Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
eed5c58d
Commit
eed5c58d
authored
Sep 15, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Verify permission of build in context of dependent project
parent
e3a422c2
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
38 additions
and
8 deletions
+38
-8
spec/requests/lfs_http_spec.rb
spec/requests/lfs_http_spec.rb
+3
-3
spec/services/auth/container_registry_authentication_service_spec.rb
...es/auth/container_registry_authentication_service_spec.rb
+35
-5
No files found.
spec/requests/lfs_http_spec.rb
View file @
eed5c58d
...
@@ -14,6 +14,8 @@ describe 'Git LFS API and storage' do
...
@@ -14,6 +14,8 @@ describe 'Git LFS API and storage' do
end
end
let
(
:authorization
)
{
}
let
(
:authorization
)
{
}
let
(
:sendfile
)
{
}
let
(
:sendfile
)
{
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
)
}
let
(
:build
)
{
create
(
:ci_build
,
:running
,
pipeline:
pipeline
)
}
let
(
:sample_oid
)
{
lfs_object
.
oid
}
let
(
:sample_oid
)
{
lfs_object
.
oid
}
let
(
:sample_size
)
{
lfs_object
.
size
}
let
(
:sample_size
)
{
lfs_object
.
size
}
...
@@ -244,7 +246,7 @@ describe 'Git LFS API and storage' do
...
@@ -244,7 +246,7 @@ describe 'Git LFS API and storage' do
end
end
end
end
context
'when
CI
is authorized'
do
context
'when
build
is authorized'
do
let
(
:authorization
)
{
authorize_ci_project
}
let
(
:authorization
)
{
authorize_ci_project
}
let
(
:update_permissions
)
do
let
(
:update_permissions
)
do
...
@@ -897,8 +899,6 @@ describe 'Git LFS API and storage' do
...
@@ -897,8 +899,6 @@ describe 'Git LFS API and storage' do
end
end
def
authorize_ci_project
def
authorize_ci_project
pipeline
=
create
(
:ci_empty_pipeline
,
project:
project
)
build
=
create
(
:ci_build
,
:running
,
pipeline:
pipeline
)
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
'gitlab-ci-token'
,
build
.
token
)
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
'gitlab-ci-token'
,
build
.
token
)
end
end
...
...
spec/services/auth/container_registry_authentication_service_spec.rb
View file @
eed5c58d
...
@@ -195,8 +195,9 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
...
@@ -195,8 +195,9 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
end
end
end
context
'
project authorization
'
do
context
'
build authorized as user
'
do
let
(
:current_project
)
{
create
(
:empty_project
)
}
let
(
:current_project
)
{
create
(
:empty_project
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:capabilities
)
do
let
(
:capabilities
)
do
[
[
:build_read_container_image
,
:build_read_container_image
,
...
@@ -204,10 +205,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
...
@@ -204,10 +205,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
]
]
end
end
context
'allow to use scope-less authentication'
do
before
do
it_behaves_like
'a valid token'
current_project
.
team
<<
[
current_user
,
:developer
]
end
end
it_behaves_like
'a valid token'
context
'allow to pull and push images'
do
context
'allow to pull and push images'
do
let
(
:current_params
)
do
let
(
:current_params
)
do
{
scope:
"repository:
#{
current_project
.
path_with_namespace
}
:pull,push"
}
{
scope:
"repository:
#{
current_project
.
path_with_namespace
}
:pull,push"
}
...
@@ -226,13 +229,35 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
...
@@ -226,13 +229,35 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context
'allow for public'
do
context
'allow for public'
do
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
it_behaves_like
'a pullable'
it_behaves_like
'a pullable'
end
end
context
'disallow for private
'
do
shared_examples
'pullable for being team member
'
do
let
(
:project
)
{
create
(
:empty_project
,
:private
)
}
context
'when you are not member'
do
it_behaves_like
'an inaccessible'
it_behaves_like
'an inaccessible'
end
end
context
'when you are member'
do
before
do
project
.
team
<<
[
current_user
,
:developer
]
end
it_behaves_like
'a pullable'
end
end
context
'for private'
do
let
(
:project
)
{
create
(
:empty_project
,
:private
)
}
it_behaves_like
'pullable for being team member'
context
'when you are admin'
do
let
(
:current_user
)
{
create
(
:admin
)
}
it_behaves_like
'pullable for being team member'
end
end
end
end
context
'when pushing'
do
context
'when pushing'
do
...
@@ -242,6 +267,11 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
...
@@ -242,6 +267,11 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context
'disallow for all'
do
context
'disallow for all'
do
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
before
do
project
.
team
<<
[
current_user
,
:developer
]
end
it_behaves_like
'an inaccessible'
it_behaves_like
'an inaccessible'
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment