From 370fc05da7f95bf6621867a71d51493cf3899e25 Mon Sep 17 00:00:00 2001
From: Mayra Cabrera <mcabrera@gitlab.com>
Date: Thu, 29 Mar 2018 16:56:35 -0600
Subject: Implement 'read_repo' for DeployTokens

This will allow to download a repo using the token from the DeployToken
---
 spec/lib/gitlab/git_access_spec.rb | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'spec/lib/gitlab/git_access_spec.rb')

diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index c870997e274..928825c21fa 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -145,6 +145,33 @@ describe Gitlab::GitAccess do
             expect { push_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:auth_upload])
           end
         end
+
+        context 'when actor is DeployToken' do
+          context 'when DeployToken is active and belongs to project' do
+            let(:actor) { create(:deploy_token, :read_repo, project: project) }
+
+            it 'allows pull access' do
+              expect { pull_access_check }.not_to raise_error
+            end
+          end
+
+          context 'when DeployToken has been revoked' do
+            let(:actor) { create(:deploy_token, :read_repo, project: project) }
+
+            it 'blocks pull access' do
+              actor.revoke!
+              expect { pull_access_check }.to raise_not_found
+            end
+          end
+
+          context 'when DeployToken does not belong to project' do
+            let(:actor) { create(:deploy_token, :read_repo) }
+
+            it 'blocks pull access' do
+              expect { pull_access_check }.to raise_not_found
+            end
+          end
+        end
       end
 
       context 'when actor is nil' do
-- 
cgit v1.2.1