090..6848786818b 100644 --- a/spec/finders/packages/conan/package_finder_spec.rb +++ b/spec/finders/packages/conan/package_finder_spec.rb @@ -2,22 +2,53 @@ require 'spec_helper' RSpec.describe ::Packages::Conan::PackageFinder do + using RSpec::Parameterized::TableSyntax + + let_it_be_with_reload(:project) { create(:project) } let_it_be(:user) { create(:user) } - let_it_be(:project) { create(:project, :public) } + let_it_be(:private_project) { create(:project, :private) } + + let_it_be(:conan_package) { create(:conan_package, project: project) } + let_it_be(:conan_package2) { create(:conan_package, project: project) } + let_it_be(:errored_package) { create(:conan_package, :error, project: project) } + let_it_be(:private_package) { create(:conan_package, project: private_project) } describe '#execute' do - let!(:conan_package) { create(:conan_package, project: project) } - let!(:conan_package2) { create(:conan_package, project: project) } + let(:query) { "#{conan_package.name.split('/').first[0, 3]}%" } + let(:finder) { described_class.new(user, query: query) } + + subject { finder.execute } + + where(:visibility, :role, :packages_visible) do + :private | :maintainer | true + :private | :developer | true + :private | :reporter | true + :private | :guest | false + :private | :anonymous | false + + :internal | :maintainer | true + :internal | :developer | true + :internal | :reporter | true + :internal | :guest | true + :internal | :anonymous | false + + :public | :maintainer | true + :public | :developer | true + :public | :reporter | true + :public | :guest | true + :public | :anonymous | true + end - subject { described_class.new(user, query: query).execute } + with_them do + let(:expected_packages) { packages_visible ? [conan_package, conan_package2] : [] } + let(:user) { role == :anonymous ? nil : super() } - context 'packages that are not installable' do - let!(:conan_package3) { create(:conan_package, :error, project: project) } - let!(:non_visible_project) { create(:project, :private) } - let!(:non_visible_conan_package) { create(:conan_package, project: non_visible_project) } - let(:query) { "#{conan_package.name.split('/').first[0, 3]}%" } + before do + project.update_column(:visibility_level, Gitlab::VisibilityLevel.string_options[visibility.to_s]) + project.add_user(user, role) unless role == :anonymous + end - it { is_expected.to eq [conan_package, conan_package2] } + it { is_expected.to eq(expected_packages) } end end end diff --git a/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb index 135fa4cf5a4..e6b0772aec1 100644 --- a/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb @@ -19,33 +19,66 @@ RSpec.shared_examples 'conan ping endpoint' do end RSpec.shared_examples 'conan search endpoint' do - before do - project.update_column(:visibility_level, Gitlab::VisibilityLevel::PUBLIC) - - # Do not pass the HTTP_AUTHORIZATION header, - # in order to test that this public project's packages - # are visible to anonymous search. - get api(url), params: params - end + using RSpec::Parameterized::TableSyntax subject { json_response['results'] } - context 'returns packages with a matching name' do - let(:params) { { q: package.conan_recipe } } + context 'with a public project' do + before do + project.update!(visibility: 'public') + + # Do not pass the HTTP_AUTHORIZATION header, + # in order to test that this public project's packages + # are visible to anonymous search. + get api(url), params: params + end + + context 'returns packages with a matching name' do + let(:params) { { q: package.conan_recipe } } + + it { is_expected.to contain_exactly(package.conan_recipe) } + end + + context 'returns packages using a * wildcard' do + let(:params) { { q: "#{package.name[0, 3]}*" } } - it { is_expected.to contain_exactly(package.conan_recipe) } + it { is_expected.to contain_exactly(package.conan_recipe) } + end + + context 'does not return non-matching packages' do + let(:params) { { q: "foo" } } + + it { is_expected.to be_blank } + end end - context 'returns packages using a * wildcard' do + context 'with a private project' do let(:params) { { q: "#{package.name[0, 3]}*" } } - it { is_expected.to contain_exactly(package.conan_recipe) } - end + where(:role, :packages_visible) do + :maintainer | true + :developer | true + :reporter | true + :guest | false + :anonymous | false + end - context 'does not return non-matching packages' do - let(:params) { { q: "foo" } } + with_them do + before do + project.update!(visibility: 'private') + project.team.truncate + user.project_authorizations.delete_all + project.add_user(user, role) unless role == :anonymous + + get api(url), params: params, headers: headers + end - it { is_expected.to be_blank } + if params[:packages_visible] + it { is_expected.to contain_exactly(package.conan_recipe) } + else + it { is_expected.to be_blank } + end + end end end |