gitlab-org--gitlab-foss/spec/lib/gitlab/git_access_spec.rb

228 lines
6.6 KiB
Ruby
Raw Normal View History

2014-09-24 04:37:30 -04:00
require 'spec_helper'
2015-12-09 05:55:36 -05:00
describe Gitlab::GitAccess, lib: true do
let(:access) { Gitlab::GitAccess.new(actor, project) }
2014-09-24 04:37:30 -04:00
let(:project) { create(:project) }
let(:user) { create(:user) }
let(:actor) { user }
2014-09-24 04:37:30 -04:00
describe 'can_push_to_branch?' do
describe 'push to none protected branch' do
it "returns true if user is a master" do
project.team << [user, :master]
expect(access.can_push_to_branch?("random_branch")).to be_truthy
end
it "returns true if user is a developer" do
project.team << [user, :developer]
expect(access.can_push_to_branch?("random_branch")).to be_truthy
end
it "returns false if user is a reporter" do
project.team << [user, :reporter]
expect(access.can_push_to_branch?("random_branch")).to be_falsey
end
end
describe 'push to protected branch' do
before do
@branch = create :protected_branch, project: project
end
it "returns true if user is a master" do
project.team << [user, :master]
expect(access.can_push_to_branch?(@branch.name)).to be_truthy
end
it "returns false if user is a developer" do
project.team << [user, :developer]
expect(access.can_push_to_branch?(@branch.name)).to be_falsey
end
it "returns false if user is a reporter" do
project.team << [user, :reporter]
expect(access.can_push_to_branch?(@branch.name)).to be_falsey
end
end
describe 'push to protected branch if allowed for developers' do
before do
@branch = create :protected_branch, project: project, developers_can_push: true
end
it "returns true if user is a master" do
project.team << [user, :master]
expect(access.can_push_to_branch?(@branch.name)).to be_truthy
end
it "returns true if user is a developer" do
project.team << [user, :developer]
expect(access.can_push_to_branch?(@branch.name)).to be_truthy
end
it "returns false if user is a reporter" do
project.team << [user, :reporter]
expect(access.can_push_to_branch?(@branch.name)).to be_falsey
end
end
end
describe 'download_access_check' do
2014-09-24 04:37:30 -04:00
describe 'master permissions' do
before { project.team << [user, :master] }
context 'pull code' do
subject { access.download_access_check }
2014-09-24 04:37:30 -04:00
it { expect(subject.allowed?).to be_truthy }
2014-09-24 04:37:30 -04:00
end
end
describe 'guest permissions' do
before { project.team << [user, :guest] }
context 'pull code' do
subject { access.download_access_check }
2014-09-24 04:37:30 -04:00
it { expect(subject.allowed?).to be_falsey }
2014-09-24 04:37:30 -04:00
end
end
describe 'blocked user' do
before do
project.team << [user, :master]
user.block
end
context 'pull code' do
subject { access.download_access_check }
2014-09-24 04:37:30 -04:00
it { expect(subject.allowed?).to be_falsey }
2014-09-24 04:37:30 -04:00
end
end
describe 'without acccess to project' do
context 'pull code' do
subject { access.download_access_check }
2014-09-24 04:37:30 -04:00
it { expect(subject.allowed?).to be_falsey }
2014-09-24 04:37:30 -04:00
end
end
describe 'deploy key permissions' do
let(:key) { create(:deploy_key) }
let(:actor) { key }
context 'pull code' do
2015-05-13 03:45:34 -04:00
before { key.projects << project }
subject { access.download_access_check }
2015-05-13 03:45:34 -04:00
it { expect(subject.allowed?).to be_truthy }
end
end
2014-09-24 04:37:30 -04:00
end
describe 'push_access_check' do
2014-09-24 05:04:40 -04:00
def protect_feature_branch
create(:protected_branch, name: 'feature', project: project)
2014-09-24 04:37:30 -04:00
end
2014-09-24 05:04:40 -04:00
def changes
{
push_new_branch: "#{Gitlab::Git::BLANK_SHA} 570e7b2ab refs/heads/wow",
2014-09-24 05:04:40 -04:00
push_master: '6f6d7e7ed 570e7b2ab refs/heads/master',
push_protected_branch: '6f6d7e7ed 570e7b2ab refs/heads/feature',
push_remove_protected_branch: "570e7b2ab #{Gitlab::Git::BLANK_SHA} "\
'refs/heads/feature',
2014-09-24 05:04:40 -04:00
push_tag: '6f6d7e7ed 570e7b2ab refs/tags/v1.0.0',
push_new_tag: "#{Gitlab::Git::BLANK_SHA} 570e7b2ab refs/tags/v7.8.9",
2014-09-24 05:04:40 -04:00
push_all: ['6f6d7e7ed 570e7b2ab refs/heads/master', '6f6d7e7ed 570e7b2ab refs/heads/feature']
}
end
2014-09-24 04:37:30 -04:00
2014-09-24 05:04:40 -04:00
def self.permissions_matrix
{
master: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
},
developer: {
push_new_branch: true,
push_master: true,
push_protected_branch: false,
push_remove_protected_branch: false,
push_tag: false,
push_new_tag: true,
push_all: false,
},
reporter: {
push_new_branch: false,
push_master: false,
push_protected_branch: false,
push_remove_protected_branch: false,
push_tag: false,
push_new_tag: false,
push_all: false,
},
guest: {
push_new_branch: false,
push_master: false,
push_protected_branch: false,
push_remove_protected_branch: false,
push_tag: false,
push_new_tag: false,
push_all: false,
}
}
end
2014-09-24 04:37:30 -04:00
def self.updated_permissions_matrix
updated_permissions_matrix = permissions_matrix.dup
updated_permissions_matrix[:developer][:push_protected_branch] = true
updated_permissions_matrix[:developer][:push_all] = true
updated_permissions_matrix
end
2014-09-24 05:04:40 -04:00
permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { protect_feature_branch }
before { project.team << [user, role] }
2014-09-24 04:37:30 -04:00
2014-09-24 05:04:40 -04:00
permissions_matrix[role].each do |action, allowed|
context action do
subject { access.push_access_check(changes[action]) }
2014-09-24 04:37:30 -04:00
it { expect(subject.allowed?).to allowed ? be_truthy : be_falsey }
2014-09-24 05:04:40 -04:00
end
end
2014-09-24 04:37:30 -04:00
end
end
context "with enabled developers push to protected branches " do
updated_permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { create(:protected_branch, name: 'feature', developers_can_push: true, project: project) }
before { project.team << [user, role] }
updated_permissions_matrix[role].each do |action, allowed|
context action do
subject { access.push_access_check(changes[action]) }
it { expect(subject.allowed?).to allowed ? be_truthy : be_falsey }
end
end
end
end
end
2014-09-24 04:37:30 -04:00
end
end