fix authorization of builds and added relevant spec
This commit is contained in:
parent
f93607a305
commit
633ddc9ed9
|
@ -2,7 +2,7 @@ class Projects::CycleAnalytics::EventsController < Projects::ApplicationControll
|
|||
include CycleAnalyticsParams
|
||||
|
||||
before_action :authorize_read_cycle_analytics!
|
||||
before_action :authorize_read_builds!, only: [:test, :staging]
|
||||
before_action :authorize_builds!, only: [:test, :staging]
|
||||
|
||||
def issue
|
||||
render_events(events.issue_events)
|
||||
|
@ -56,4 +56,8 @@ class Projects::CycleAnalytics::EventsController < Projects::ApplicationControll
|
|||
|
||||
params[:events].slice(:start_date, :branch_name)
|
||||
end
|
||||
|
||||
def authorize_builds!
|
||||
return access_denied! unless current_user.can?(:read_build, project)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -39,7 +39,7 @@ describe 'cycle analytics events' do
|
|||
|
||||
newest_sha = commits.sort_by { |k| k['date'] }.first[:sha][0...8]
|
||||
|
||||
expect(json_response['events'].first['sha']).to eq(newest_sha)
|
||||
expect(json_response['events'].first['short_sha']).to eq(newest_sha)
|
||||
end
|
||||
|
||||
it 'lists the code events' do
|
||||
|
@ -99,6 +99,30 @@ describe 'cycle analytics events' do
|
|||
expect(json_response['events'].first['date']).not_to be_empty
|
||||
end
|
||||
end
|
||||
|
||||
context 'with private project and builds' do
|
||||
before do
|
||||
ProjectMember.first.update(access_level: Gitlab::Access::GUEST)
|
||||
end
|
||||
|
||||
it 'does not list the test events' do
|
||||
get namespace_project_cycle_analytics_test_path(project.namespace, project, format: :json)
|
||||
|
||||
expect(response).to have_http_status(:not_found)
|
||||
end
|
||||
|
||||
it 'does not list the staging events' do
|
||||
get namespace_project_cycle_analytics_staging_path(project.namespace, project, format: :json)
|
||||
|
||||
expect(response).to have_http_status(:not_found)
|
||||
end
|
||||
|
||||
it 'lists the issue events' do
|
||||
get namespace_project_cycle_analytics_issue_path(project.namespace, project, format: :json)
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def json_response
|
||||
|
|
Loading…
Reference in New Issue