Disallow legacy trigger without a owner

Feedback: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11910#note_31594492 https://gitlab.com/gitlab-org/gitlab-ce/issues/30634#note_31601001
2017-06-06 18:00:34 +08:00 · 2017-06-06 18:00:34 +08:00 · 9984f07a28
parent d44305eba7
commit 9984f07a28
2 changed files with 18 additions and 3 deletions
--- a/app/services/ci/create_pipeline_service.rb
+++ b/app/services/ci/create_pipeline_service.rb
@ -23,6 +23,10 @@ module Ci
        return error('Insufficient permissions to create a new pipeline')
      end

+      unless trigger_request && trigger_request.trigger.owner
+        return error('Legacy trigger without a owner is not allowed')
+      end
+
      unless branch? || tag?
        return error('Reference not found')
      end
@ -59,9 +63,7 @@ module Ci
    def triggering_user_allowed_for_ref?(trigger_request, ref)
      triggering_user = current_user || trigger_request.trigger.owner

-      (triggering_user &&
-        Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)) ||
-        !project.protected_for?(ref)
+      Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)
    end

    def process!
--- a/spec/services/ci/create_pipeline_service_spec.rb
+++ b/spec/services/ci/create_pipeline_service_spec.rb
@ -409,5 +409,18 @@ describe Ci::CreatePipelineService, services: true do

      it_behaves_like 'when ref is protected'
    end
+
+    context 'when ref is not protected' do
+      context 'when trigger belongs to no one' do
+        let(:user) {}
+        let(:trigger_request) { create(:ci_trigger_request) }
+
+        it 'does not create a pipeline' do
+          expect(execute_service(trigger_request: trigger_request))
+            .not_to be_persisted
+          expect(Ci::Pipeline.count).to eq(0)
+        end
+      end
+    end
  end
 end