Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
ff3776c8
Commit
ff3776c8
authored
Jul 20, 2016
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Should check against `authorize_read_builds!`
parent
88aacaa7
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
16 additions
and
0 deletions
+16
-0
lib/api/builds.rb
lib/api/builds.rb
+2
-0
spec/requests/api/builds_spec.rb
spec/requests/api/builds_spec.rb
+14
-0
No files found.
lib/api/builds.rb
View file @
ff3776c8
...
@@ -83,6 +83,8 @@ module API
...
@@ -83,6 +83,8 @@ module API
# GET /projects/:id/artifacts/:ref_name/download?job=name
# GET /projects/:id/artifacts/:ref_name/download?job=name
get
':id/builds/artifacts/:ref_name/download'
,
get
':id/builds/artifacts/:ref_name/download'
,
requirements:
{
ref_name:
/.+/
}
do
requirements:
{
ref_name:
/.+/
}
do
authorize_read_builds!
builds
=
user_project
.
latest_successful_builds_for
(
params
[
:ref_name
])
builds
=
user_project
.
latest_successful_builds_for
(
params
[
:ref_name
])
latest_build
=
builds
.
find_by!
(
name:
params
[
:job
])
latest_build
=
builds
.
find_by!
(
name:
params
[
:job
])
...
...
spec/requests/api/builds_spec.rb
View file @
ff3776c8
...
@@ -6,9 +6,11 @@ describe API::API, api: true do
...
@@ -6,9 +6,11 @@ describe API::API, api: true do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:api_user
)
{
user
}
let
(
:api_user
)
{
user
}
let
(
:user2
)
{
create
(
:user
)
}
let
(
:user2
)
{
create
(
:user
)
}
let
(
:guest_user
)
{
create
(
:user
)
}
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
)
}
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
)
}
let!
(
:developer
)
{
create
(
:project_member
,
:developer
,
user:
user
,
project:
project
)
}
let!
(
:developer
)
{
create
(
:project_member
,
:developer
,
user:
user
,
project:
project
)
}
let!
(
:reporter
)
{
create
(
:project_member
,
:reporter
,
user:
user2
,
project:
project
)
}
let!
(
:reporter
)
{
create
(
:project_member
,
:reporter
,
user:
user2
,
project:
project
)
}
let!
(
:guest
)
{
create
(
:project_member
,
:guest
,
user:
guest_user
,
project:
project
)
}
let!
(
:pipeline
)
{
create
(
:ci_pipeline
,
project:
project
,
sha:
project
.
commit
.
id
,
ref:
project
.
default_branch
)
}
let!
(
:pipeline
)
{
create
(
:ci_pipeline
,
project:
project
,
sha:
project
.
commit
.
id
,
ref:
project
.
default_branch
)
}
let!
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
let!
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
...
@@ -192,6 +194,18 @@ describe API::API, api: true do
...
@@ -192,6 +194,18 @@ describe API::API, api: true do
end
end
end
end
context
'when forbidden'
do
let
(
:api_user
)
{
guest_user
}
before
do
get
path_for_ref
end
it
'gives 403'
do
expect
(
response
).
to
have_http_status
(
403
)
end
end
context
'non-existing build'
do
context
'non-existing build'
do
shared_examples
'not found'
do
shared_examples
'not found'
do
it
{
expect
(
response
).
to
have_http_status
(
:not_found
)
}
it
{
expect
(
response
).
to
have_http_status
(
:not_found
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment