Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
6bd8e4cb
Commit
6bd8e4cb
authored
Jan 25, 2019
by
Francisco Javier López
Committed by
Yorick Peterse
Jan 25, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[master] Check access rights when creating/updating ProtectedRefs
parent
e8ec4b96
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
8 additions
and
23 deletions
+8
-23
app/services/protected_branches/api_service.rb
app/services/protected_branches/api_service.rb
+0
-8
spec/lib/gitlab/git_access_spec.rb
spec/lib/gitlab/git_access_spec.rb
+8
-15
No files found.
app/services/protected_branches/api_service.rb
View file @
6bd8e4cb
...
@@ -6,8 +6,6 @@ module ProtectedBranches
...
@@ -6,8 +6,6 @@ module ProtectedBranches
@push_params
=
AccessLevelParams
.
new
(
:push
,
params
)
@push_params
=
AccessLevelParams
.
new
(
:push
,
params
)
@merge_params
=
AccessLevelParams
.
new
(
:merge
,
params
)
@merge_params
=
AccessLevelParams
.
new
(
:merge
,
params
)
verify_params!
protected_branch_params
=
{
protected_branch_params
=
{
name:
params
[
:name
],
name:
params
[
:name
],
push_access_levels_attributes:
@push_params
.
access_levels
,
push_access_levels_attributes:
@push_params
.
access_levels
,
...
@@ -16,11 +14,5 @@ module ProtectedBranches
...
@@ -16,11 +14,5 @@ module ProtectedBranches
::
ProtectedBranches
::
CreateService
.
new
(
@project
,
@current_user
,
protected_branch_params
).
execute
::
ProtectedBranches
::
CreateService
.
new
(
@project
,
@current_user
,
protected_branch_params
).
execute
end
end
private
def
verify_params!
# EE-only
end
end
end
end
end
spec/lib/gitlab/git_access_spec.rb
View file @
6bd8e4cb
...
@@ -776,10 +776,13 @@ describe Gitlab::GitAccess do
...
@@ -776,10 +776,13 @@ describe Gitlab::GitAccess do
it
"has the correct permissions for
#{
role
}
s"
do
it
"has the correct permissions for
#{
role
}
s"
do
if
role
==
:admin
if
role
==
:admin
user
.
update_attribute
(
:admin
,
true
)
user
.
update_attribute
(
:admin
,
true
)
project
.
add_guest
(
user
)
else
else
project
.
add_role
(
user
,
role
)
project
.
add_role
(
user
,
role
)
end
end
protected_branch
.
save
aggregate_failures
do
aggregate_failures
do
matrix
.
each
do
|
action
,
allowed
|
matrix
.
each
do
|
action
,
allowed
|
check
=
->
{
push_changes
(
changes
[
action
])
}
check
=
->
{
push_changes
(
changes
[
action
])
}
...
@@ -861,25 +864,19 @@ describe Gitlab::GitAccess do
...
@@ -861,25 +864,19 @@ describe Gitlab::GitAccess do
[
%w(feature exact)
,
[
'feat*'
,
'wildcard'
]].
each
do
|
protected_branch_name
,
protected_branch_type
|
[
%w(feature exact)
,
[
'feat*'
,
'wildcard'
]].
each
do
|
protected_branch_name
,
protected_branch_type
|
context
do
context
do
before
do
let
(
:protected_branch
)
{
create
(
:protected_branch
,
:maintainers_can_push
,
name:
protected_branch_name
,
project:
project
)
}
create
(
:protected_branch
,
name:
protected_branch_name
,
project:
project
)
end
run_permission_checks
(
permissions_matrix
)
run_permission_checks
(
permissions_matrix
)
end
end
context
"when developers are allowed to push into the
#{
protected_branch_type
}
protected branch"
do
context
"when developers are allowed to push into the
#{
protected_branch_type
}
protected branch"
do
before
do
let
(
:protected_branch
)
{
create
(
:protected_branch
,
:developers_can_push
,
name:
protected_branch_name
,
project:
project
)
}
create
(
:protected_branch
,
:developers_can_push
,
name:
protected_branch_name
,
project:
project
)
end
run_permission_checks
(
permissions_matrix
.
deep_merge
(
developer:
{
push_protected_branch:
true
,
push_all:
true
,
merge_into_protected_branch:
true
}))
run_permission_checks
(
permissions_matrix
.
deep_merge
(
developer:
{
push_protected_branch:
true
,
push_all:
true
,
merge_into_protected_branch:
true
}))
end
end
context
"developers are allowed to merge into the
#{
protected_branch_type
}
protected branch"
do
context
"developers are allowed to merge into the
#{
protected_branch_type
}
protected branch"
do
before
do
let
(
:protected_branch
)
{
create
(
:protected_branch
,
:developers_can_merge
,
name:
protected_branch_name
,
project:
project
)
}
create
(
:protected_branch
,
:developers_can_merge
,
name:
protected_branch_name
,
project:
project
)
end
context
"when a merge request exists for the given source/target branch"
do
context
"when a merge request exists for the given source/target branch"
do
context
"when the merge request is in progress"
do
context
"when the merge request is in progress"
do
...
@@ -906,17 +903,13 @@ describe Gitlab::GitAccess do
...
@@ -906,17 +903,13 @@ describe Gitlab::GitAccess do
end
end
context
"when developers are allowed to push and merge into the
#{
protected_branch_type
}
protected branch"
do
context
"when developers are allowed to push and merge into the
#{
protected_branch_type
}
protected branch"
do
before
do
let
(
:protected_branch
)
{
create
(
:protected_branch
,
:developers_can_merge
,
:developers_can_push
,
name:
protected_branch_name
,
project:
project
)
}
create
(
:protected_branch
,
:developers_can_merge
,
:developers_can_push
,
name:
protected_branch_name
,
project:
project
)
end
run_permission_checks
(
permissions_matrix
.
deep_merge
(
developer:
{
push_protected_branch:
true
,
push_all:
true
,
merge_into_protected_branch:
true
}))
run_permission_checks
(
permissions_matrix
.
deep_merge
(
developer:
{
push_protected_branch:
true
,
push_all:
true
,
merge_into_protected_branch:
true
}))
end
end
context
"when no one is allowed to push to the
#{
protected_branch_name
}
protected branch"
do
context
"when no one is allowed to push to the
#{
protected_branch_name
}
protected branch"
do
before
do
let
(
:protected_branch
)
{
build
(
:protected_branch
,
:no_one_can_push
,
name:
protected_branch_name
,
project:
project
)
}
create
(
:protected_branch
,
:no_one_can_push
,
name:
protected_branch_name
,
project:
project
)
end
run_permission_checks
(
permissions_matrix
.
deep_merge
(
developer:
{
push_protected_branch:
false
,
push_all:
false
,
merge_into_protected_branch:
false
},
run_permission_checks
(
permissions_matrix
.
deep_merge
(
developer:
{
push_protected_branch:
false
,
push_all:
false
,
merge_into_protected_branch:
false
},
maintainer:
{
push_protected_branch:
false
,
push_all:
false
,
merge_into_protected_branch:
false
},
maintainer:
{
push_protected_branch:
false
,
push_all:
false
,
merge_into_protected_branch:
false
},
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment