diff options
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/checks/change_access_spec.rb | 87 | ||||
-rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 2 | ||||
-rw-r--r-- | spec/lib/gitlab/user_access_spec.rb | 48 |
3 files changed, 109 insertions, 28 deletions
diff --git a/spec/lib/gitlab/checks/change_access_spec.rb b/spec/lib/gitlab/checks/change_access_spec.rb index 959ae02c222..8d81ed5856e 100644 --- a/spec/lib/gitlab/checks/change_access_spec.rb +++ b/spec/lib/gitlab/checks/change_access_spec.rb @@ -96,40 +96,77 @@ describe Gitlab::Checks::ChangeAccess, lib: true do end end - context 'protected branches check' do - before do - allow(ProtectedBranch).to receive(:protected?).with(project, 'master').and_return(true) - end - - it 'returns an error if the user is not allowed to do forced pushes to protected branches' do - expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true) + context 'branches check' do + context 'trying to delete the default branch' do + let(:newrev) { '0000000000000000000000000000000000000000' } + let(:ref) { 'refs/heads/master' } - expect(subject.status).to be(false) - expect(subject.message).to eq('You are not allowed to force push code to a protected branch on this project.') + it 'returns an error' do + expect(subject.status).to be(false) + expect(subject.message).to eq('The default branch of a project cannot be deleted.') + end end - it 'returns an error if the user is not allowed to merge to protected branches' do - expect_any_instance_of(Gitlab::Checks::MatchingMergeRequest).to receive(:match?).and_return(true) - expect(user_access).to receive(:can_merge_to_branch?).and_return(false) - expect(user_access).to receive(:can_push_to_branch?).and_return(false) + context 'protected branches check' do + before do + allow(ProtectedBranch).to receive(:protected?).with(project, 'master').and_return(true) + allow(ProtectedBranch).to receive(:protected?).with(project, 'feature').and_return(true) + end - expect(subject.status).to be(false) - expect(subject.message).to eq('You are not allowed to merge code into protected branches on this project.') - end + it 'returns an error if the user is not allowed to do forced pushes to protected branches' do + expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true) - it 'returns an error if the user is not allowed to push to protected branches' do - expect(user_access).to receive(:can_push_to_branch?).and_return(false) + expect(subject.status).to be(false) + expect(subject.message).to eq('You are not allowed to force push code to a protected branch on this project.') + end - expect(subject.status).to be(false) - expect(subject.message).to eq('You are not allowed to push code to protected branches on this project.') - end + it 'returns an error if the user is not allowed to merge to protected branches' do + expect_any_instance_of(Gitlab::Checks::MatchingMergeRequest).to receive(:match?).and_return(true) + expect(user_access).to receive(:can_merge_to_branch?).and_return(false) + expect(user_access).to receive(:can_push_to_branch?).and_return(false) - context 'branch deletion' do - let(:newrev) { '0000000000000000000000000000000000000000' } + expect(subject.status).to be(false) + expect(subject.message).to eq('You are not allowed to merge code into protected branches on this project.') + end + + it 'returns an error if the user is not allowed to push to protected branches' do + expect(user_access).to receive(:can_push_to_branch?).and_return(false) - it 'returns an error if the user is not allowed to delete protected branches' do expect(subject.status).to be(false) - expect(subject.message).to eq('You are not allowed to delete protected branches from this project.') + expect(subject.message).to eq('You are not allowed to push code to protected branches on this project.') + end + + context 'branch deletion' do + let(:newrev) { '0000000000000000000000000000000000000000' } + let(:ref) { 'refs/heads/feature' } + + context 'if the user is not allowed to delete protected branches' do + it 'returns an error' do + expect(subject.status).to be(false) + expect(subject.message).to eq('You are not allowed to delete protected branches from this project. Only a project master or owner can delete a protected branch.') + end + end + + context 'if the user is allowed to delete protected branches' do + before do + project.add_master(user) + end + + context 'through the web interface' do + let(:protocol) { 'web' } + + it 'allows branch deletion' do + expect(subject.status).to be(true) + end + end + + context 'over SSH or HTTP' do + it 'returns an error' do + expect(subject.status).to be(false) + expect(subject.message).to eq('You can only delete protected branches using the web interface.') + end + end + end end end end diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index d8b72615fab..25769977f24 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe Gitlab::GitAccess, lib: true do - let(:access) { Gitlab::GitAccess.new(actor, project, 'web', authentication_abilities: authentication_abilities) } + let(:access) { Gitlab::GitAccess.new(actor, project, 'ssh', authentication_abilities: authentication_abilities) } let(:project) { create(:project, :repository) } let(:user) { create(:user) } let(:actor) { user } diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb index 2b27ff66c09..0d87cf25dbb 100644 --- a/spec/lib/gitlab/user_access_spec.rb +++ b/spec/lib/gitlab/user_access_spec.rb @@ -5,7 +5,7 @@ describe Gitlab::UserAccess, lib: true do let(:project) { create(:project) } let(:user) { create(:user) } - describe 'can_push_to_branch?' do + describe '#can_push_to_branch?' do describe 'push to none protected branch' do it 'returns true if user is a master' do project.team << [user, :master] @@ -143,7 +143,7 @@ describe Gitlab::UserAccess, lib: true do end end - describe 'can_create_tag?' do + describe '#can_create_tag?' do describe 'push to none protected tag' do it 'returns true if user is a master' do project.add_user(user, :master) @@ -211,4 +211,48 @@ describe Gitlab::UserAccess, lib: true do end end end + + describe '#can_delete_branch?' do + describe 'delete unprotected branch' do + it 'returns true if user is a master' do + project.add_user(user, :master) + + expect(access.can_delete_branch?('random_branch')).to be_truthy + end + + it 'returns true if user is a developer' do + project.add_user(user, :developer) + + expect(access.can_delete_branch?('random_branch')).to be_truthy + end + + it 'returns false if user is a reporter' do + project.add_user(user, :reporter) + + expect(access.can_delete_branch?('random_branch')).to be_falsey + end + end + + describe 'delete protected branch' do + let(:branch) { create(:protected_branch, project: project, name: "test") } + + it 'returns true if user is a master' do + project.add_user(user, :master) + + expect(access.can_delete_branch?(branch.name)).to be_truthy + end + + it 'returns false if user is a developer' do + project.add_user(user, :developer) + + expect(access.can_delete_branch?(branch.name)).to be_falsey + end + + it 'returns false if user is a reporter' do + project.add_user(user, :reporter) + + expect(access.can_delete_branch?(branch.name)).to be_falsey + end + end + end end |