Commit b09465f3 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Implement new rule for manual actions in policies

parent 7bcca228
...@@ -8,6 +8,20 @@ module Ci ...@@ -8,6 +8,20 @@ module Ci
%w[read create update admin].each do |rule| %w[read create update admin].each do |rule|
cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build" cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
end end
can! :play_build if can_play_action?
end
private
alias_method :build, :subject
def can_play_action?
return false unless build.playable?
::Gitlab::UserAccess
.new(user, project: build.project)
.can_push_to_branch?(build.ref)
end end
end end
end end
...@@ -89,5 +89,58 @@ describe Ci::BuildPolicy, :models do ...@@ -89,5 +89,58 @@ describe Ci::BuildPolicy, :models do
end end
end end
end end
describe 'rules for manual actions' do
let(:project) { create(:project) }
before do
project.add_developer(user)
end
context 'when branch build is assigned to is protected' do
before do
create(:protected_branch, :no_one_can_push,
name: 'some-ref', project: project)
end
context 'when build is a manual action' do
let(:build) do
create(:ci_build, :manual, ref: 'some-ref', pipeline: pipeline)
end
it 'does not include ability to play build' do
expect(policies).not_to include :play_build
end
end
context 'when build is not a manual action' do
let(:build) do
create(:ci_build, ref: 'some-ref', pipeline: pipeline)
end
it 'does not include ability to play build' do
expect(policies).not_to include :play_build
end
end
end
context 'when branch build is assigned to is not protected' do
context 'when build is a manual action' do
let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
it 'includes ability to play build' do
expect(policies).to include :play_build
end
end
context 'when build is not a manual action' do
let(:build) { create(:ci_build, pipeline: pipeline) }
it 'does not include ability to play build' do
expect(policies).not_to include :play_build
end
end
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment