Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
c82a642b
Commit
c82a642b
authored
Jul 17, 2017
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Protect manual actions against protected tag too
parent
5f32bd77
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
23 additions
and
9 deletions
+23
-9
app/policies/ci/build_policy.rb
app/policies/ci/build_policy.rb
+4
-3
spec/policies/ci/build_policy_spec.rb
spec/policies/ci/build_policy_spec.rb
+19
-6
No files found.
app/policies/ci/build_policy.rb
View file @
c82a642b
...
...
@@ -3,9 +3,10 @@ module Ci
condition
(
:protected_action
)
do
next
false
unless
@subject
.
action?
!::
Gitlab
::
UserAccess
.
new
(
@user
,
project:
@subject
.
project
)
.
can_merge_to_branch?
(
@subject
.
ref
)
access
=
::
Gitlab
::
UserAccess
.
new
(
@user
,
project:
@subject
.
project
)
!
access
.
can_merge_to_branch?
(
@subject
.
ref
)
||
!
access
.
can_create_tag?
(
@subject
.
ref
)
end
rule
{
protected_action
}.
prevent
:update_build
...
...
spec/policies/ci/build_policy_spec.rb
View file @
c82a642b
...
...
@@ -103,12 +103,7 @@ describe Ci::BuildPolicy, :models do
project
.
add_developer
(
user
)
end
context
'when branch build is assigned to is protected'
do
before
do
create
(
:protected_branch
,
:no_one_can_push
,
name:
'some-ref'
,
project:
project
)
end
shared_examples
'protected ref'
do
context
'when build is a manual action'
do
let
(
:build
)
do
create
(
:ci_build
,
:manual
,
ref:
'some-ref'
,
pipeline:
pipeline
)
...
...
@@ -130,6 +125,24 @@ describe Ci::BuildPolicy, :models do
end
end
context
'when build is against a protected branch'
do
before
do
create
(
:protected_branch
,
:no_one_can_push
,
name:
'some-ref'
,
project:
project
)
end
it_behaves_like
'protected ref'
end
context
'when build is against a protected tag'
do
before
do
create
(
:protected_tag
,
:no_one_can_create
,
name:
'some-ref'
,
project:
project
)
end
it_behaves_like
'protected ref'
end
context
'when branch build is assigned to is not protected'
do
context
'when build is a manual action'
do
let
(
:build
)
{
create
(
:ci_build
,
:manual
,
pipeline:
pipeline
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment