Forbid creating pipeline if it's protected and
cannot create the tag if it's a tag, and cannot merge the branch if it's a branch.
This commit is contained in:
parent
07e7ce31e3
commit
9ecb85a4f3
2 changed files with 56 additions and 1 deletions
|
@ -27,6 +27,12 @@ module Ci
|
||||||
return error('Reference not found')
|
return error('Reference not found')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if tag?
|
||||||
|
return error("#{ref} is protected") unless access.can_create_tag?(ref)
|
||||||
|
else
|
||||||
|
return error("#{ref} is protected") unless access.can_merge_to_branch?(ref)
|
||||||
|
end
|
||||||
|
|
||||||
unless commit
|
unless commit
|
||||||
return error('Commit not found')
|
return error('Commit not found')
|
||||||
end
|
end
|
||||||
|
@ -94,6 +100,10 @@ module Ci
|
||||||
@commit ||= project.commit(origin_sha || origin_ref)
|
@commit ||= project.commit(origin_sha || origin_ref)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def access
|
||||||
|
@access ||= Gitlab::UserAccess.new(current_user, project: project)
|
||||||
|
end
|
||||||
|
|
||||||
def sha
|
def sha
|
||||||
commit.try(:id)
|
commit.try(:id)
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,13 +3,14 @@ require 'spec_helper'
|
||||||
describe Ci::CreatePipelineService, services: true do
|
describe Ci::CreatePipelineService, services: true do
|
||||||
let(:project) { create(:project, :repository) }
|
let(:project) { create(:project, :repository) }
|
||||||
let(:user) { create(:admin) }
|
let(:user) { create(:admin) }
|
||||||
|
let(:ref_name) { 'refs/heads/master' }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
stub_ci_pipeline_to_return_yaml_file
|
stub_ci_pipeline_to_return_yaml_file
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#execute' do
|
describe '#execute' do
|
||||||
def execute_service(source: :push, after: project.commit.id, message: 'Message', ref: 'refs/heads/master')
|
def execute_service(source: :push, after: project.commit.id, message: 'Message', ref: ref_name)
|
||||||
params = { ref: ref,
|
params = { ref: ref,
|
||||||
before: '00000000',
|
before: '00000000',
|
||||||
after: after,
|
after: after,
|
||||||
|
@ -311,5 +312,49 @@ describe Ci::CreatePipelineService, services: true do
|
||||||
end.not_to change { Environment.count }
|
end.not_to change { Environment.count }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
shared_examples 'when ref is protected' do
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
|
context 'when user is developer' do
|
||||||
|
before do
|
||||||
|
project.add_developer(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not create a pipeline' do
|
||||||
|
expect(execute_service).not_to be_persisted
|
||||||
|
expect(Ci::Pipeline.count).to eq(0)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user is master' do
|
||||||
|
before do
|
||||||
|
project.add_master(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'creates a pipeline' do
|
||||||
|
expect(execute_service).to be_persisted
|
||||||
|
expect(Ci::Pipeline.count).to eq(1)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when ref is a protected branch' do
|
||||||
|
before do
|
||||||
|
create(:protected_branch, project: project, name: 'master')
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'when ref is protected'
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when ref is a protected tag' do
|
||||||
|
let(:ref_name) { 'refs/tags/v1.0.0' }
|
||||||
|
|
||||||
|
before do
|
||||||
|
create(:protected_tag, project: project, name: '*')
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'when ref is protected'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue