diff --git a/features/project/builds/permissions.feature b/features/project/builds/permissions.feature deleted file mode 100644 index db15968db06..00000000000 --- a/features/project/builds/permissions.feature +++ /dev/null @@ -1,54 +0,0 @@ -Feature: Project Builds Permissions - Background: - Given I sign in as a user - And project exists in some group namespace - And project has CI enabled - And project has a recent build - - Scenario: I try to visit build details as guest - Given I am member of a project with a guest role - When I visit recent build details page - Then page status code should be 404 - - Scenario: I try to visit project builds page as guest - Given I am member of a project with a guest role - When I visit project builds page - Then page status code should be 404 - - Scenario: I try to visit build details of internal project without access to builds - Given The project is internal - And public access for builds is disabled - When I visit recent build details page - Then page status code should be 404 - - Scenario: I try to visit internal project builds page without access to builds - Given The project is internal - And public access for builds is disabled - When I visit project builds page - Then page status code should be 404 - - @javascript - Scenario: I try to visit build details of internal project with access to builds - Given The project is internal - And public access for builds is enabled - When I visit recent build details page - Then I see details of a build - And I see build trace - - Scenario: I try to visit internal project builds page with access to builds - Given The project is internal - And public access for builds is enabled - When I visit project builds page - Then I see the build - - Scenario: I try to download build artifacts as guest - Given I am member of a project with a guest role - And recent build has artifacts available - When I access artifacts download page - Then page status code should be 404 - - Scenario: I try to download build artifacts as reporter - Given I am member of a project with a reporter role - And recent build has artifacts available - When I access artifacts download page - Then download of build artifacts archive starts diff --git a/features/steps/project/builds/permissions.rb b/features/steps/project/builds/permissions.rb deleted file mode 100644 index 6e9d6504fd5..00000000000 --- a/features/steps/project/builds/permissions.rb +++ /dev/null @@ -1,7 +0,0 @@ -class Spinach::Features::ProjectBuildsPermissions < Spinach::FeatureSteps - include SharedAuthentication - include SharedProject - include SharedBuilds - include SharedPaths - include RepoHelpers -end diff --git a/features/steps/shared/builds.rb b/features/steps/shared/builds.rb index f5950145348..c2197584d8d 100644 --- a/features/steps/shared/builds.rb +++ b/features/steps/shared/builds.rb @@ -30,10 +30,6 @@ module SharedBuilds visit project_job_path(@project, @build) end - step 'I visit project builds page' do - visit project_jobs_path(@project) - end - step 'recent build has artifacts available' do artifacts = Rails.root + 'spec/fixtures/ci_build_artifacts.zip' archive = fixture_file_upload(artifacts, 'application/zip') @@ -54,25 +50,4 @@ module SharedBuilds expect(page.response_headers['Content-Type']).to eq 'application/zip' expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary' end - - step 'I access artifacts download page' do - visit download_project_job_artifacts_path(@project, @build) - end - - step 'I see details of a build' do - expect(page).to have_content "Job ##{@build.id}" - end - - step 'I see build trace' do - expect(page).to have_css '#build-trace' - end - - step 'I see the build' do - page.within('.build') do - expect(page).to have_content "##{@build.id}" - expect(page).to have_content @build.sha[0..7] - expect(page).to have_content @build.ref - expect(page).to have_content @build.name - end - end end diff --git a/features/steps/shared/paths.rb b/features/steps/shared/paths.rb index 3b4c839bcef..d16c127f6e6 100644 --- a/features/steps/shared/paths.rb +++ b/features/steps/shared/paths.rb @@ -435,12 +435,4 @@ module SharedPaths mr = MergeRequest.find_by(title: title) project_merge_request_path(mr.target_project, mr) end - - # ---------------------------------------- - # Errors - # ---------------------------------------- - - step 'page status code should be 404' do - expect(status_code).to eq 404 - end end diff --git a/features/steps/shared/project.rb b/features/steps/shared/project.rb index 09969a6473f..a1945cf5f3d 100644 --- a/features/steps/shared/project.rb +++ b/features/steps/shared/project.rb @@ -13,11 +13,6 @@ module SharedProject @project.add_master(@user) end - step "project exists in some group namespace" do - @group = create(:group, name: 'some group') - @project = create(:project, :repository, namespace: @group, public_builds: false) - end - # Create a specific project called "Shop" step 'I own project "Shop"' do @project = Project.find_by(name: "Shop") @@ -29,18 +24,6 @@ module SharedProject @project ||= Project.first end - # ---------------------------------------- - # Project permissions - # ---------------------------------------- - - step 'I am member of a project with a guest role' do - @project.add_guest(@user) - end - - step 'I am member of a project with a reporter role' do - @project.add_reporter(@user) - end - # ---------------------------------------- # Visibility of archived project # ---------------------------------------- @@ -140,18 +123,6 @@ module SharedProject create(:label, project: project, title: 'enhancement') end - step 'The project is internal' do - @project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL) - end - - step 'public access for builds is enabled' do - @project.update(public_builds: true) - end - - step 'public access for builds is disabled' do - @project.update(public_builds: false) - end - def user_owns_project(user_name:, project_name:, visibility: :private) user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore) project = Project.find_by(name: project_name) diff --git a/spec/features/projects/jobs/permissions_spec.rb b/spec/features/projects/jobs/permissions_spec.rb new file mode 100644 index 00000000000..31abadf9bd6 --- /dev/null +++ b/spec/features/projects/jobs/permissions_spec.rb @@ -0,0 +1,130 @@ +require 'spec_helper' + +describe 'Project Jobs Permissions' do + let(:user) { create(:user) } + let(:group) { create(:group, name: 'some group') } + let(:project) { create(:project, :repository, namespace: group) } + let(:pipeline) { create(:ci_empty_pipeline, project: project, sha: project.commit.sha, ref: 'master') } + let!(:job) { create(:ci_build, :running, :coverage, :trace_artifact, pipeline: pipeline) } + + before do + sign_in(user) + + project.enable_ci + end + + describe 'jobs pages' do + shared_examples 'recent job page details responds with status' do |status| + before do + visit project_job_path(project, job) + end + + it { expect(status_code).to eq(status) } + end + + shared_examples 'project jobs page responds with status' do |status| + before do + visit project_jobs_path(project) + end + + it { expect(status_code).to eq(status) } + end + + context 'when public access for jobs is disabled' do + before do + project.update(public_builds: false) + end + + context 'when user is a guest' do + before do + project.add_guest(user) + end + + it_behaves_like 'recent job page details responds with status', 404 + it_behaves_like 'project jobs page responds with status', 404 + end + + context 'when project is internal' do + before do + project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL) + end + + it_behaves_like 'recent job page details responds with status', 404 + it_behaves_like 'project jobs page responds with status', 404 + end + end + + context 'when public access for jobs is enabled' do + before do + project.update(public_builds: true) + end + + context 'when project is internal' do + before do + project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL) + end + + it_behaves_like 'recent job page details responds with status', 200 do + it 'renders job details', :js do + expect(page).to have_content "Job ##{job.id}" + expect(page).to have_css '#build-trace' + end + end + + it_behaves_like 'project jobs page responds with status', 200 do + it 'renders job' do + page.within('.build') do + expect(page).to have_content("##{job.id}") + .and have_content(job.sha[0..7]) + .and have_content(job.ref) + .and have_content(job.name) + end + end + end + end + end + end + + describe 'artifacts page' do + context 'when recent job has artifacts available' do + before do + artifacts = Rails.root.join('spec/fixtures/ci_build_artifacts.zip') + archive = fixture_file_upload(artifacts, 'application/zip') + + job.update_attributes(legacy_artifacts_file: archive) + end + + context 'when public access for jobs is disabled' do + before do + project.update(public_builds: false) + end + + context 'when user with guest role' do + before do + project.add_guest(user) + end + + it 'responds with 404 status' do + visit download_project_job_artifacts_path(project, job) + + expect(status_code).to eq(404) + end + end + + context 'when user with reporter role' do + before do + project.add_reporter(user) + end + + it 'starts download artifact' do + visit download_project_job_artifacts_path(project, job) + + expect(status_code).to eq(200) + expect(page.response_headers['Content-Type']).to eq 'application/zip' + expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary' + end + end + end + end + end +end