disallow group runners to become project runners

This commit is contained in:
Alexis Reigel 2017-09-25 15:28:49 +02:00 committed by Alexis Reigel
parent 4b1b2f3b10
commit d0842d2075
No known key found for this signature in database
GPG key ID: 55ADA7C7B683B329
2 changed files with 7 additions and 0 deletions

View file

@ -206,6 +206,7 @@ module API
def authenticate_enable_runner!(runner) def authenticate_enable_runner!(runner)
forbidden!("Runner is shared") if runner.is_shared? forbidden!("Runner is shared") if runner.is_shared?
forbidden!("Runner is locked") if runner.locked? forbidden!("Runner is locked") if runner.locked?
forbidden!("Runner is a group runner") if runner.group?
return if current_user.admin? return if current_user.admin?
forbidden!("No access granted") unless user_can_access_runner?(runner) forbidden!("No access granted") unless user_can_access_runner?(runner)

View file

@ -658,6 +658,12 @@ describe API::Runners do
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
it 'does not enable group runner' do
post api("/projects/#{project.id}/runners", user), runner_id: group_runner.id
expect(response).to have_http_status(403)
end
context 'user is admin' do context 'user is admin' do
it 'enables any specific runner' do it 'enables any specific runner' do
expect do expect do