disallow group runners to become project runners

d0842d20 · Alexis Reigel · Alexis Reigel · 4b1b2f3b · d0842d20 · d0842d20
Commit d0842d20 authored Sep 25, 2017 by Alexis Reigel Committed by Alexis Reigel Apr 23, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

lib/api/runners.rb lib/api/runners.rb +1 -0

spec/requests/api/runners_spec.rb spec/requests/api/runners_spec.rb +6 -0

No files found.
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -206,6 +206,7 @@ module API
      def authenticate_enable_runner!(runner)
        forbidden!("Runner is shared") if runner.is_shared?
        forbidden!("Runner is locked") if runner.locked?
+        forbidden!("Runner is a group runner") if runner.group?
        return if current_user.admin?
        forbidden!("No access granted") unless user_can_access_runner?(runner)

--- a/spec/requests/api/runners_spec.rb
+++ b/spec/requests/api/runners_spec.rb
@@ -658,6 +658,12 @@ describe API::Runners do
        expect(response).to have_gitlab_http_status(403)
      end
+      it 'does not enable group runner' do
+        post api("/projects/#{project.id}/runners", user), runner_id: group_runner.id
+        expect(response).to have_http_status(403)
+      end
      context 'user is admin' do
        it 'enables any specific runner' do
          expect do