Skip to content

G
gitlab-ce
Commit 0bc14b45 authored by Matija Čupić's avatar Matija Čupić
Browse files
Options

Authorize DestroyPipelineService against pipeline

parent 6173d463
Hide whitespace changes
Inline Side-by-side
Showing with 25 additions and 4 deletions
app/policies/ci/pipeline_policy.rb
View file @ 0bc14b45
...@@ -16,6 +16,10 @@ module Ci ...@@ -16,6 +16,10 @@ module Ci
enable :update_pipeline enable :update_pipeline
end end
rule { can?(:owner_access) }.policy do
enable :destroy_pipeline
end
def ref_protected?(user, project, tag, ref) def ref_protected?(user, project, tag, ref)
access = ::Gitlab::UserAccess.new(user, project: project) access = ::Gitlab::UserAccess.new(user, project: project)
......
app/policies/project_policy.rb
View file @ 0bc14b45
...@@ -144,7 +144,6 @@ class ProjectPolicy < BasePolicy ...@@ -144,7 +144,6 @@ class ProjectPolicy < BasePolicy
enable :destroy_merge_request enable :destroy_merge_request
enable :destroy_issue enable :destroy_issue
enable :remove_pages enable :remove_pages
enable :destroy_pipeline
enable :set_issue_iid enable :set_issue_iid
enable :set_issue_created_at enable :set_issue_created_at
......
app/services/ci/destroy_pipeline_service.rb
View file @ 0bc14b45
...@@ -3,11 +3,11 @@ ...@@ -3,11 +3,11 @@
module Ci module Ci
class DestroyPipelineService < BaseService class DestroyPipelineService < BaseService
def execute(pipeline) def execute(pipeline)
return false unless can?(current_user, :destroy_pipeline, project) return false unless can?(current_user, :destroy_pipeline, pipeline)
AuditEventService.new(current_user, pipeline).security_event AuditEventService.new(current_user, pipeline).security_event
pipeline.destroy pipeline.destroy!
end end
end end
end end
lib/api/pipelines.rb
View file @ 0bc14b45
...@@ -89,7 +89,7 @@ module API ...@@ -89,7 +89,7 @@ module API
requires :pipeline_id, type: Integer, desc: 'The pipeline ID' requires :pipeline_id, type: Integer, desc: 'The pipeline ID'
end end
delete ':id/pipelines/:pipeline_id' do delete ':id/pipelines/:pipeline_id' do
authorize! :destroy_pipeline, user_project authorize! :destroy_pipeline, pipeline
destroy_conditionally!(pipeline) do destroy_conditionally!(pipeline) do
::Ci::DestroyPipelineService.new(user_project, current_user).execute(pipeline) ::Ci::DestroyPipelineService.new(user_project, current_user).execute(pipeline)
......
spec/policies/ci/pipeline_policy_spec.rb
View file @ 0bc14b45
...@@ -74,5 +74,23 @@ describe Ci::PipelinePolicy, :models do ...@@ -74,5 +74,23 @@ describe Ci::PipelinePolicy, :models do
expect(policy).to be_allowed :update_pipeline expect(policy).to be_allowed :update_pipeline
end end
end end
describe 'destroy_pipeline' do
let(:project) { create(:project, :public) }
context 'when user has owner access' do
let(:user) { project.owner }
it 'is enabled' do
expect(policy).to be_allowed :destroy_pipeline
end
end
context 'when user is not owner' do
it 'is disabled' do
expect(policy).not_to be_allowed :destroy_pipeline
end
end
end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7