Disallow legacy trigger without a owner
Feedback: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11910#note_31594492 https://gitlab.com/gitlab-org/gitlab-ce/issues/30634#note_31601001
This commit is contained in:
parent
d44305eba7
commit
9984f07a28
|
@ -23,6 +23,10 @@ module Ci
|
|||
return error('Insufficient permissions to create a new pipeline')
|
||||
end
|
||||
|
||||
unless trigger_request && trigger_request.trigger.owner
|
||||
return error('Legacy trigger without a owner is not allowed')
|
||||
end
|
||||
|
||||
unless branch? || tag?
|
||||
return error('Reference not found')
|
||||
end
|
||||
|
@ -59,9 +63,7 @@ module Ci
|
|||
def triggering_user_allowed_for_ref?(trigger_request, ref)
|
||||
triggering_user = current_user || trigger_request.trigger.owner
|
||||
|
||||
(triggering_user &&
|
||||
Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)) ||
|
||||
!project.protected_for?(ref)
|
||||
Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)
|
||||
end
|
||||
|
||||
def process!
|
||||
|
|
|
@ -409,5 +409,18 @@ describe Ci::CreatePipelineService, services: true do
|
|||
|
||||
it_behaves_like 'when ref is protected'
|
||||
end
|
||||
|
||||
context 'when ref is not protected' do
|
||||
context 'when trigger belongs to no one' do
|
||||
let(:user) {}
|
||||
let(:trigger_request) { create(:ci_trigger_request) }
|
||||
|
||||
it 'does not create a pipeline' do
|
||||
expect(execute_service(trigger_request: trigger_request))
|
||||
.not_to be_persisted
|
||||
expect(Ci::Pipeline.count).to eq(0)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue