diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/controllers/ci/projects_controller.rb | 2 | ||||
-rw-r--r-- | spec/controllers/ci/projects_controller_spec.rb | 53 |
3 files changed, 56 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 8de86f53129..ce27258af79 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,7 @@ v 8.6.0 (unreleased) v 8.5.2 - Fix sidebar overlapping content when screen width was below 1200px + - Fix permissions for deprecated CI build status badge - Fix error 500 when commenting on a commit - Fix broken icons on installations with relative URL (Artem Sidorenko) - Fix import from gitlab.com (KazSawada) diff --git a/app/controllers/ci/projects_controller.rb b/app/controllers/ci/projects_controller.rb index d1824b481d7..081e01a75e0 100644 --- a/app/controllers/ci/projects_controller.rb +++ b/app/controllers/ci/projects_controller.rb @@ -3,6 +3,7 @@ module Ci before_action :project before_action :authorize_read_project!, except: [:badge] before_action :no_cache, only: [:badge] + skip_before_action :authenticate_user!, only: [:badge] protect_from_forgery def show @@ -18,6 +19,7 @@ module Ci # def badge return render_404 unless @project + image = Ci::ImageForBuildService.new.execute(@project, params) send_file image.path, filename: image.name, disposition: 'inline', type:"image/svg+xml" end diff --git a/spec/controllers/ci/projects_controller_spec.rb b/spec/controllers/ci/projects_controller_spec.rb new file mode 100644 index 00000000000..db0748f323f --- /dev/null +++ b/spec/controllers/ci/projects_controller_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe Ci::ProjectsController do + let(:visibility) { :public } + let!(:project) { create(:project, visibility, ci_id: 1) } + let(:ci_id) { project.ci_id } + + ## + # Specs for *deprecated* CI badge + # + describe '#badge' do + shared_examples 'badge provider' do + it 'shows badge' do + expect(response.status).to eq 200 + expect(response.headers) + .to include('Content-Type' => 'image/svg+xml') + end + end + + context 'user not signed in' do + before { get(:badge, id: ci_id) } + + context 'project has no ci_id reference' do + let(:ci_id) { 123 } + + it 'returns 404' do + expect(response.status).to eq 404 + end + end + + context 'project is public' do + let(:visibility) { :public } + it_behaves_like 'badge provider' + end + + context 'project is private' do + let(:visibility) { :private } + it_behaves_like 'badge provider' + end + end + + context 'user signed in' do + let(:user) { create(:user) } + before { sign_in(user) } + before { get(:badge, id: ci_id) } + + context 'private is internal' do + let(:visibility) { :internal } + it_behaves_like 'badge provider' + end + end + end +end |