Skip to content

G
gitlab-ce
Commit 3d8c4f48 authored by Pedro Pombeiro's avatar Pedro Pombeiro
Browse files
Options

Allow admin to register project runners at all times 

Changelog: fixed
parent 0175304d
Hide whitespace changes
Inline Side-by-side
Showing with 111 additions and 2 deletions
app/policies/project_policy.rb
View file @ 3d8c4f48
......@@ -194,6 +194,10 @@ class ProjectPolicy < BasePolicy
condition(:"#{f}_disabled", score: 32) { !access_allowed_to?(f.to_sym) }
end
condition(:project_runner_registration_allowed) do
Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?('project')
end
# `:read_project` may be prevented in EE, but `:read_project_for_iids` should
# not.
rule { guest | admin }.enable :read_project_for_iids
......@@ -230,6 +234,8 @@ class ProjectPolicy < BasePolicy
enable :set_emails_disabled
enable :set_show_default_award_emojis
enable :set_warn_about_potentially_unwanted_characters
enable :register_project_runners
end
rule { can?(:guest_access) }.policy do
......@@ -455,6 +461,7 @@ class ProjectPolicy < BasePolicy
enable :update_freeze_period
enable :destroy_freeze_period
enable :admin_feature_flags_client
enable :register_project_runners
enable :update_runners_registration_token
enable :admin_project_google_cloud
end
......@@ -729,6 +736,10 @@ class ProjectPolicy < BasePolicy
enable :access_security_and_compliance
end
rule { ~admin & ~project_runner_registration_allowed }.policy do
prevent :register_project_runners
end
private
def user_is_user?
......
app/views/projects/runners/_specific_runners.html.haml
View file @ 3d8c4f48
......@@ -2,7 +2,7 @@
= _('Specific runners')
.bs-callout.help-callout
- if valid_runner_registrars.include?('project')
- if can?(current_user, :register_project_runners, @project)
= _('These runners are specific to this project.')
- if params[:ci_runner_templates]
%hr
......
spec/policies/project_policy_spec.rb
View file @ 3d8c4f48
......@@ -1755,4 +1755,100 @@ RSpec.describe ProjectPolicy do
end
end
end
describe 'register_project_runners' do
context 'admin' do
let(:current_user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
context 'with runner_registration_control FF disabled' do
before do
stub_feature_flags(runner_registration_control: false)
end
it { is_expected.to be_allowed(:register_project_runners) }
end
context 'with runner_registration_control FF enabled' do
before do
stub_feature_flags(runner_registration_control: true)
end
it { is_expected.to be_allowed(:register_project_runners) }
context 'with project runner registration disabled' do
before do
stub_application_setting(valid_runner_registrars: ['group'])
end
it { is_expected.to be_allowed(:register_project_runners) }
end
end
end
context 'when admin mode is disabled' do
it { is_expected.to be_disallowed(:register_project_runners) }
end
end
context 'with owner' do
let(:current_user) { owner }
it { is_expected.to be_allowed(:register_project_runners) }
context 'with runner_registration_control FF disabled' do
before do
stub_feature_flags(runner_registration_control: false)
end
it { is_expected.to be_allowed(:register_project_runners) }
end
context 'with runner_registration_control FF enabled' do
before do
stub_feature_flags(runner_registration_control: true)
end
it { is_expected.to be_allowed(:register_project_runners) }
context 'with project runner registration disabled' do
before do
stub_application_setting(valid_runner_registrars: ['group'])
end
it { is_expected.to be_disallowed(:register_project_runners) }
end
end
end
context 'with maintainer' do
let(:current_user) { maintainer }
it { is_expected.to be_allowed(:register_project_runners) }
end
context 'with reporter' do
let(:current_user) { reporter }
it { is_expected.to be_disallowed(:register_project_runners) }
end
context 'with guest' do
let(:current_user) { guest }
it { is_expected.to be_disallowed(:register_project_runners) }
end
context 'with non member' do
let(:current_user) { create(:user) }
it { is_expected.to be_disallowed(:register_project_runners) }
end
context 'with anonymous' do
let(:current_user) { nil }
it { is_expected.to be_disallowed(:register_project_runners) }
end
end
end
spec/views/projects/runners/_specific_runners.html.haml_spec.rb
View file @ 3d8c4f48
......@@ -11,12 +11,14 @@ RSpec.describe 'projects/runners/specific_runners.html.haml' do
@project = project
@assignable_runners = []
@project_runners = []
allow(view).to receive(:current_user).and_return(user)
allow(view).to receive(:reset_registration_token_namespace_project_settings_ci_cd_path).and_return('banana_url')
end
context 'when project runner registration is allowed' do
before do
stub_application_setting(valid_runner_registrars: ['project'])
allow(view).to receive(:can?).with(user, :register_project_runners, project).and_return(true)
end
it 'enables the Remove project button for a project' do
......@@ -32,7 +34,7 @@ RSpec.describe 'projects/runners/specific_runners.html.haml' do
stub_application_setting(valid_runner_registrars: ['group'])
end
it 'does not enable the the Remove project button for a project' do
it 'does not enable the Remove project button for a project' do
render 'projects/runners/specific_runners', project: project
expect(rendered).to have_content 'Please contact an admin to register runners.'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7