From 4474eab4f6a17861a6ed494034bc68acb0724e3c Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Fri, 20 May 2016 18:43:11 -0500 Subject: [PATCH] Fix container deletion permission issue --- .../container_registry_authentication_service.rb | 2 +- .../projects/container_registry/index.html.haml | 2 +- ...ontainer_registry_authentication_service_spec.rb | 13 ++++++++++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 3144e96ba31..f807b8ec09a 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -20,7 +20,7 @@ module Auth token.issuer = registry.issuer token.audience = AUDIENCE token[:access] = names.map do |name| - { type: 'repository', name: name, actions: %w(pull push) } + { type: 'repository', name: name, actions: %w(*) } end token.encoded end diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml index 40957993b22..e1e762410f2 100644 --- a/app/views/projects/container_registry/index.html.haml +++ b/app/views/projects/container_registry/index.html.haml @@ -4,7 +4,7 @@ %hr %ul.content-list - .light.prepend-top-default + %li.light.prepend-top-default %p A 'container image' is a snapshot of a container. You can host your container images with GitLab. diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 6c9f56a4fba..73b8c3f048f 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do subject { described_class.new(current_project, current_user, current_params).execute } before do - stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil) + allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil) allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key) end @@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do it { is_expected.to_not include(:token) } end + describe '#full_access_token' do + let(:project) { create(:empty_project) } + let(:token) { described_class.full_access_token(project.path_with_namespace) } + + subject { { token: token } } + + it_behaves_like 'a accessible' do + let(:actions) { ['*'] } + end + end + context 'user authorization' do let(:project) { create(:project) } let(:current_user) { create(:user) }