Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
a1c77f2d
Commit
a1c77f2d
authored
Dec 14, 2018
by
Matija Čupić
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Authorize read_build when listing pipeline jobs
parent
c7ea2861
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
3 deletions
+15
-3
lib/api/jobs.rb
lib/api/jobs.rb
+2
-0
spec/requests/api/jobs_spec.rb
spec/requests/api/jobs_spec.rb
+13
-3
No files found.
lib/api/jobs.rb
View file @
a1c77f2d
...
@@ -59,6 +59,8 @@ module API
...
@@ -59,6 +59,8 @@ module API
# rubocop: disable CodeReuse/ActiveRecord
# rubocop: disable CodeReuse/ActiveRecord
get
':id/pipelines/:pipeline_id/jobs'
do
get
':id/pipelines/:pipeline_id/jobs'
do
pipeline
=
user_project
.
ci_pipelines
.
find
(
params
[
:pipeline_id
])
pipeline
=
user_project
.
ci_pipelines
.
find
(
params
[
:pipeline_id
])
authorize!
(
:read_build
,
pipeline
)
builds
=
pipeline
.
builds
builds
=
pipeline
.
builds
builds
=
filter_builds
(
builds
,
params
[
:scope
])
builds
=
filter_builds
(
builds
,
params
[
:scope
])
builds
=
builds
.
preload
(
:job_artifacts_archive
,
:job_artifacts
,
project:
[
:namespace
])
builds
=
builds
.
preload
(
:job_artifacts_archive
,
:job_artifacts
,
project:
[
:namespace
])
...
...
spec/requests/api/jobs_spec.rb
View file @
a1c77f2d
...
@@ -251,10 +251,20 @@ describe API::Jobs do
...
@@ -251,10 +251,20 @@ describe API::Jobs do
end
end
context
'unauthorized user'
do
context
'unauthorized user'
do
let
(
:api_user
)
{
nil
}
context
'when user is not logged in'
do
let
(
:api_user
)
{
nil
}
it
'does not return jobs'
do
it
'does not return jobs'
do
expect
(
response
).
to
have_gitlab_http_status
(
401
)
expect
(
response
).
to
have_gitlab_http_status
(
401
)
end
end
context
'when user is guest'
do
let
(
:api_user
)
{
guest
}
it
'does not return jobs'
do
expect
(
response
).
to
have_gitlab_http_status
(
403
)
end
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment