Add more tests and fix write to project check

2016-11-11 21:44:33 +08:00 · 2016-11-11 21:44:33 +08:00 · 71ae01fefe
parent 38fbcb99db
commit 71ae01fefe
3 changed files with 36 additions and 8 deletions
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@ -20,4 +20,8 @@ class DeployKey < Key
  def destroyed_when_orphaned?
    self.private?
  end
+
+  def can_push_to?(project)
+    can_push? && projects.include?(project)
+  end
 end
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@ -89,7 +89,7 @@ module Gitlab
    end

    def deploy_key_push_access_check(changes)
-      if deploy_key.can_push?
+      if deploy_key.can_push_to?(project)
        check_repository_existence!
        check_change_access!(changes) if user
      else
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@ -353,13 +353,13 @@ describe Gitlab::GitAccess, lib: true do
    end
  end

-  shared_examples 'can not push code' do
+  shared_examples 'pushing code' do |can|
    subject { access.check('git-receive-pack', '_any') }

    context 'when project is authorized' do
      before { authorize }

-      it { expect(subject).not_to be_allowed }
+      it { expect(subject).public_send(can, be_allowed) }
    end

    context 'when unauthorized' do
@ -383,10 +383,20 @@ describe Gitlab::GitAccess, lib: true do
    end
  end

+  describe 'full authentication abilities' do
+    let(:authentication_abilities) { full_authentication_abilities }
+
+    it_behaves_like 'pushing code', :to do
+      def authorize
+        project.team << [user, :developer]
+      end
+    end
+  end
+
  describe 'build authentication abilities' do
    let(:authentication_abilities) { build_authentication_abilities }

-    it_behaves_like 'can not push code' do
+    it_behaves_like 'pushing code', :not_to do
      def authorize
        project.team << [user, :reporter]
      end
@ -394,12 +404,26 @@ describe Gitlab::GitAccess, lib: true do
  end

  describe 'deploy key permissions' do
-    let(:key) { create(:deploy_key) }
+    let(:key) { create(:deploy_key, can_push: can_push) }
    let(:actor) { key }

-    it_behaves_like 'can not push code' do
-      def authorize
-        key.projects << project
+    context 'when deploy_key can push' do
+      let(:can_push) { true }
+
+      it_behaves_like 'pushing code', :to do
+        def authorize
+          key.projects << project
+        end
+      end
+    end
+
+    context 'when deploy_key cannot push' do
+      let(:can_push) { false }
+
+      it_behaves_like 'pushing code', :not_to do
+        def authorize
+          key.projects << project
+        end
      end
    end
  end