diff --git a/app/controllers/ci/runner_projects_controller.rb b/app/controllers/ci/runner_projects_controller.rb index 5365f51082f..a8bdd5bb362 100644 --- a/app/controllers/ci/runner_projects_controller.rb +++ b/app/controllers/ci/runner_projects_controller.rb @@ -9,7 +9,7 @@ module Ci def create @runner = Ci::Runner.find(params[:runner_project][:runner_id]) - return head(403) unless current_user.authorized_runners.include?(@runner) + return head(403) unless current_user.ci_authorized_runners.include?(@runner) if @runner.assign_to(project, current_user) redirect_to ci_project_runners_path(project) diff --git a/app/models/user.rb b/app/models/user.rb index bff8eeed96d..25371f9138a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -753,4 +753,13 @@ class User < ActiveRecord::Base def can_be_removed? !solo_owned_groups.present? end + + def ci_authorized_projects + @ci_authorized_projects ||= Ci::Project.where(gitlab_id: authorized_projects) + end + + def ci_authorized_runners + Ci::Runner.specific.includes(:runner_projects). + where(ci_runner_projects: { project_id: ci_authorized_projects } ) + end end diff --git a/spec/features/ci/runners_spec.rb b/spec/features/ci/runners_spec.rb index 86ccac29c74..15147f15eb3 100644 --- a/spec/features/ci/runners_spec.rb +++ b/spec/features/ci/runners_spec.rb @@ -1,21 +1,19 @@ require 'spec_helper' describe "Runners" do + let(:user) { create(:user) } + before do - login_as :user + login_as(user) end describe "specific runners" do before do @project = FactoryGirl.create :ci_project - @project2 = FactoryGirl.create :ci_project - stub_js_gitlab_calls + @project.gl_project.team << [user, :master] - # all projects should be authorized for user - allow_any_instance_of(Network).to receive(:projects).and_return([ - OpenStruct.new({ id: @project.gitlab_id }), - OpenStruct.new({ id: @project2.gitlab_id }) - ]) + @project2 = FactoryGirl.create :ci_project + @project2.gl_project.team << [user, :master] @shared_runner = FactoryGirl.create :ci_shared_runner @specific_runner = FactoryGirl.create :ci_specific_runner @@ -60,14 +58,14 @@ describe "Runners" do click_on "Remove runner" end - expect(Runner.exists?(id: @specific_runner)).to be_falsey + expect(Ci::Runner.exists?(id: @specific_runner)).to be_falsey end end describe "shared runners" do before do @project = FactoryGirl.create :ci_project - stub_js_gitlab_calls + @project.gl_project.team << [user, :master] end it "enables shared runners" do @@ -82,7 +80,7 @@ describe "Runners" do describe "show page" do before do @project = FactoryGirl.create :ci_project - stub_js_gitlab_calls + @project.gl_project.team << [user, :master] @specific_runner = FactoryGirl.create :ci_specific_runner @project.runners << @specific_runner end