Merge branch 'fix_user_nil_on_deploy_access_level' into 'master'

Fix NoMethodError when accessing protected environment for job See merge request gitlab-org/gitlab!44257

Merge branch 'fix_user_nil_on_deploy_access_level' into 'master'
Fix NoMethodError when accessing protected environment for job See merge request gitlab-org/gitlab!44257
2c7a756b · Douglas Barbosa Alexandre · 0d85c54b · 08429f67 · 2c7a756b · 2c7a756b
Commit 2c7a756b authored Oct 07, 2020 by Douglas Barbosa Alexandre
5 changed files
--- a/ee/app/models/protected_environment/deploy_access_level.rb
+++ b/ee/app/models/protected_environment/deploy_access_level.rb
@@ -21,6 +21,7 @@ class ProtectedEnvironment::DeployAccessLevel < ApplicationRecord
  delegate :project, to: :protected_environment
  def check_access(user)
+    return false unless user
    return true if user.admin?
    return user.id == user_id if user_type?
    return group.users.exists?(user.id) if group_type?

--- a/ee/changelogs/unreleased/fix_user_nil_on_deploy_access_level.yml
+++ b/ee/changelogs/unreleased/fix_user_nil_on_deploy_access_level.yml
+---
+title: Fix NoMethodError when accessing protected environment for job
+merge_request: 44257
+author:
+type: fixed
--- a/ee/spec/controllers/ee/projects/jobs_controller_spec.rb
+++ b/ee/spec/controllers/ee/projects/jobs_controller_spec.rb
@@ -74,16 +74,45 @@ RSpec.describe Projects::JobsController do
        before do
          stub_application_setting(shared_runners_minutes: 2)
-          get_show(id: job.id, format: :json)
        end
        it 'exposes quota information' do
+          get_show(id: job.id, format: :json)
          expect(response).to have_gitlab_http_status(:ok)
          expect(response).to match_response_schema('job/job_details', dir: 'ee')
          expect(json_response['runners']['quota']['used']).to eq 0
          expect(json_response['runners']['quota']['limit']).to eq 2
        end
+        context 'the environment is protected' do
+          before do
+            stub_licensed_features(protected_environments: true)
+            create(:protected_environment, project: project)
+          end
+          let(:job) { create(:ci_build, :deploy_to_production, :with_deployment, :success, pipeline: pipeline, runner: runner) }
+          it 'renders successfully' do
+            get_show(id: job.id, format: :json)
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(response).to match_response_schema('job/job_details', dir: 'ee')
+          end
+          context 'anonymous user' do
+            before do
+              sign_out(user)
+            end
+            it 'renders successfully' do
+              get_show(id: job.id, format: :json)
+              expect(response).to have_gitlab_http_status(:ok)
+              expect(response).to match_response_schema('job/job_details', dir: 'ee')
+            end
+          end
+        end
      end
    end

--- a/ee/spec/models/protected_environment/deploy_access_level_spec.rb
+++ b/ee/spec/models/protected_environment/deploy_access_level_spec.rb
@@ -20,8 +20,15 @@ RSpec.describe ProtectedEnvironment::DeployAccessLevel do
  describe '#check_access' do
    subject { deploy_access_level.check_access(user) }
+    context 'anonymous access' do
+      let(:user) { nil }
+      let(:deploy_access_level) { create(:protected_environment_deploy_access_level, protected_environment: protected_environment) }
+      it { is_expected.to be_falsy }
+    end
    describe 'admin access' do
-      let(:user) { create(:user, :admin) }
+      let_it_be(:user) { create(:user, :admin) }
      context 'when admin user does have specific access' do
        let(:deploy_access_level) { create(:protected_environment_deploy_access_level, protected_environment: protected_environment, user: user) }
@@ -51,7 +58,7 @@ RSpec.describe ProtectedEnvironment::DeployAccessLevel do
    end
    describe 'group access' do
-      let(:group) { create(:group, projects: [project]) }
+      let_it_be(:group) { create(:group, projects: [project]) }
      context 'when specific access has been assigned to a group' do
        let(:deploy_access_level) { create(:protected_environment_deploy_access_level, protected_environment: protected_environment, group: group) }
@@ -111,7 +118,7 @@ RSpec.describe ProtectedEnvironment::DeployAccessLevel do
  end
  describe '#humanize' do
-    let(:protected_environment) { create(:protected_environment) }
+    let_it_be(:protected_environment) { create(:protected_environment) }
    subject { deploy_access_level.humanize }

--- a/spec/fixtures/api/schemas/environment.json
+++ b/spec/fixtures/api/schemas/environment.json
@@ -41,9 +41,12 @@
        { "type": "null" },
        { "$ref": "deployment.json" },
        {
+          "type": "object",
+          "properties" : {
            "name": { "type": "string" },
            "build_path": { "type": "string" }
          }
+        }
      ]
    },
    "can_delete": { "type": "boolean" }