Commit 4b9543bd authored by Oswaldo Ferreira's avatar Oswaldo Ferreira

Add EEP license checks

parent b5af4fb1
...@@ -20,6 +20,7 @@ class License < ActiveRecord::Base ...@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
ISSUE_BOARD_MILESTONE_FEATURE = 'GitLab_IssueBoardMilestone'.freeze ISSUE_BOARD_MILESTONE_FEATURE = 'GitLab_IssueBoardMilestone'.freeze
ISSUE_WEIGHTS_FEATURE = 'GitLab_IssueWeights'.freeze ISSUE_WEIGHTS_FEATURE = 'GitLab_IssueWeights'.freeze
JENKINS_INTEGRATION_FEATURE = 'GitLab_JenkinsIntegration'.freeze JENKINS_INTEGRATION_FEATURE = 'GitLab_JenkinsIntegration'.freeze
JIRA_DEV_PANEL_INTEGRATION_FEATURE = 'GitLab_JiraDevelopmentPanelIntegration'.freeze
LDAP_EXTRAS_FEATURE = 'GitLab_LdapExtras'.freeze LDAP_EXTRAS_FEATURE = 'GitLab_LdapExtras'.freeze
MERGE_REQUEST_APPROVERS_FEATURE = 'GitLab_MergeRequestApprovers'.freeze MERGE_REQUEST_APPROVERS_FEATURE = 'GitLab_MergeRequestApprovers'.freeze
MERGE_REQUEST_REBASE_FEATURE = 'GitLab_MergeRequestRebase'.freeze MERGE_REQUEST_REBASE_FEATURE = 'GitLab_MergeRequestRebase'.freeze
...@@ -63,6 +64,7 @@ class License < ActiveRecord::Base ...@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
issue_board_milestone: ISSUE_BOARD_MILESTONE_FEATURE, issue_board_milestone: ISSUE_BOARD_MILESTONE_FEATURE,
issue_weights: ISSUE_WEIGHTS_FEATURE, issue_weights: ISSUE_WEIGHTS_FEATURE,
jenkins_integration: JENKINS_INTEGRATION_FEATURE, jenkins_integration: JENKINS_INTEGRATION_FEATURE,
jira_dev_panel_integration: JIRA_DEV_PANEL_INTEGRATION_FEATURE,
merge_request_approvers: MERGE_REQUEST_APPROVERS_FEATURE, merge_request_approvers: MERGE_REQUEST_APPROVERS_FEATURE,
merge_request_rebase: MERGE_REQUEST_REBASE_FEATURE, merge_request_rebase: MERGE_REQUEST_REBASE_FEATURE,
merge_request_squash: MERGE_REQUEST_SQUASH_FEATURE, merge_request_squash: MERGE_REQUEST_SQUASH_FEATURE,
...@@ -114,6 +116,7 @@ class License < ActiveRecord::Base ...@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
{ FILE_LOCKS_FEATURE => 1 }, { FILE_LOCKS_FEATURE => 1 },
{ GEO_FEATURE => 1 }, { GEO_FEATURE => 1 },
{ OBJECT_STORAGE_FEATURE => 1 }, { OBJECT_STORAGE_FEATURE => 1 },
{ JIRA_DEV_PANEL_INTEGRATION_FEATURE => 1 },
{ SERVICE_DESK_FEATURE => 1 }, { SERVICE_DESK_FEATURE => 1 },
{ VARIABLE_ENVIRONMENT_SCOPE_FEATURE => 1 } { VARIABLE_ENVIRONMENT_SCOPE_FEATURE => 1 }
].freeze ].freeze
......
...@@ -12,6 +12,11 @@ module EE ...@@ -12,6 +12,11 @@ module EE
with_scope :subject with_scope :subject
condition(:deploy_board_disabled) { !@subject.feature_available?(:deploy_board) } condition(:deploy_board_disabled) { !@subject.feature_available?(:deploy_board) }
with_scope :subject
condition(:jira_dev_panel_integration_disabled) do
!@subject.feature_available?(:jira_dev_panel_integration)
end
with_scope :global with_scope :global
condition(:is_development) { Rails.env.development? } condition(:is_development) { Rails.env.development? }
...@@ -34,12 +39,17 @@ module EE ...@@ -34,12 +39,17 @@ module EE
prevent :admin_issue_link prevent :admin_issue_link
end end
rule { jira_dev_panel_integration_disabled }.policy do
prevent :integrate_to_jira_dev_panel
end
rule { can?(:read_issue) }.enable :read_issue_link rule { can?(:read_issue) }.enable :read_issue_link
rule { can?(:reporter_access) }.policy do rule { can?(:reporter_access) }.policy do
enable :admin_board enable :admin_board
enable :read_deploy_board enable :read_deploy_board
enable :admin_issue_link enable :admin_issue_link
enable :integrate_to_jira_dev_panel
end end
rule { can?(:developer_access) }.enable :admin_board rule { can?(:developer_access) }.enable :admin_board
......
...@@ -1113,13 +1113,13 @@ module API ...@@ -1113,13 +1113,13 @@ module API
expose :id, as: :sha expose :id, as: :sha
expose :author do |commit| expose :author do |commit|
{ {
login: commit.author.username, login: commit.author&.username,
email: commit.author_email email: commit.author_email
} }
end end
expose :committer do |commit| expose :committer do |commit|
{ {
login: commit.author.username, login: commit.author&.username,
email: commit.committer_email email: commit.committer_email
} }
end end
......
...@@ -8,6 +8,12 @@ module API ...@@ -8,6 +8,12 @@ module API
requires :namespace, type: String requires :namespace, type: String
requires :project, type: String requires :project, type: String
end end
def find_project_with_access(full_path, access_level = :integrate_to_jira_dev_panel)
project = find_project!(full_path)
authorize! access_level, project
project
end
end end
resource :orgs do resource :orgs do
...@@ -24,8 +30,9 @@ module API ...@@ -24,8 +30,9 @@ module API
resource :users do resource :users do
get ':namespace/repos' do get ':namespace/repos' do
present paginate(current_user.authorized_projects), projects = current_user.authorized_projects.select { |project| can?(current_user, :integrate_to_jira_dev_panel, project) }
with: ::API::Entities::Github::Repository projects = ::Kaminari.paginate_array(projects)
present paginate(projects), with: ::API::Entities::Github::Repository
end end
end end
...@@ -40,7 +47,7 @@ module API ...@@ -40,7 +47,7 @@ module API
get ':namespace/:project/branches' do get ':namespace/:project/branches' do
namespace = params[:namespace] namespace = params[:namespace]
project = params[:project] project = params[:project]
user_project = find_project!("#{namespace}/#{project}") user_project = find_project_with_access("#{namespace}/#{project}")
branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name)) branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name))
...@@ -55,7 +62,7 @@ module API ...@@ -55,7 +62,7 @@ module API
get ':namespace/:project/commits/:sha' do get ':namespace/:project/commits/:sha' do
namespace = params[:namespace] namespace = params[:namespace]
project = params[:project] project = params[:project]
user_project = find_project!("#{namespace}/#{project}") user_project = find_project_with_access("#{namespace}/#{project}")
commit = user_project.commit(params[:sha]) commit = user_project.commit(params[:sha])
......
...@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do ...@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
describe 'GET /user/repos' do describe 'GET /user/repos' do
it 'returns an empty array' do it 'returns an empty array' do
get v3_api("/user/repos", user) get v3_api('/user/repos', user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response).to eq([]) expect(json_response).to eq([])
...@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do ...@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
describe 'GET /-/jira/pulls' do describe 'GET /-/jira/pulls' do
it 'returns an empty array' do it 'returns an empty array' do
get v3_api("/repos/-/jira/pulls", user) get v3_api('/repos/-/jira/pulls', user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response).to eq([]) expect(json_response).to eq([])
...@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do ...@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
describe 'GET /users/:id/repos' do describe 'GET /users/:id/repos' do
context 'authenticated' do context 'authenticated' do
it 'returns an array of projects with github format' do it 'returns an array of projects with github format' do
stub_licensed_features(jira_dev_panel_integration: true)
group = create(:group) group = create(:group)
create(:project, group: group) create(:project, group: group)
group.add_master(user) group.add_master(user)
get v3_api("/users/whatever/repos", user) get v3_api('/users/foo/repos', user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response).to be_an(Array) expect(json_response).to be_an(Array)
...@@ -60,54 +61,101 @@ describe API::V3::GithubRepos do ...@@ -60,54 +61,101 @@ describe API::V3::GithubRepos do
context 'unauthenticated' do context 'unauthenticated' do
it 'returns 401' do it 'returns 401' do
get v3_api("/users/whatever/repos", nil) get v3_api("/users/foo/repos", nil)
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end
end end
it 'filters unlicensed namespace projects' do
silver_plan = Plan.find_by!(name: 'silver')
licensed_project = create(:project, :empty_repo)
licensed_project.add_reporter(user)
licensed_project.namespace.update!(plan_id: silver_plan.id)
stub_licensed_features(jira_dev_panel_integration: true)
stub_application_setting_on_object(project, should_check_namespace_plan: true)
stub_application_setting_on_object(licensed_project, should_check_namespace_plan: true)
get v3_api('/users/foo/repos', user)
expect(response).to have_http_status(200)
expect(json_response.size).to eq(1)
expect(json_response.first['id']).to eq(licensed_project.id)
end
end end
describe 'GET /repos/:namespace/:repo/branches' do describe 'GET /repos/:namespace/:project/branches' do
context 'authenticated' do context 'authenticated' do
context 'when user namespace path' do it 'returns an array of project branches with github format' do
it 'returns an array of project branches with github format' do stub_licensed_features(jira_dev_panel_integration: true)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", user)
expect(response).to have_http_status(200)
expect(json_response).to be_an(Array) expect(response).to have_http_status(200)
expect(json_response.first.keys).to contain_exactly('name', 'commit') expect(json_response).to be_an(Array)
expect(json_response.first['commit'].keys).to contain_exactly('sha', 'type') expect(json_response.first.keys).to contain_exactly('name', 'commit')
end expect(json_response.first['commit'].keys).to contain_exactly('sha', 'type')
end end
end end
context 'unauthenticated' do context 'unauthenticated' do
before do
end
it 'returns 401' do it 'returns 401' do
stub_licensed_features(jira_dev_panel_integration: true)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", nil) get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", nil)
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end
end end
context 'unauthorized' do
it 'returns 403 when lower access level' do
unauthorized_user = create(:user)
project.add_guest(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", unauthorized_user)
expect(response).to have_http_status(403)
end
it 'returns 403 when not licensed' do
stub_licensed_features(jira_dev_panel_integration: false)
unauthorized_user = create(:user)
project.add_reporter(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", unauthorized_user)
expect(response).to have_http_status(403)
end
end
end end
describe 'GET /repos/:namespace/:repo/commits/:sha' do describe 'GET /repos/:namespace/:project/commits/:sha' do
let(:commit) { project.repository.commit } let(:commit) { project.repository.commit }
let(:commit_id) { commit.id } let(:commit_id) { commit.id }
context 'authenticated' do context 'authenticated' do
it 'returns commit with expected format' do it 'returns commit with github format' do
stub_licensed_features(jira_dev_panel_integration: true)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}", user) get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}", user)
commit_author = { commit_author = {
'name' => commit.author_name, 'name' => commit.author_name,
'email' => commit.author_email, 'email' => commit.author_email,
'date' => commit.authored_date.iso8601(3) 'date' => commit.authored_date.iso8601,
'type' => 'User'
} }
commit_committer = { commit_committer = {
'name' => commit.committer_name, 'name' => commit.committer_name,
'email' => commit.committer_email, 'email' => commit.committer_email,
'date' => commit.committed_date.iso8601(3) 'date' => commit.committed_date.iso8601,
'type' => 'User'
} }
parent_commits = commit.parent_ids.map { |id| { 'sha' => id } } parent_commits = commit.parent_ids.map { |id| { 'sha' => id } }
...@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do ...@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end
end end
context 'unauthorized' do
it 'returns 403 when lower access level' do
unauthorized_user = create(:user)
project.add_guest(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}",
unauthorized_user)
expect(response).to have_http_status(403)
end
it 'returns 403 when not licensed' do
stub_licensed_features(jira_dev_panel_integration: false)
unauthorized_user = create(:user)
project.add_reporter(unauthorized_user)
get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}",
unauthorized_user)
expect(response).to have_http_status(403)
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment