Skip to content

G
gitlab-ce
Commit 4b9543bd authored by Oswaldo Ferreira's avatar Oswaldo Ferreira
Browse files
Options

Add EEP license checks

parent b5af4fb1
Hide whitespace changes
Inline Side-by-side
Showing with 116 additions and 25 deletions
app/models/license.rb
View file @ 4b9543bd
......@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
ISSUE_BOARD_MILESTONE_FEATURE = 'GitLab_IssueBoardMilestone'.freeze
ISSUE_WEIGHTS_FEATURE = 'GitLab_IssueWeights'.freeze
JENKINS_INTEGRATION_FEATURE = 'GitLab_JenkinsIntegration'.freeze
JIRA_DEV_PANEL_INTEGRATION_FEATURE = 'GitLab_JiraDevelopmentPanelIntegration'.freeze
LDAP_EXTRAS_FEATURE = 'GitLab_LdapExtras'.freeze
MERGE_REQUEST_APPROVERS_FEATURE = 'GitLab_MergeRequestApprovers'.freeze
MERGE_REQUEST_REBASE_FEATURE = 'GitLab_MergeRequestRebase'.freeze
......@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
issue_board_milestone: ISSUE_BOARD_MILESTONE_FEATURE,
issue_weights: ISSUE_WEIGHTS_FEATURE,
jenkins_integration: JENKINS_INTEGRATION_FEATURE,
jira_dev_panel_integration: JIRA_DEV_PANEL_INTEGRATION_FEATURE,
merge_request_approvers: MERGE_REQUEST_APPROVERS_FEATURE,
merge_request_rebase: MERGE_REQUEST_REBASE_FEATURE,
merge_request_squash: MERGE_REQUEST_SQUASH_FEATURE,
......@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
{ FILE_LOCKS_FEATURE => 1 },
{ GEO_FEATURE => 1 },
{ OBJECT_STORAGE_FEATURE => 1 },
{ JIRA_DEV_PANEL_INTEGRATION_FEATURE => 1 },
{ SERVICE_DESK_FEATURE => 1 },
{ VARIABLE_ENVIRONMENT_SCOPE_FEATURE => 1 }
].freeze
......
ee/app/policies/ee/project_policy.rb
View file @ 4b9543bd
......@@ -12,6 +12,11 @@ module EE
with_scope :subject
condition(:deploy_board_disabled) { !@subject.feature_available?(:deploy_board) }
with_scope :subject
condition(:jira_dev_panel_integration_disabled) do
!@subject.feature_available?(:jira_dev_panel_integration)
end
with_scope :global
condition(:is_development) { Rails.env.development? }
......@@ -34,12 +39,17 @@ module EE
prevent :admin_issue_link
end
rule { jira_dev_panel_integration_disabled }.policy do
prevent :integrate_to_jira_dev_panel
end
rule { can?(:read_issue) }.enable :read_issue_link
rule { can?(:reporter_access) }.policy do
enable :admin_board
enable :read_deploy_board
enable :admin_issue_link
enable :integrate_to_jira_dev_panel
end
rule { can?(:developer_access) }.enable :admin_board
......
lib/api/entities.rb
View file @ 4b9543bd
......@@ -1113,13 +1113,13 @@ module API
expose :id, as: :sha
expose :author do |commit|
{
login: commit.author.username,
login: commit.author&.username,
email: commit.author_email
}
end
expose :committer do |commit|
{
login: commit.author.username,
login: commit.author&.username,
email: commit.committer_email
}
end
......
lib/api/v3/github_repos.rb
View file @ 4b9543bd
......@@ -8,6 +8,12 @@ module API
requires :namespace, type: String
requires :project, type: String
end
def find_project_with_access(full_path, access_level = :integrate_to_jira_dev_panel)
project = find_project!(full_path)
authorize! access_level, project
project
end
end
resource :orgs do
......@@ -24,8 +30,9 @@ module API
resource :users do
get ':namespace/repos' do
present paginate(current_user.authorized_projects),
with: ::API::Entities::Github::Repository
projects = current_user.authorized_projects.select { |project| can?(current_user, :integrate_to_jira_dev_panel, project) }
projects = ::Kaminari.paginate_array(projects)
present paginate(projects), with: ::API::Entities::Github::Repository
end
end
......@@ -40,7 +47,7 @@ module API
get ':namespace/:project/branches' do
namespace = params[:namespace]
project = params[:project]
user_project = find_project!("#{namespace}/#{project}")
user_project = find_project_with_access("#{namespace}/#{project}")
branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name))
......@@ -55,7 +62,7 @@ module API
get ':namespace/:project/commits/:sha' do
namespace = params[:namespace]
project = params[:project]
user_project = find_project!("#{namespace}/#{project}")
user_project = find_project_with_access("#{namespace}/#{project}")
commit = user_project.commit(params[:sha])
......
spec/requests/api/v3/github_repos_spec.rb
View file @ 4b9543bd
......@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
describe 'GET /user/repos' do
it 'returns an empty array' do
get v3_api("/user/repos", user)
get v3_api('/user/repos', user)
expect(response).to have_http_status(200)
expect(json_response).to eq([])
......@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
describe 'GET /-/jira/pulls' do
it 'returns an empty array' do
get v3_api("/repos/-/jira/pulls", user)
get v3_api('/repos/-/jira/pulls', user)
expect(response).to have_http_status(200)
expect(json_response).to eq([])
......@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
describe 'GET /users/:id/repos' do
context 'authenticated' do
it 'returns an array of projects with github format' do
stub_licensed_features(jira_dev_panel_integration: true)
group = create(:group)
create(:project, group: group)
group.add_master(user)
get v3_api("/users/whatever/repos", user)
get v3_api('/users/foo/repos', user)
expect(response).to have_http_status(200)
expect(json_response).to be_an(Array)
......@@ -60,54 +61,101 @@ describe API::V3::GithubRepos do
context 'unauthenticated' do
it 'returns 401' do
get v3_api("/users/whatever/repos", nil)
get v3_api("/users/foo/repos", nil)
expect(response).to have_http_status(401)
end
end
it 'filters unlicensed namespace projects' do
silver_plan = Plan.find_by!(name: 'silver')
licensed_project = create(:project, :empty_repo)
licensed_project.add_reporter(user)
licensed_project.namespace.update!(plan_id: silver_plan.id)
stub_licensed_features(jira_dev_panel_integration: true)
stub_application_setting_on_object(project, should_check_namespace_plan: true)
stub_application_setting_on_object(licensed_project, should_check_namespace_plan: true)
get v3_api('/users/foo/repos', user)
expect(response).to have_http_status(200)
expect(json_response.size).to eq(1)
expect(json_response.first['id']).to eq(licensed_project.id)
end
end
describe 'GET /repos/:namespace/:repo/branches' do
describe 'GET /repos/:namespace/:project/branches' do
context 'authenticated' do
context 'when user namespace path' do
it 'returns an array of project branches with github format' do
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", user)
expect(response).to have_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.first.keys).to contain_exactly('name', 'commit')
expect(json_response.first['commit'].keys).to contain_exactly('sha', 'type')
end
it 'returns an array of project branches with github format' do
stub_licensed_features(jira_dev_panel_integration: true)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", user)
expect(response).to have_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.first.keys).to contain_exactly('name', 'commit')
expect(json_response.first['commit'].keys).to contain_exactly('sha', 'type')
end
end
context 'unauthenticated' do
before do
end
it 'returns 401' do
stub_licensed_features(jira_dev_panel_integration: true)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", nil)
expect(response).to have_http_status(401)
end
end
context 'unauthorized' do
it 'returns 403 when lower access level' do
unauthorized_user = create(:user)
project.add_guest(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", unauthorized_user)
expect(response).to have_http_status(403)
end
it 'returns 403 when not licensed' do
stub_licensed_features(jira_dev_panel_integration: false)
unauthorized_user = create(:user)
project.add_reporter(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", unauthorized_user)
expect(response).to have_http_status(403)
end
end
end
describe 'GET /repos/:namespace/:repo/commits/:sha' do
describe 'GET /repos/:namespace/:project/commits/:sha' do
let(:commit) { project.repository.commit }
let(:commit_id) { commit.id }
context 'authenticated' do
it 'returns commit with expected format' do
it 'returns commit with github format' do
stub_licensed_features(jira_dev_panel_integration: true)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}", user)
commit_author = {
'name' => commit.author_name,
'email' => commit.author_email,
'date' => commit.authored_date.iso8601(3)
'date' => commit.authored_date.iso8601,
'type' => 'User'
}
commit_committer = {
'name' => commit.committer_name,
'email' => commit.committer_email,
'date' => commit.committed_date.iso8601(3)
'date' => commit.committed_date.iso8601,
'type' => 'User'
}
parent_commits = commit.parent_ids.map { |id| { 'sha' => id } }
......@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
expect(response).to have_http_status(401)
end
end
context 'unauthorized' do
it 'returns 403 when lower access level' do
unauthorized_user = create(:user)
project.add_guest(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}",
unauthorized_user)
expect(response).to have_http_status(403)
end
it 'returns 403 when not licensed' do
stub_licensed_features(jira_dev_panel_integration: false)
unauthorized_user = create(:user)
project.add_reporter(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}",
unauthorized_user)
expect(response).to have_http_status(403)
end
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7