Merge branch 'change-access-update' into 'master'

Change the order of the access rules to check simpler first, and add specs

See merge request !5799
This commit is contained in:
Yorick Peterse 2016-08-15 10:16:03 +00:00
commit a632ed6973
2 changed files with 100 additions and 1 deletions

View file

@ -11,7 +11,7 @@ module Gitlab
end
def exec
error = protected_branch_checks || tag_checks || push_checks
error = push_checks || tag_checks || protected_branch_checks
if error
GitAccessStatus.new(false, error)

View file

@ -0,0 +1,99 @@
require 'spec_helper'
describe Gitlab::Checks::ChangeAccess, lib: true do
describe '#exec' do
let(:user) { create(:user) }
let(:project) { create(:project) }
let(:user_access) { Gitlab::UserAccess.new(user, project: project) }
let(:changes) do
{
oldrev: 'be93687618e4b132087f430a4d8fc3a609c9b77c',
newrev: '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51',
ref: 'refs/heads/master'
}
end
subject { described_class.new(changes, project: project, user_access: user_access).exec }
before { allow(user_access).to receive(:can_do_action?).with(:push_code).and_return(true) }
context 'without failed checks' do
it "doesn't return any error" do
expect(subject.status).to be(true)
end
end
context 'when the user is not allowed to push code' do
it 'returns an error' do
expect(user_access).to receive(:can_do_action?).with(:push_code).and_return(false)
expect(subject.status).to be(false)
expect(subject.message).to eq('You are not allowed to push code to this project.')
end
end
context 'tags check' do
let(:changes) do
{
oldrev: 'be93687618e4b132087f430a4d8fc3a609c9b77c',
newrev: '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51',
ref: 'refs/tags/v1.0.0'
}
end
it 'returns an error if the user is not allowed to update tags' do
expect(user_access).to receive(:can_do_action?).with(:admin_project).and_return(false)
expect(subject.status).to be(false)
expect(subject.message).to eq('You are not allowed to change existing tags on this project.')
end
end
context 'protected branches check' do
before do
allow(project).to receive(:protected_branch?).with('master').and_return(true)
end
it 'returns an error if the user is not allowed to do forced pushes to protected branches' do
expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true)
expect(user_access).to receive(:can_do_action?).with(:force_push_code_to_protected_branches).and_return(false)
expect(subject.status).to be(false)
expect(subject.message).to eq('You are not allowed to force push code to a protected branch on this project.')
end
it 'returns an error if the user is not allowed to merge to protected branches' do
expect_any_instance_of(Gitlab::Checks::MatchingMergeRequest).to receive(:match?).and_return(true)
expect(user_access).to receive(:can_merge_to_branch?).and_return(false)
expect(user_access).to receive(:can_push_to_branch?).and_return(false)
expect(subject.status).to be(false)
expect(subject.message).to eq('You are not allowed to merge code into protected branches on this project.')
end
it 'returns an error if the user is not allowed to push to protected branches' do
expect(user_access).to receive(:can_push_to_branch?).and_return(false)
expect(subject.status).to be(false)
expect(subject.message).to eq('You are not allowed to push code to protected branches on this project.')
end
context 'branch deletion' do
let(:changes) do
{
oldrev: 'be93687618e4b132087f430a4d8fc3a609c9b77c',
newrev: '0000000000000000000000000000000000000000',
ref: 'refs/heads/master'
}
end
it 'returns an error if the user is not allowed to delete protected branches' do
expect(user_access).to receive(:can_do_action?).with(:remove_protected_branches).and_return(false)
expect(subject.status).to be(false)
expect(subject.message).to eq('You are not allowed to delete protected branches from this project.')
end
end
end
end
end