Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
178270a0
Commit
178270a0
authored
Dec 16, 2018
by
Matija Čupić
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Check for group admin permissions
parent
f7ac8041
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
51 additions
and
15 deletions
+51
-15
app/controllers/groups/settings/ci_cd_controller.rb
app/controllers/groups/settings/ci_cd_controller.rb
+3
-3
spec/controllers/groups/settings/ci_cd_controller_spec.rb
spec/controllers/groups/settings/ci_cd_controller_spec.rb
+45
-10
spec/features/group_variables_spec.rb
spec/features/group_variables_spec.rb
+1
-1
spec/features/runners_spec.rb
spec/features/runners_spec.rb
+2
-1
No files found.
app/controllers/groups/settings/ci_cd_controller.rb
View file @
178270a0
...
...
@@ -4,7 +4,7 @@ module Groups
module
Settings
class
CiCdController
<
Groups
::
ApplicationController
skip_cross_project_access_check
:show
before_action
:authorize_admin_
pipeline
!
before_action
:authorize_admin_
group
!
def
show
define_ci_variables
...
...
@@ -26,8 +26,8 @@ module Groups
.
map
{
|
variable
|
variable
.
present
(
current_user:
current_user
)
}
end
def
authorize_admin_
pipeline
!
return
render_404
unless
can?
(
current_user
,
:admin_
pipeline
,
group
)
def
authorize_admin_
group
!
return
render_404
unless
can?
(
current_user
,
:admin_
group
,
group
)
end
end
end
...
...
spec/controllers/groups/settings/ci_cd_controller_spec.rb
View file @
178270a0
...
...
@@ -5,11 +5,15 @@ describe Groups::Settings::CiCdController do
let
(
:user
)
{
create
(
:user
)
}
before
do
group
.
add_maintainer
(
user
)
sign_in
(
user
)
end
describe
'GET #show'
do
context
'when user is owner'
do
before
do
group
.
add_owner
(
user
)
end
it
'renders show with 200 status code'
do
get
:show
,
params:
{
group_id:
group
}
...
...
@@ -18,9 +22,27 @@ describe Groups::Settings::CiCdController do
end
end
context
'when user is not owner'
do
before
do
group
.
add_maintainer
(
user
)
end
it
'renders a 404'
do
get
:show
,
params:
{
group_id:
group
}
expect
(
response
).
to
have_gitlab_http_status
(
404
)
end
end
end
describe
'PUT #reset_registration_token'
do
subject
{
put
:reset_registration_token
,
params:
{
group_id:
group
}
}
context
'when user is owner'
do
before
do
group
.
add_owner
(
user
)
end
it
'resets runner registration token'
do
expect
{
subject
}.
to
change
{
group
.
reload
.
runners_token
}
end
...
...
@@ -31,4 +53,17 @@ describe Groups::Settings::CiCdController do
expect
(
response
).
to
redirect_to
(
group_settings_ci_cd_path
)
end
end
context
'when user is not owner'
do
before
do
group
.
add_maintainer
(
user
)
end
it
'renders a 404'
do
subject
expect
(
response
).
to
have_gitlab_http_status
(
404
)
end
end
end
end
spec/features/group_variables_spec.rb
View file @
178270a0
...
...
@@ -7,7 +7,7 @@ describe 'Group variables', :js do
let
(
:page_path
)
{
group_settings_ci_cd_path
(
group
)
}
before
do
group
.
add_
maintai
ner
(
user
)
group
.
add_
ow
ner
(
user
)
gitlab_sign_in
(
user
)
visit
page_path
...
...
spec/features/runners_spec.rb
View file @
178270a0
...
...
@@ -259,8 +259,9 @@ describe 'Runners' do
context
'group runners in group settings'
do
let
(
:group
)
{
create
(
:group
)
}
before
do
group
.
add_
maintai
ner
(
user
)
group
.
add_
ow
ner
(
user
)
end
context
'group with no runners'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment