diff options
Diffstat (limited to 'spec/lib/gitlab/git_access_project_spec.rb')
-rw-r--r-- | spec/lib/gitlab/git_access_project_spec.rb | 92 |
1 files changed, 53 insertions, 39 deletions
diff --git a/spec/lib/gitlab/git_access_project_spec.rb b/spec/lib/gitlab/git_access_project_spec.rb index 520300363c9..f80915b2be9 100644 --- a/spec/lib/gitlab/git_access_project_spec.rb +++ b/spec/lib/gitlab/git_access_project_spec.rb @@ -5,6 +5,7 @@ require 'spec_helper' RSpec.describe Gitlab::GitAccessProject do let_it_be(:user) { create(:user) } let_it_be(:project) { create(:project, :repository) } + let(:container) { project } let(:actor) { user } let(:project_path) { project.path } let(:namespace_path) { project&.namespace&.path } @@ -13,19 +14,32 @@ RSpec.describe Gitlab::GitAccessProject do let(:changes) { Gitlab::GitAccess::ANY } let(:push_access_check) { access.check('git-receive-pack', changes) } let(:pull_access_check) { access.check('git-upload-pack', changes) } + let(:access) do + described_class.new(actor, container, protocol, + authentication_abilities: authentication_abilities, + repository_path: project_path, namespace_path: namespace_path) + end + + describe '#check_namespace!' do + context 'when namespace is nil' do + let(:namespace_path) { nil } + + it 'does not allow push and pull access' do + aggregate_failures do + expect { push_access_check }.to raise_namespace_not_found + expect { pull_access_check }.to raise_namespace_not_found + end + end + end + end describe '#check_project_accessibility!' do context 'when the project is nil' do - let(:project) { nil } + let(:container) { nil } let(:project_path) { "new-project" } context 'when user is allowed to create project in namespace' do let(:namespace_path) { user.namespace.path } - let(:access) do - described_class.new(actor, nil, - protocol, authentication_abilities: authentication_abilities, - repository_path: project_path, namespace_path: namespace_path) - end it 'blocks pull access with "not found"' do expect { pull_access_check }.to raise_not_found @@ -39,11 +53,6 @@ RSpec.describe Gitlab::GitAccessProject do context 'when user is not allowed to create project in namespace' do let(:user2) { create(:user) } let(:namespace_path) { user2.namespace.path } - let(:access) do - described_class.new(actor, nil, - protocol, authentication_abilities: authentication_abilities, - repository_path: project_path, namespace_path: namespace_path) - end it 'blocks push and pull with "not found"' do aggregate_failures do @@ -56,22 +65,27 @@ RSpec.describe Gitlab::GitAccessProject do end describe '#ensure_project_on_push!' do - let(:access) do - described_class.new(actor, project, - protocol, authentication_abilities: authentication_abilities, - repository_path: project_path, namespace_path: namespace_path) - end - before do allow(access).to receive(:changes).and_return(changes) end + shared_examples 'no project is created' do + let(:raise_specific_error) { raise_not_found } + let(:action) { push_access_check } + + it 'does not create a new project' do + expect { action } + .to raise_specific_error + .and change { Project.count }.by(0) + end + end + context 'when push' do let(:cmd) { 'git-receive-pack' } context 'when project does not exist' do let(:project_path) { "nonexistent" } - let(:project) { nil } + let(:container) { nil } context 'when changes is _any' do let(:changes) { Gitlab::GitAccess::ANY } @@ -82,8 +96,8 @@ RSpec.describe Gitlab::GitAccessProject do context 'when user can create project in namespace' do let(:namespace_path) { user.namespace.path } - it 'creates a new project' do - expect { access.send(:ensure_project_on_push!, cmd) } + it 'creates a new project in the correct namespace' do + expect { push_access_check } .to change { Project.count }.by(1) .and change { Project.where(namespace: user.namespace, name: project_path).count }.by(1) end @@ -93,9 +107,7 @@ RSpec.describe Gitlab::GitAccessProject do let(:user2) { create(:user) } let(:namespace_path) { user2.namespace.path } - it 'does not create a new project' do - expect { access.send(:ensure_project_on_push!, cmd) }.not_to change { Project.count } - end + it_behaves_like 'no project is created' end end @@ -105,8 +117,8 @@ RSpec.describe Gitlab::GitAccessProject do context 'when user can create project in namespace' do let(:namespace_path) { user.namespace.path } - it 'does not create a new project' do - expect { access.send(:ensure_project_on_push!, cmd) }.not_to change { Project.count } + it_behaves_like 'no project is created' do + let(:raise_specific_error) { raise_forbidden } end end end @@ -115,32 +127,26 @@ RSpec.describe Gitlab::GitAccessProject do context 'when check contains actual changes' do let(:changes) { "#{Gitlab::Git::BLANK_SHA} 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/new_branch" } - it 'does not create a new project' do - expect { access.send(:ensure_project_on_push!, cmd) }.not_to change { Project.count } - end + it_behaves_like 'no project is created' end end context 'when project exists' do let(:changes) { Gitlab::GitAccess::ANY } - let!(:project) { create(:project) } + let!(:container) { project } - it 'does not create a new project' do - expect { access.send(:ensure_project_on_push!, cmd) }.not_to change { Project.count } - end + it_behaves_like 'no project is created' end context 'when deploy key is used' do let(:key) { create(:deploy_key, user: user) } let(:actor) { key } let(:project_path) { "nonexistent" } - let(:project) { nil } + let(:container) { nil } let(:namespace_path) { user.namespace.path } let(:changes) { Gitlab::GitAccess::ANY } - it 'does not create a new project' do - expect { access.send(:ensure_project_on_push!, cmd) }.not_to change { Project.count } - end + it_behaves_like 'no project is created' end end @@ -151,10 +157,10 @@ RSpec.describe Gitlab::GitAccessProject do context 'when project does not exist' do let(:project_path) { "new-project" } let(:namespace_path) { user.namespace.path } - let(:project) { nil } + let(:container) { nil } - it 'does not create a new project' do - expect { access.send(:ensure_project_on_push!, cmd) }.not_to change { Project.count } + it_behaves_like 'no project is created' do + let(:action) { pull_access_check } end end end @@ -163,4 +169,12 @@ RSpec.describe Gitlab::GitAccessProject do def raise_not_found raise_error(Gitlab::GitAccess::NotFoundError, Gitlab::GitAccess::ERROR_MESSAGES[:project_not_found]) end + + def raise_forbidden + raise_error(Gitlab::GitAccess::ForbiddenError) + end + + def raise_namespace_not_found + raise_error(Gitlab::GitAccess::NotFoundError, described_class::ERROR_MESSAGES[:namespace_not_found]) + end end |