Commit 92d568ac authored by Rubén Dávila Santos's avatar Rubén Dávila Santos Committed by Ruben Davila

Merge branch 'fix-rspec-failures-due-to-cached-permissions' into 'master'

Fix assorted rspec failures due to stale, cached user permissions

RequestStore is disabled in tests, but the Ability class was caching user permissions based on the user and project ID of previous test runs. Revise code to use RequestStore only if it is active.

See merge request !5919
parent 0f2ffb74
...@@ -166,38 +166,44 @@ class Ability ...@@ -166,38 +166,44 @@ class Ability
end end
def project_abilities(user, project) def project_abilities(user, project)
rules = []
key = "/user/#{user.id}/project/#{project.id}" key = "/user/#{user.id}/project/#{project.id}"
RequestStore.store[key] ||= begin if RequestStore.active?
# Push abilities on the users team role RequestStore.store[key] ||= uncached_project_abilities(user, project)
rules.push(*project_team_rules(project.team, user)) else
uncached_project_abilities(user, project)
end
end
owner = user.admin? || def uncached_project_abilities(user, project)
project.owner == user || rules = []
(project.group && project.group.has_owner?(user)) # Push abilities on the users team role
rules.push(*project_team_rules(project.team, user))
if owner owner = user.admin? ||
rules.push(*project_owner_rules) project.owner == user ||
end (project.group && project.group.has_owner?(user))
if project.public? || (project.internal? && !user.external?) if owner
rules.push(*public_project_rules) rules.push(*project_owner_rules)
end
# Allow to read builds for internal projects if project.public? || (project.internal? && !user.external?)
rules << :read_build if project.public_builds? rules.push(*public_project_rules)
unless owner || project.team.member?(user) || project_group_member?(project, user) # Allow to read builds for internal projects
rules << :request_access if project.request_access_enabled rules << :read_build if project.public_builds?
end
end
if project.archived? unless owner || project.team.member?(user) || project_group_member?(project, user)
rules -= project_archived_rules rules << :request_access if project.request_access_enabled
end end
end
rules - project_disabled_features_rules(project) if project.archived?
rules -= project_archived_rules
end end
(rules - project_disabled_features_rules(project)).uniq
end end
def project_team_rules(team, user) def project_team_rules(team, user)
......
...@@ -171,6 +171,70 @@ describe Ability, lib: true do ...@@ -171,6 +171,70 @@ describe Ability, lib: true do
end end
end end
shared_examples_for ".project_abilities" do |enable_request_store|
before do
RequestStore.begin! if enable_request_store
end
after do
if enable_request_store
RequestStore.end!
RequestStore.clear!
end
end
describe '.project_abilities' do
let!(:project) { create(:empty_project, :public) }
let!(:user) { create(:user) }
it 'returns permissions for admin user' do
admin = create(:admin)
results = described_class.project_abilities(admin, project)
expect(results.count).to eq(68)
end
it 'returns permissions for an owner' do
results = described_class.project_abilities(project.owner, project)
expect(results.count).to eq(68)
end
it 'returns permissions for a master' do
project.team << [user, :master]
results = described_class.project_abilities(user, project)
expect(results.count).to eq(60)
end
it 'returns permissions for a developer' do
project.team << [user, :developer]
results = described_class.project_abilities(user, project)
expect(results.count).to eq(44)
end
it 'returns permissions for a guest' do
project.team << [user, :guest]
results = described_class.project_abilities(user, project)
expect(results.count).to eq(21)
end
end
end
describe '.project_abilities with RequestStore' do
it_behaves_like ".project_abilities", true
end
describe '.project_abilities without RequestStore' do
it_behaves_like ".project_abilities", false
end
describe '.issues_readable_by_user' do describe '.issues_readable_by_user' do
context 'with an admin user' do context 'with an admin user' do
it 'returns all given issues' do it 'returns all given issues' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment