kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Cleanup tests and add admin_container_image to 

full_authentication_abilities. This is fine because
we're going to check with can?(..) anyway
This commit is contained in:
Lin Jen-Shin 2017-08-02 17:27:21 +08:00
parent 1cdc76f455
commit b3e058996c
3 changed files with 33 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/gitlab/auth.rb
View File

@ -218,7 +218,8 @@ module Gitlab
def full_authentication_abilities
read_authentication_abilities + [
:push_code,
:create_container_image
:create_container_image,
:admin_container_image
]
end
alias_method :api_scope_authentication_abilities, :full_authentication_abilities

3
spec/lib/gitlab/auth_spec.rb
View File

@ -313,7 +313,8 @@ describe Gitlab::Auth do
def full_authentication_abilities
read_authentication_abilities + [
:push_code,
:create_container_image
:create_container_image,
:admin_container_image
]
end
end

54
spec/services/auth/container_registry_authentication_service_spec.rb
View File

@ -8,7 +8,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:payload) { JWT.decode(subject[:token], rsa_key).first }
let(:authentication_abilities) do
[:read_container_image, :create_container_image]
[:read_container_image, :create_container_image, :admin_container_image]
end
subject do
@ -60,7 +60,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
shared_examples 'a deletable' do
it_behaves_like 'a accessible' do
it_behaves_like 'an accessible' do
let(:actions) { ['*'] }
end
end
@ -126,7 +126,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'allow developer to push images' do
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
let(:current_params) do
@ -138,18 +138,21 @@ describe Auth::ContainerRegistryAuthenticationService do
end
context 'disallow developer to delete images' do
before { project.team << [current_user, :developer] }
before do
project.add_developer(current_user)
end
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'allow reporter to pull images' do
before do
project.team << [current_user, :reporter]
project.add_reporter(current_user)
end
context 'when pulling from root level repository' do
@ -172,11 +175,12 @@ describe Auth::ContainerRegistryAuthenticationService do
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'return a least of privileges' do
before do
project.team << [current_user, :reporter]
project.add_reporter(current_user)
end
let(:current_params) do
@ -189,7 +193,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'disallow guest to pull or push images' do
before do
project.team << [current_user, :guest]
project.add_guest(current_user)
end
let(:current_params) do
@ -201,13 +205,16 @@ describe Auth::ContainerRegistryAuthenticationService do
end
context 'disallow guest to delete images' do
before { project.team << [current_user, :guest] }
before do
project.add_guest(current_user)
end
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
end
@ -238,6 +245,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'when repository name is invalid' do
@ -248,14 +256,6 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'disallow anyone to delete images' do
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
end
end
context 'for internal project' do
@ -286,6 +286,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
end
@ -313,13 +314,16 @@ describe Auth::ContainerRegistryAuthenticationService do
end
end
context 'delete authorized as admin' do
context 'delete authorized as master' do
let(:current_project) { create(:empty_project) }
let(:current_user) { create(:admin) }
let(:current_user) { create(:user) }
let(:authentication_abilities) do
[
:admin_container_image
]
[:admin_container_image]
end
before do
current_project.add_master(current_user)
end
it_behaves_like 'a valid token'
@ -344,7 +348,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
before do
current_project.team << [current_user, :developer]
current_project.add_developer(current_user)
end
it_behaves_like 'a valid token'
@ -394,7 +398,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'when you are member' do
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
it_behaves_like 'a pullable'
@ -424,7 +428,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'when you are member' do
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
it_behaves_like 'a pullable'
@ -451,7 +455,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:project) { create(:empty_project, :public) }
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
it_behaves_like 'an inaccessible'