1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# frozen_string_literal: true
module QA
RSpec.describe 'Manage' do
describe 'User', :requires_admin, :reliable, product_group: :system_access do
before(:all) do
admin_api_client = Runtime::API::Client.as_admin
@user = Resource::User.fabricate_via_api! do |user|
user.api_client = admin_api_client
end
@user_api_client = Runtime::API::Client.new(:gitlab, user: @user)
@group = QA::Resource::Group.fabricate_via_api! do |group|
group.path = "group-to-test-access-termination-#{SecureRandom.hex(8)}"
end
@group.sandbox.add_member(@user)
@project = Resource::Project.fabricate_via_api! do |project|
project.group = @group
project.name = "project-for-user-group-access-termination"
project.initialize_with_readme = true
end
end
context 'after parent group membership termination' do
before do
@group.sandbox.remove_member(@user)
end
it 'is not allowed to push code via the CLI', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347863' do
QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do
expect do
Resource::Repository::Push.fabricate! do |push|
push.repository_http_uri = @project.repository_http_location.uri
push.file_name = 'test.txt'
push.file_content = "# This is a test project named #{@project.name}"
push.commit_message = 'Add test.txt'
push.branch_name = "new_branch_#{SecureRandom.hex(8)}"
push.user = @user
end
end.to raise_error(QA::Support::Run::CommandError, /You are not allowed to push code to this project/)
end
end
it 'is not allowed to create a file via the API', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347864' do
QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do
expect do
Resource::File.fabricate_via_api! do |file|
file.api_client = @user_api_client
file.project = @project
file.branch = "new_branch_#{SecureRandom.hex(8)}"
file.commit_message = 'Add new file'
file.name = 'test.txt'
file.content = "New file"
end
end.to raise_error(Resource::ApiFabricator::ResourceFabricationFailedError, /403 Forbidden/)
end
end
it 'is not allowed to commit via the API', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347865' do
QA::Support::Retrier.retry_on_exception(max_attempts: 5, sleep_interval: 2) do
expect do
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.api_client = @user_api_client
commit.project = @project
commit.branch = "new_branch_#{SecureRandom.hex(8)}"
commit.start_branch = @project.default_branch
commit.commit_message = 'Add new file'
commit.add_files([{ file_path: 'test.txt', content: 'new file' }])
end
end.to raise_error(Resource::ApiFabricator::ResourceFabricationFailedError, /403 Forbidden - You are not allowed to push into this branch/)
end
end
end
after(:all) do
@user.remove_via_api!
@project.remove_via_api!
@group.remove_via_api!
end
end
end
end
|
