Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
699bb48eda
commit
c1d4ac2519
|
@ -471,7 +471,7 @@ export default {
|
||||||
},
|
},
|
||||||
fetchData(toggleTree = true) {
|
fetchData(toggleTree = true) {
|
||||||
this.fetchDiffFilesMeta()
|
this.fetchDiffFilesMeta()
|
||||||
.then(({ real_size }) => {
|
.then(({ real_size = 0 }) => {
|
||||||
this.diffFilesLength = parseInt(real_size, 10);
|
this.diffFilesLength = parseInt(real_size, 10);
|
||||||
if (toggleTree) {
|
if (toggleTree) {
|
||||||
this.setTreeDisplay();
|
this.setTreeDisplay();
|
||||||
|
|
|
@ -168,6 +168,10 @@ class User < ApplicationRecord
|
||||||
through: :group_members,
|
through: :group_members,
|
||||||
source: :group
|
source: :group
|
||||||
alias_attribute :masters_groups, :maintainers_groups
|
alias_attribute :masters_groups, :maintainers_groups
|
||||||
|
has_many :developer_maintainer_owned_groups,
|
||||||
|
-> { where(members: { access_level: [Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER, Gitlab::Access::OWNER] }) },
|
||||||
|
through: :group_members,
|
||||||
|
source: :group
|
||||||
has_many :reporter_developer_maintainer_owned_groups,
|
has_many :reporter_developer_maintainer_owned_groups,
|
||||||
-> { where(members: { access_level: [Gitlab::Access::REPORTER, Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER, Gitlab::Access::OWNER] }) },
|
-> { where(members: { access_level: [Gitlab::Access::REPORTER, Gitlab::Access::DEVELOPER, Gitlab::Access::MAINTAINER, Gitlab::Access::OWNER] }) },
|
||||||
through: :group_members,
|
through: :group_members,
|
||||||
|
|
|
@ -20,8 +20,8 @@ module Ci
|
||||||
end
|
end
|
||||||
|
|
||||||
with_options scope: :user, score: 5
|
with_options scope: :user, score: 5
|
||||||
condition(:any_developer_groups_inheriting_shared_runners) do
|
condition(:any_developer_maintainer_owned_groups_inheriting_shared_runners) do
|
||||||
@user.developer_groups.with_shared_runners_enabled.any?
|
@user.developer_maintainer_owned_groups.with_shared_runners_enabled.any?
|
||||||
end
|
end
|
||||||
|
|
||||||
with_options scope: :user, score: 5
|
with_options scope: :user, score: 5
|
||||||
|
@ -31,7 +31,7 @@ module Ci
|
||||||
|
|
||||||
with_options score: 10
|
with_options score: 10
|
||||||
condition(:any_associated_projects_in_group_runner_inheriting_group_runners) do
|
condition(:any_associated_projects_in_group_runner_inheriting_group_runners) do
|
||||||
# Check if any projects where user is a developer are inheriting group runners
|
# Check if any projects where user is a developer+ are inheriting group runners
|
||||||
@subject.groups&.any? do |group|
|
@subject.groups&.any? do |group|
|
||||||
group.all_projects
|
group.all_projects
|
||||||
.with_group_runners_enabled
|
.with_group_runners_enabled
|
||||||
|
@ -48,13 +48,10 @@ module Ci
|
||||||
|
|
||||||
rule { admin | owned_runner }.policy do
|
rule { admin | owned_runner }.policy do
|
||||||
enable :read_builds
|
enable :read_builds
|
||||||
end
|
|
||||||
|
|
||||||
rule { admin | owned_runner }.policy do
|
|
||||||
enable :read_runner
|
enable :read_runner
|
||||||
end
|
end
|
||||||
|
|
||||||
rule { is_instance_runner & any_developer_groups_inheriting_shared_runners }.policy do
|
rule { is_instance_runner & any_developer_maintainer_owned_groups_inheriting_shared_runners }.policy do
|
||||||
enable :read_runner
|
enable :read_runner
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
= form_for [@project, @protected_tag], html: { class: 'new-protected-tag js-new-protected-tag' } do |f|
|
= form_for [@project, @protected_tag], html: { class: 'new-protected-tag js-new-protected-tag' } do |f|
|
||||||
%input{ type: 'hidden', name: 'update_section', value: 'js-protected-tags-settings' }
|
%input{ type: 'hidden', name: 'update_section', value: 'js-protected-tags-settings' }
|
||||||
= render Pajamas::CardComponent.new do |c|
|
= render Pajamas::CardComponent.new(card_options: { class: 'gl-mb-5' }) do |c|
|
||||||
- c.header do
|
- c.header do
|
||||||
= _('Protect a tag')
|
= _('Protect a tag')
|
||||||
- c.body do
|
- c.body do
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
key_path: redis_hll_counters.incident_management.incident_management_timeline_event_created_monthly
|
||||||
|
description: Count of unique users created timeline events
|
||||||
|
product_section: ops
|
||||||
|
product_stage: monitor
|
||||||
|
product_group: respond
|
||||||
|
product_category: incident_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: "15.5"
|
||||||
|
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97006"
|
||||||
|
time_frame: 28d
|
||||||
|
data_source: redis_hll
|
||||||
|
data_category: optional
|
||||||
|
instrumentation_class: RedisHLLMetric
|
||||||
|
performance_indicator_type: []
|
||||||
|
options:
|
||||||
|
events:
|
||||||
|
- incident_management_timeline_event_created
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
key_path: redis_hll_counters.incident_management.incident_management_timeline_event_edited_monthly
|
||||||
|
description: Count of unique users edited timeline events
|
||||||
|
product_section: ops
|
||||||
|
product_stage: monitor
|
||||||
|
product_group: respond
|
||||||
|
product_category: incident_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: "15.5"
|
||||||
|
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97006"
|
||||||
|
time_frame: 28d
|
||||||
|
data_source: redis_hll
|
||||||
|
data_category: optional
|
||||||
|
instrumentation_class: RedisHLLMetric
|
||||||
|
performance_indicator_type: []
|
||||||
|
options:
|
||||||
|
events:
|
||||||
|
- incident_management_timeline_event_edited
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
key_path: redis_hll_counters.incident_management.incident_management_timeline_event_deleted_monthly
|
||||||
|
description: Count of unique users deleted timeline events
|
||||||
|
product_section: ops
|
||||||
|
product_stage: monitor
|
||||||
|
product_group: respond
|
||||||
|
product_category: incident_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: "15.5"
|
||||||
|
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97006"
|
||||||
|
time_frame: 28d
|
||||||
|
data_source: redis_hll
|
||||||
|
data_category: optional
|
||||||
|
instrumentation_class: RedisHLLMetric
|
||||||
|
performance_indicator_type: []
|
||||||
|
options:
|
||||||
|
events:
|
||||||
|
- incident_management_timeline_event_deleted
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
key_path: redis_hll_counters.incident_management.incident_management_timeline_event_created_weekly
|
||||||
|
description: Count of unique users created timeline events
|
||||||
|
product_section: ops
|
||||||
|
product_stage: monitor
|
||||||
|
product_group: respond
|
||||||
|
product_category: incident_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: "15.5"
|
||||||
|
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97006"
|
||||||
|
time_frame: 7d
|
||||||
|
data_source: redis_hll
|
||||||
|
data_category: optional
|
||||||
|
instrumentation_class: RedisHLLMetric
|
||||||
|
performance_indicator_type: []
|
||||||
|
options:
|
||||||
|
events:
|
||||||
|
- incident_management_timeline_event_created
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
key_path: redis_hll_counters.incident_management.incident_management_timeline_event_edited_weekly
|
||||||
|
description: Count of unique users edited timeline events
|
||||||
|
product_section: ops
|
||||||
|
product_stage: monitor
|
||||||
|
product_group: respond
|
||||||
|
product_category: incident_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: "15.5"
|
||||||
|
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97006"
|
||||||
|
time_frame: 7d
|
||||||
|
data_source: redis_hll
|
||||||
|
data_category: optional
|
||||||
|
instrumentation_class: RedisHLLMetric
|
||||||
|
performance_indicator_type: []
|
||||||
|
options:
|
||||||
|
events:
|
||||||
|
- incident_management_timeline_event_edited
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
key_path: redis_hll_counters.incident_management.incident_management_timeline_event_deleted_weekly
|
||||||
|
description: Count of unique users deleted timeline events
|
||||||
|
product_section: ops
|
||||||
|
product_stage: monitor
|
||||||
|
product_group: respond
|
||||||
|
product_category: incident_management
|
||||||
|
value_type: number
|
||||||
|
status: active
|
||||||
|
milestone: "15.5"
|
||||||
|
introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97006"
|
||||||
|
time_frame: 7d
|
||||||
|
data_source: redis_hll
|
||||||
|
data_category: optional
|
||||||
|
instrumentation_class: RedisHLLMetric
|
||||||
|
performance_indicator_type: []
|
||||||
|
options:
|
||||||
|
events:
|
||||||
|
- incident_management_timeline_event_deleted
|
||||||
|
distribution:
|
||||||
|
- ce
|
||||||
|
- ee
|
||||||
|
tier:
|
||||||
|
- free
|
||||||
|
- premium
|
||||||
|
- ultimate
|
|
@ -32,7 +32,8 @@ module API
|
||||||
success Entities::MetricImage
|
success Entities::MetricImage
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The image file to be uploaded'
|
requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The image file to be uploaded',
|
||||||
|
documentation: { type: 'file' }
|
||||||
optional :url, type: String, desc: 'The url to view more metric info'
|
optional :url, type: String, desc: 'The url to view more metric info'
|
||||||
optional :url_text, type: String, desc: 'A description of the image or URL'
|
optional :url_text, type: String, desc: 'A description of the image or URL'
|
||||||
end
|
end
|
||||||
|
|
|
@ -23,7 +23,6 @@ module Gitlab
|
||||||
compliance
|
compliance
|
||||||
error_tracking
|
error_tracking
|
||||||
ide_edit
|
ide_edit
|
||||||
incident_management
|
|
||||||
pipeline_authoring
|
pipeline_authoring
|
||||||
].freeze
|
].freeze
|
||||||
|
|
||||||
|
@ -35,6 +34,7 @@ module Gitlab
|
||||||
error_tracking
|
error_tracking
|
||||||
ide_edit
|
ide_edit
|
||||||
importer
|
importer
|
||||||
|
incident_management
|
||||||
incident_management_alerts
|
incident_management_alerts
|
||||||
issues_edit
|
issues_edit
|
||||||
kubernetes_agent
|
kubernetes_agent
|
||||||
|
|
|
@ -84,11 +84,6 @@
|
||||||
redis_slot: incident_management
|
redis_slot: incident_management
|
||||||
category: incident_management
|
category: incident_management
|
||||||
aggregation: weekly
|
aggregation: weekly
|
||||||
- name: incident_management_incident_published
|
|
||||||
redis_slot: incident_management
|
|
||||||
category: incident_management
|
|
||||||
aggregation: weekly
|
|
||||||
feature_flag: usage_data_incident_management_incident_published
|
|
||||||
- name: incident_management_incident_relate
|
- name: incident_management_incident_relate
|
||||||
redis_slot: incident_management
|
redis_slot: incident_management
|
||||||
category: incident_management
|
category: incident_management
|
||||||
|
@ -114,29 +109,11 @@
|
||||||
redis_slot: incident_management
|
redis_slot: incident_management
|
||||||
category: incident_management
|
category: incident_management
|
||||||
aggregation: weekly
|
aggregation: weekly
|
||||||
# Incident management linked resources
|
|
||||||
- name: incident_management_issuable_resource_link_created
|
|
||||||
redis_slot: incident_management
|
|
||||||
category: incident_management
|
|
||||||
aggregation: weekly
|
|
||||||
- name: incident_management_issuable_resource_link_deleted
|
|
||||||
redis_slot: incident_management
|
|
||||||
category: incident_management
|
|
||||||
aggregation: weekly
|
|
||||||
- name: incident_management_issuable_resource_link_visited
|
|
||||||
redis_slot: incident_management
|
|
||||||
category: incident_management
|
|
||||||
aggregation: weekly
|
|
||||||
# Incident management alerts
|
# Incident management alerts
|
||||||
- name: incident_management_alert_create_incident
|
- name: incident_management_alert_create_incident
|
||||||
redis_slot: incident_management
|
redis_slot: incident_management
|
||||||
category: incident_management_alerts
|
category: incident_management_alerts
|
||||||
aggregation: weekly
|
aggregation: weekly
|
||||||
# Incident management on-call
|
|
||||||
- name: i_incident_management_oncall_notification_sent
|
|
||||||
redis_slot: incident_management
|
|
||||||
category: incident_management_oncall
|
|
||||||
aggregation: weekly
|
|
||||||
# Testing category
|
# Testing category
|
||||||
- name: i_testing_test_case_parsed
|
- name: i_testing_test_case_parsed
|
||||||
category: testing
|
category: testing
|
||||||
|
|
|
@ -4,6 +4,7 @@ require 'spec_helper'
|
||||||
|
|
||||||
RSpec.describe Gitlab::GitAccessSnippet do
|
RSpec.describe Gitlab::GitAccessSnippet do
|
||||||
include ProjectHelpers
|
include ProjectHelpers
|
||||||
|
include UserHelpers
|
||||||
include TermsHelper
|
include TermsHelper
|
||||||
include AdminModeHelper
|
include AdminModeHelper
|
||||||
include_context 'ProjectPolicyTable context'
|
include_context 'ProjectPolicyTable context'
|
||||||
|
|
|
@ -96,7 +96,6 @@ RSpec.describe Gitlab::UsageDataCounters::HLLRedisCounter, :clean_gitlab_redis_s
|
||||||
'source_code',
|
'source_code',
|
||||||
'incident_management',
|
'incident_management',
|
||||||
'incident_management_alerts',
|
'incident_management_alerts',
|
||||||
'incident_management_oncall',
|
|
||||||
'testing',
|
'testing',
|
||||||
'issues_edit',
|
'issues_edit',
|
||||||
'snippets',
|
'snippets',
|
||||||
|
|
|
@ -49,7 +49,7 @@ RSpec.describe Gitlab::UserAccessSnippet do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#can_push_to_branch?' do
|
describe '#can_push_to_branch?' do
|
||||||
include ProjectHelpers
|
include UserHelpers
|
||||||
|
|
||||||
[:anonymous, :non_member, :guest, :reporter, :maintainer, :admin, :author].each do |membership|
|
[:anonymous, :non_member, :guest, :reporter, :maintainer, :admin, :author].each do |membership|
|
||||||
context membership.to_s do
|
context membership.to_s do
|
||||||
|
|
|
@ -4609,6 +4609,7 @@ RSpec.describe Project, factory_default: :keep do
|
||||||
describe '.filter_by_feature_visibility' do
|
describe '.filter_by_feature_visibility' do
|
||||||
include_context 'ProjectPolicyTable context'
|
include_context 'ProjectPolicyTable context'
|
||||||
include ProjectHelpers
|
include ProjectHelpers
|
||||||
|
include UserHelpers
|
||||||
|
|
||||||
let_it_be(:group) { create(:group) }
|
let_it_be(:group) { create(:group) }
|
||||||
let_it_be_with_reload(:project) { create(:project, namespace: group) }
|
let_it_be_with_reload(:project) { create(:project, namespace: group) }
|
||||||
|
|
|
@ -5,6 +5,7 @@ require 'spec_helper'
|
||||||
RSpec.describe BlobPolicy do
|
RSpec.describe BlobPolicy do
|
||||||
include_context 'ProjectPolicyTable context'
|
include_context 'ProjectPolicyTable context'
|
||||||
include ProjectHelpers
|
include ProjectHelpers
|
||||||
|
include UserHelpers
|
||||||
|
|
||||||
let_it_be_with_reload(:project) { create(:project, :repository) }
|
let_it_be_with_reload(:project) { create(:project, :repository) }
|
||||||
|
|
||||||
|
|
|
@ -6,42 +6,64 @@ RSpec.describe Ci::RunnerPolicy do
|
||||||
describe 'ability :read_runner' do
|
describe 'ability :read_runner' do
|
||||||
let_it_be(:guest) { create(:user) }
|
let_it_be(:guest) { create(:user) }
|
||||||
let_it_be(:developer) { create(:user) }
|
let_it_be(:developer) { create(:user) }
|
||||||
|
let_it_be(:maintainer) { create(:user) }
|
||||||
let_it_be(:owner) { create(:user) }
|
let_it_be(:owner) { create(:user) }
|
||||||
|
|
||||||
let_it_be(:group1) { create(:group, name: 'top-level', path: 'top-level') }
|
let_it_be_with_reload(:group) { create(:group, name: 'top-level', path: 'top-level') }
|
||||||
let_it_be(:subgroup1) { create(:group, name: 'subgroup1', path: 'subgroup1', parent: group1) }
|
let_it_be_with_reload(:subgroup) { create(:group, name: 'subgroup', path: 'subgroup', parent: group) }
|
||||||
let_it_be(:project1) { create(:project, group: subgroup1) }
|
let_it_be_with_reload(:project) { create(:project, group: subgroup) }
|
||||||
|
|
||||||
let_it_be(:instance_runner) { create(:ci_runner, :instance) }
|
let_it_be(:instance_runner) { create(:ci_runner, :instance) }
|
||||||
let_it_be(:group1_runner) { create(:ci_runner, :group, groups: [group1]) }
|
let_it_be(:group_runner) { create(:ci_runner, :group, groups: [group]) }
|
||||||
let_it_be(:project1_runner) { create(:ci_runner, :project, projects: [project1]) }
|
let_it_be(:project_runner) { create(:ci_runner, :project, projects: [project]) }
|
||||||
|
|
||||||
subject(:policy) { described_class.new(user, runner) }
|
subject(:policy) { described_class.new(user, runner) }
|
||||||
|
|
||||||
before do
|
before_all do
|
||||||
group1.add_guest(guest)
|
group.add_guest(guest)
|
||||||
group1.add_developer(developer)
|
group.add_developer(developer)
|
||||||
group1.add_owner(owner)
|
group.add_maintainer(maintainer)
|
||||||
|
group.add_owner(owner)
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_context 'on hierarchy with shared runners disabled' do
|
shared_examples 'a policy allowing reading instance runner depending on runner sharing' do
|
||||||
around do |example|
|
context 'with instance runner' do
|
||||||
group1.update!(shared_runners_enabled: false)
|
let(:runner) { instance_runner }
|
||||||
project1.update!(shared_runners_enabled: false)
|
|
||||||
|
|
||||||
example.run
|
it { expect_allowed :read_runner }
|
||||||
ensure
|
|
||||||
project1.update!(shared_runners_enabled: true)
|
context 'with shared runners disabled on projects' do
|
||||||
group1.update!(shared_runners_enabled: true)
|
before do
|
||||||
|
project.update!(shared_runners_enabled: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it { expect_allowed :read_runner }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with shared runners disabled for groups and projects' do
|
||||||
|
before do
|
||||||
|
group.update!(shared_runners_enabled: false)
|
||||||
|
project.update!(shared_runners_enabled: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it { expect_disallowed :read_runner }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_context 'on hierarchy with group runners disabled' do
|
shared_examples 'a policy allowing reading group runner depending on runner sharing' do
|
||||||
around do |example|
|
context 'with group runner' do
|
||||||
project1.update!(group_runners_enabled: false)
|
let(:runner) { group_runner }
|
||||||
|
|
||||||
example.run
|
it { expect_allowed :read_runner }
|
||||||
ensure
|
|
||||||
project1.update!(group_runners_enabled: true)
|
context 'with sharing of group runners disabled' do
|
||||||
|
before do
|
||||||
|
project.update!(group_runners_enabled: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it { expect_disallowed :read_runner }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -51,27 +73,32 @@ RSpec.describe Ci::RunnerPolicy do
|
||||||
|
|
||||||
it { expect_disallowed :read_runner }
|
it { expect_disallowed :read_runner }
|
||||||
|
|
||||||
context 'with shared runners disabled' do
|
context 'with shared runners disabled for groups and projects' do
|
||||||
include_context 'on hierarchy with shared runners disabled' do
|
before do
|
||||||
it { expect_disallowed :read_runner }
|
group.update!(shared_runners_enabled: false)
|
||||||
|
project.update!(shared_runners_enabled: false)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it { expect_disallowed :read_runner }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with group runner' do
|
context 'with group runner' do
|
||||||
let(:runner) { group1_runner }
|
let(:runner) { group_runner }
|
||||||
|
|
||||||
it { expect_disallowed :read_runner }
|
it { expect_disallowed :read_runner }
|
||||||
|
|
||||||
context 'with group runner disabled' do
|
context 'with sharing of group runners disabled' do
|
||||||
include_context 'on hierarchy with group runners disabled' do
|
before do
|
||||||
it { expect_disallowed :read_runner }
|
project.update!(group_runners_enabled: false)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it { expect_disallowed :read_runner }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with project runner' do
|
context 'with project runner' do
|
||||||
let(:runner) { project1_runner }
|
let(:runner) { project_runner }
|
||||||
|
|
||||||
it { expect_disallowed :read_runner }
|
it { expect_disallowed :read_runner }
|
||||||
end
|
end
|
||||||
|
@ -92,66 +119,52 @@ RSpec.describe Ci::RunnerPolicy do
|
||||||
context 'with developer access' do
|
context 'with developer access' do
|
||||||
let(:user) { developer }
|
let(:user) { developer }
|
||||||
|
|
||||||
context 'with instance runner' do
|
it_behaves_like 'a policy allowing reading instance runner depending on runner sharing'
|
||||||
let(:runner) { instance_runner }
|
|
||||||
|
|
||||||
it { expect_allowed :read_runner }
|
it_behaves_like 'a policy allowing reading group runner depending on runner sharing'
|
||||||
|
|
||||||
context 'with shared runners disabled' do
|
|
||||||
include_context 'on hierarchy with shared runners disabled' do
|
|
||||||
it { expect_disallowed :read_runner }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with group runner' do
|
|
||||||
let(:runner) { group1_runner }
|
|
||||||
|
|
||||||
it { expect_allowed :read_runner }
|
|
||||||
|
|
||||||
context 'with group runner disabled' do
|
|
||||||
include_context 'on hierarchy with group runners disabled' do
|
|
||||||
it { expect_disallowed :read_runner }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with project runner' do
|
context 'with project runner' do
|
||||||
let(:runner) { project1_runner }
|
let(:runner) { project_runner }
|
||||||
|
|
||||||
it { expect_disallowed :read_runner }
|
it { expect_disallowed :read_runner }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with maintainer access' do
|
||||||
|
let(:user) { maintainer }
|
||||||
|
|
||||||
|
it_behaves_like 'a policy allowing reading instance runner depending on runner sharing'
|
||||||
|
|
||||||
|
it_behaves_like 'a policy allowing reading group runner depending on runner sharing'
|
||||||
|
|
||||||
|
context 'with project runner' do
|
||||||
|
let(:runner) { project_runner }
|
||||||
|
|
||||||
|
it { expect_allowed :read_runner }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with owner access' do
|
context 'with owner access' do
|
||||||
let(:user) { owner }
|
let(:user) { owner }
|
||||||
|
|
||||||
context 'with instance runner' do
|
it_behaves_like 'a policy allowing reading instance runner depending on runner sharing'
|
||||||
let(:runner) { instance_runner }
|
|
||||||
|
|
||||||
context 'with shared runners disabled' do
|
|
||||||
include_context 'on hierarchy with shared runners disabled' do
|
|
||||||
it { expect_disallowed :read_runner }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
it { expect_allowed :read_runner }
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with group runner' do
|
context 'with group runner' do
|
||||||
let(:runner) { group1_runner }
|
let(:runner) { group_runner }
|
||||||
|
|
||||||
context 'with group runners disabled' do
|
|
||||||
include_context 'on hierarchy with group runners disabled' do
|
|
||||||
it { expect_allowed :read_runner }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
it { expect_allowed :read_runner }
|
it { expect_allowed :read_runner }
|
||||||
|
|
||||||
|
context 'with sharing of group runners disabled' do
|
||||||
|
before do
|
||||||
|
project.update!(group_runners_enabled: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it { expect_allowed :read_runner }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with project runner' do
|
context 'with project runner' do
|
||||||
let(:runner) { project1_runner }
|
let(:runner) { project_runner }
|
||||||
|
|
||||||
it { expect_allowed :read_runner }
|
it { expect_allowed :read_runner }
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,7 @@ RSpec.describe IssuePolicy do
|
||||||
include_context 'ProjectPolicyTable context'
|
include_context 'ProjectPolicyTable context'
|
||||||
include ExternalAuthorizationServiceHelpers
|
include ExternalAuthorizationServiceHelpers
|
||||||
include ProjectHelpers
|
include ProjectHelpers
|
||||||
|
include UserHelpers
|
||||||
|
|
||||||
let(:guest) { create(:user) }
|
let(:guest) { create(:user) }
|
||||||
let(:author) { create(:user) }
|
let(:author) { create(:user) }
|
||||||
|
|
|
@ -5,28 +5,43 @@ require 'spec_helper'
|
||||||
RSpec.describe WikiPagePolicy do
|
RSpec.describe WikiPagePolicy do
|
||||||
include_context 'ProjectPolicyTable context'
|
include_context 'ProjectPolicyTable context'
|
||||||
include ProjectHelpers
|
include ProjectHelpers
|
||||||
|
include UserHelpers
|
||||||
using RSpec::Parameterized::TableSyntax
|
using RSpec::Parameterized::TableSyntax
|
||||||
|
|
||||||
let(:project) { create(:project, :wiki_repo, project_level) }
|
let(:group) { build(:group, :public) }
|
||||||
let(:user) { create_user_from_membership(project, membership) }
|
let(:project) { build(:project, :wiki_repo, project_level, group: group) }
|
||||||
let(:wiki_page) { create(:wiki_page, wiki: project.wiki) }
|
let(:wiki_page) { build(:wiki_page, container: project) }
|
||||||
|
|
||||||
subject(:policy) { described_class.new(user, wiki_page) }
|
shared_context 'with :read_wiki_page policy' do
|
||||||
|
subject(:policy) { described_class.new(user, wiki_page) }
|
||||||
|
|
||||||
where(:project_level, :feature_access_level, :membership, :admin_mode, :expected_count) do
|
where(:project_level, :feature_access_level, :membership, :admin_mode, :expected_count) do
|
||||||
permission_table_for_guest_feature_access
|
permission_table_for_guest_feature_access
|
||||||
end
|
end
|
||||||
|
|
||||||
with_them do
|
with_them do
|
||||||
it "grants permission" do
|
it 'grants the expected permissions' do
|
||||||
enable_admin_mode!(user) if admin_mode
|
enable_admin_mode!(user) if admin_mode
|
||||||
update_feature_access_level(project, feature_access_level)
|
update_feature_access_level(project, feature_access_level)
|
||||||
|
|
||||||
if expected_count == 1
|
if expected_count == 1
|
||||||
expect(policy).to be_allowed(:read_wiki_page)
|
expect(policy).to be_allowed(:read_wiki_page)
|
||||||
else
|
else
|
||||||
expect(policy).to be_disallowed(:read_wiki_page)
|
expect(policy).to be_disallowed(:read_wiki_page)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when user is a direct project member' do
|
||||||
|
let(:user) { build_user_from_membership(project, membership) }
|
||||||
|
|
||||||
|
include_context 'with :read_wiki_page policy'
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user is an inherited member from the group' do
|
||||||
|
let(:user) { build_user_from_membership(group, membership) }
|
||||||
|
|
||||||
|
include_context 'with :read_wiki_page policy'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,7 +4,7 @@ require 'spec_helper'
|
||||||
|
|
||||||
RSpec.describe MergeRequests::RefreshService do
|
RSpec.describe MergeRequests::RefreshService do
|
||||||
include ProjectForksHelper
|
include ProjectForksHelper
|
||||||
include ProjectHelpers
|
include UserHelpers
|
||||||
|
|
||||||
let(:project) { create(:project, :repository) }
|
let(:project) { create(:project, :repository) }
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
|
|
|
@ -1,22 +1,6 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
module ProjectHelpers
|
module ProjectHelpers
|
||||||
# @params target [Project] membership target
|
|
||||||
# @params membership [Symbol] accepts the membership levels :guest, :reporter...
|
|
||||||
# and phony levels :non_member and :anonymous
|
|
||||||
def create_user_from_membership(target, membership)
|
|
||||||
case membership
|
|
||||||
when :anonymous
|
|
||||||
nil
|
|
||||||
when :non_member
|
|
||||||
create(:user, name: membership)
|
|
||||||
when :admin
|
|
||||||
create(:user, :admin, name: 'admin')
|
|
||||||
else
|
|
||||||
create(:user, name: membership).tap { |u| target.add_member(u, membership) }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def update_feature_access_level(project, access_level, additional_params = {})
|
def update_feature_access_level(project, access_level, additional_params = {})
|
||||||
features = ProjectFeature::FEATURES.dup
|
features = ProjectFeature::FEATURES.dup
|
||||||
features.delete(:pages)
|
features.delete(:pages)
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module UserHelpers
|
||||||
|
def create_user_from_membership(target, membership)
|
||||||
|
generate_user_from_membership(:create, target, membership)
|
||||||
|
end
|
||||||
|
|
||||||
|
def build_user_from_membership(target, membership)
|
||||||
|
generate_user_from_membership(:build, target, membership)
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
# @param method [Symbol] FactoryBot methods :create, :build, :build_stubbed
|
||||||
|
# @param target [Project, Group] membership target
|
||||||
|
# @param membership [Symbol] accepts the membership levels :guest, :reporter...
|
||||||
|
# and pseudo levels :non_member and :anonymous
|
||||||
|
def generate_user_from_membership(method, target, membership)
|
||||||
|
case membership
|
||||||
|
when :anonymous
|
||||||
|
nil
|
||||||
|
when :non_member
|
||||||
|
FactoryBot.send(method, :user, name: membership)
|
||||||
|
when :admin
|
||||||
|
FactoryBot.send(method, :user, :admin, name: 'admin')
|
||||||
|
else
|
||||||
|
# `.tap` can only be used with `create`, and if we want to `build` a user,
|
||||||
|
# it is more performant than creating a `project_member` or `group_member`
|
||||||
|
# with a built user
|
||||||
|
create(:user, name: membership).tap { |u| target.add_member(u, membership) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,7 +1,7 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
RSpec.shared_examples 'model with wiki policies' do
|
RSpec.shared_examples 'model with wiki policies' do
|
||||||
include ProjectHelpers
|
include UserHelpers
|
||||||
include AdminModeHelper
|
include AdminModeHelper
|
||||||
|
|
||||||
let(:container) { raise NotImplementedError }
|
let(:container) { raise NotImplementedError }
|
||||||
|
|
Loading…
Reference in New Issue