Fix container deletion permission issue
This commit is contained in:
Kamil Trzcinski
parent
ec86644545
commit
4474eab4f6
|
|
@ -20,7 +20,7 @@ module Auth
|
|||
token.issuer = registry.issuer
|
||||
token.audience = AUDIENCE
|
||||
token[:access] = names.map do |name|
|
||||
{ type: 'repository', name: name, actions: %w(pull push) }
|
||||
{ type: 'repository', name: name, actions: %w(*) }
|
||||
end
|
||||
token.encoded
|
||||
end
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
%hr
|
||||
|
||||
%ul.content-list
|
||||
.light.prepend-top-default
|
||||
%li.light.prepend-top-default
|
||||
%p
|
||||
A 'container image' is a snapshot of a container.
|
||||
You can host your container images with GitLab.
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
|
|||
subject { described_class.new(current_project, current_user, current_params).execute }
|
||||
|
||||
before do
|
||||
stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil)
|
||||
allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil)
|
||||
allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
|
||||
end
|
||||
|
||||
|
|
@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
|
|||
it { is_expected.to_not include(:token) }
|
||||
end
|
||||
|
||||
describe '#full_access_token' do
|
||||
let(:project) { create(:empty_project) }
|
||||
let(:token) { described_class.full_access_token(project.path_with_namespace) }
|
||||
|
||||
subject { { token: token } }
|
||||
|
||||
it_behaves_like 'a accessible' do
|
||||
let(:actions) { ['*'] }
|
||||
end
|
||||
end
|
||||
|
||||
context 'user authorization' do
|
||||
let(:project) { create(:project) }
|
||||
let(:current_user) { create(:user) }
|
||||
|
|
|
|||
Loading…
Reference in New Issue