Commit 6baaa8a9 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Add new ability check for stopping environment

parent 52bfc0ef
class EnvironmentPolicy < BasePolicy class EnvironmentPolicy < BasePolicy
alias_method :environment, :subject
def rules def rules
delegate! @subject.project delegate! environment.project
if environment.stop_action?
delegate! environment.stop_action
end
if can?(:create_deployment) && can?(:play_build)
can! :stop_environment
end
end end
end end
...@@ -5,12 +5,11 @@ module Ci ...@@ -5,12 +5,11 @@ module Ci
def execute(branch_name) def execute(branch_name)
@ref = branch_name @ref = branch_name
return unless has_ref? return unless @ref.present?
return unless can?(current_user, :create_deployment, project)
environments.each do |environment| environments.each do |environment|
next unless environment.stop_action? next unless environment.stop_action?
next unless can?(current_user, :play_build, environment.stop_action) next unless can?(current_user, :stop_environment, environment)
environment.stop_with_action!(current_user) environment.stop_with_action!(current_user)
end end
...@@ -18,10 +17,6 @@ module Ci ...@@ -18,10 +17,6 @@ module Ci
private private
def has_ref?
@ref.present?
end
def environments def environments
@environments ||= EnvironmentsFinder @environments ||= EnvironmentsFinder
.new(project, current_user, ref: @ref, recently_updated: true) .new(project, current_user, ref: @ref, recently_updated: true)
......
require 'spec_helper'
describe Ci::EnvironmentPolicy do
let(:user) { create(:user) }
let(:project) { create(:project) }
let(:environment) do
create(:environment, :with_review_app, project: project)
end
let(:policies) do
described_class.abilities(user, environment).to_set
end
describe '#rules' do
context 'when user does not have access to the project' do
let(:project) { create(:project, :private) }
it 'does not include ability to stop environment' do
expect(policies).not_to include :stop_environment
end
end
context 'when anonymous user has access to the project' do
let(:project) { create(:project, :public) }
it 'does not include ability to stop environment' do
expect(policies).not_to include :stop_environment
end
end
context 'when team member has access to the project' do
let(:project) { create(:project, :public) }
before do
project.add_master(user)
end
context 'when team member has ability to stop environment' do
it 'does includes ability to stop environment' do
expect(policies).to include :stop_environment
end
end
context 'when team member has no ability to stop environment' do
before do
create(:protected_branch, :no_one_can_push,
name: 'master', project: project)
end
it 'does not include ability to stop environment' do
expect(policies).not_to include :stop_environment
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment