diff options
| -rw-r--r-- | lib/api/jobs.rb | 1 | ||||
| -rw-r--r-- | lib/api/v3/builds.rb | 1 | ||||
| -rw-r--r-- | spec/models/ci/build_spec.rb | 17 | ||||
| -rw-r--r-- | spec/policies/ci/build_policy_spec.rb | 11 |
4 files changed, 24 insertions, 6 deletions
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb index a116ab3c9bd..6dcbe2ff936 100644 --- a/lib/api/jobs.rb +++ b/lib/api/jobs.rb @@ -136,6 +136,7 @@ module API authorize_update_builds! build = find_build!(params[:job_id]) + authorize!(:update_build, build) authorize!(:erase_build, build) return forbidden!('Job is not erasable!') unless build.erasable? diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb index fa0bef39602..1c0f9f73c78 100644 --- a/lib/api/v3/builds.rb +++ b/lib/api/v3/builds.rb @@ -169,6 +169,7 @@ module API authorize_update_builds! build = get_build!(params[:build_id]) + authorize!(:update_build, build) authorize!(:erase_build, build) return forbidden!('Build is not erasable!') unless build.erasable? diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index 5ed2e1ca99a..88f7b1775a0 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -270,6 +270,23 @@ describe Ci::Build do end end + describe '#owned_by?' do + subject { build.owned_by?(user) } + + context 'when user is owner' do + let(:build) { create(:ci_build, pipeline: pipeline, user: user) } + + it { is_expected.to be_truthy } + end + + context 'when user is not owner' do + let(:another_user) { create(:user) } + let(:build) { create(:ci_build, pipeline: pipeline, user: another_user) } + + it { is_expected.to be_falsy } + end + end + describe '#detailed_status' do it 'returns a detailed status' do expect(build.detailed_status(user)) diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb index e5d5e1017cd..d8e73e4a890 100644 --- a/spec/policies/ci/build_policy_spec.rb +++ b/spec/policies/ci/build_policy_spec.rb @@ -151,10 +151,9 @@ describe Ci::BuildPolicy do end end - # TODO: Finish spec describe 'rules for erase build' do let(:project) { create(:project, :repository) } - let(:another_user) { create(:user) } + let(:build) { create(:ci_build, pipeline: pipeline, user: owner) } context 'when developer created a build' do before do @@ -162,13 +161,13 @@ describe Ci::BuildPolicy do end context 'when the build was created by the user' do - let(:build) { create(:ci_build, user: user) } + let(:owner) { user } it { expect(policy).to be_allowed :erase_build } end context 'when the build was created by others' do - let(:build) { create(:ci_build, user: another_user) } + let(:owner) { create(:user) } it { expect(policy).to be_disallowed :erase_build } end @@ -180,13 +179,13 @@ describe Ci::BuildPolicy do end context 'when the build was created by the user' do - let(:build) { create(:ci_build, user: user) } + let(:owner) { user } it { expect(policy).to be_allowed :erase_build } end context 'when the build was created by others' do - let(:build) { create(:ci_build, user: another_user) } + let(:owner) { create(:user) } it { expect(policy).to be_allowed :erase_build } end |