diff options
author | Agustin Henze <tin@redhat.com> | 2019-04-09 14:53:44 +0000 |
---|---|---|
committer | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-04-09 14:53:44 +0000 |
commit | 20093f9de0b34da88a8b01ca94ee773685b16308 (patch) | |
tree | 6418fff41e2f5deeb5f3839d90472b28c18cf942 /spec | |
parent | 67c330841271537eddad6fc938aa638d68f48a11 (diff) | |
download | gitlab-ce-20093f9de0b34da88a8b01ca94ee773685b16308.tar.gz |
Add new permission model `read-pipeline-variable`
Used to get the variables via the API endpoint
`/projects/:id/pipelines/:pipeline_id/variables`
Signed-off-by: Agustin Henze <tin@redhat.com>
Diffstat (limited to 'spec')
-rw-r--r-- | spec/policies/ci/pipeline_policy_spec.rb | 46 | ||||
-rw-r--r-- | spec/requests/api/pipelines_spec.rb | 66 |
2 files changed, 112 insertions, 0 deletions
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb index 844d96017de..126d44d1860 100644 --- a/spec/policies/ci/pipeline_policy_spec.rb +++ b/spec/policies/ci/pipeline_policy_spec.rb @@ -100,5 +100,51 @@ describe Ci::PipelinePolicy, :models do end end end + + describe 'read_pipeline_variable' do + let(:project) { create(:project, :public) } + + context 'when user has owner access' do + let(:user) { project.owner } + + it 'is enabled' do + expect(policy).to be_allowed :read_pipeline_variable + end + end + + context 'when user is developer and the creator of the pipeline' do + let(:pipeline) { create(:ci_empty_pipeline, project: project, user: user) } + + before do + project.add_developer(user) + create(:protected_branch, :developers_can_merge, + name: pipeline.ref, project: project) + end + + it 'is enabled' do + expect(policy).to be_allowed :read_pipeline_variable + end + end + + context 'when user is developer and it is not the creator of the pipeline' do + let(:pipeline) { create(:ci_empty_pipeline, project: project, user: project.owner) } + + before do + project.add_developer(user) + create(:protected_branch, :developers_can_merge, + name: pipeline.ref, project: project) + end + + it 'is disabled' do + expect(policy).to be_disallowed :read_pipeline_variable + end + end + + context 'when user is not owner nor developer' do + it 'is disabled' do + expect(policy).not_to be_allowed :read_pipeline_variable + end + end + end end end diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb index 9fed07cae82..0d46463312b 100644 --- a/spec/requests/api/pipelines_spec.rb +++ b/spec/requests/api/pipelines_spec.rb @@ -445,6 +445,72 @@ describe API::Pipelines do end end + describe 'GET /projects/:id/pipelines/:pipeline_id/variables' do + subject { get api("/projects/#{project.id}/pipelines/#{pipeline.id}/variables", api_user) } + + let(:api_user) { user } + + context 'user is a mantainer' do + it 'returns pipeline variables empty' do + subject + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to be_empty + end + + context 'with variables' do + let!(:variable) { create(:ci_pipeline_variable, pipeline: pipeline, key: 'foo', value: 'bar') } + + it 'returns pipeline variables' do + subject + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to contain_exactly({ "key" => "foo", "value" => "bar" }) + end + end + end + + context 'user is a developer' do + let(:pipeline_owner_user) { create(:user) } + let(:pipeline) { create(:ci_empty_pipeline, project: project, user: pipeline_owner_user) } + + before do + project.add_developer(api_user) + end + + context 'pipeline created by the developer user' do + let(:api_user) { pipeline_owner_user } + let!(:variable) { create(:ci_pipeline_variable, pipeline: pipeline, key: 'foo', value: 'bar') } + + it 'returns pipeline variables' do + subject + + expect(response).to have_gitlab_http_status(200) + expect(json_response).to contain_exactly({ "key" => "foo", "value" => "bar" }) + end + end + + context 'pipeline created is not created by the developer user' do + let(:api_user) { create(:user) } + + it 'should not return pipeline variables' do + subject + + expect(response).to have_gitlab_http_status(403) + end + end + end + + context 'user is not a project member' do + it 'should not return pipeline variables' do + get api("/projects/#{project.id}/pipelines/#{pipeline.id}/variables", non_member) + + expect(response).to have_gitlab_http_status(404) + expect(json_response['message']).to eq '404 Project Not Found' + end + end + end + describe 'DELETE /projects/:id/pipelines/:pipeline_id' do context 'authorized user' do let(:owner) { project.owner } |