Commit a841d79d authored by Patricio Cano's avatar Patricio Cano

Enforce repository size limit across all projects and groups, includes LFS objects in that limit.

Limit can be set globally, and overridden per group, and/or project.
parent 7f8d2416
...@@ -127,6 +127,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -127,6 +127,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:usage_ping_enabled, :usage_ping_enabled,
:repository_storage, :repository_storage,
:enabled_git_access_protocol, :enabled_git_access_protocol,
:repository_size_limit,
restricted_visibility_levels: [], restricted_visibility_levels: [],
import_sources: [], import_sources: [],
disabled_oauth_sign_in_sources: [] disabled_oauth_sign_in_sources: []
......
...@@ -66,6 +66,7 @@ class Admin::GroupsController < Admin::ApplicationController ...@@ -66,6 +66,7 @@ class Admin::GroupsController < Admin::ApplicationController
:lfs_enabled, :lfs_enabled,
:name, :name,
:path, :path,
:repository_size_limit,
:request_access_enabled, :request_access_enabled,
:visibility_level :visibility_level
) )
......
...@@ -131,12 +131,13 @@ class GroupsController < Groups::ApplicationController ...@@ -131,12 +131,13 @@ class GroupsController < Groups::ApplicationController
:avatar, :avatar,
:description, :description,
:lfs_enabled, :lfs_enabled,
:membership_lock,
:name, :name,
:path, :path,
:public, :public,
:repository_size_limit,
:request_access_enabled, :request_access_enabled,
:share_with_group_lock, :share_with_group_lock,
:membership_lock,
:visibility_level :visibility_level
) )
end end
......
...@@ -68,7 +68,9 @@ class Projects::GitHttpController < Projects::GitHttpClientController ...@@ -68,7 +68,9 @@ class Projects::GitHttpController < Projects::GitHttpClientController
def render_denied def render_denied
if user && user.can?(:read_project, project) if user && user.can?(:read_project, project)
render plain: 'Access denied', status: :forbidden message = project.above_size_limit? ? access_check.message : 'Access denied'
render plain: message, status: :forbidden
else else
# Do not leak information about project existence # Do not leak information about project existence
render_not_found render_not_found
......
...@@ -320,6 +320,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -320,6 +320,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController
return access_denied! unless @merge_request.can_be_merged_by?(current_user) return access_denied! unless @merge_request.can_be_merged_by?(current_user)
return render_404 unless @merge_request.approved? return render_404 unless @merge_request.approved?
# user is not able to merge if project is above size limit
if @merge_request.target_project.above_size_limit?
@status = :size_limit_reached
return
end
# Disable the CI check if merge_when_build_succeeds is enabled since we have # Disable the CI check if merge_when_build_succeeds is enabled since we have
# to wait until CI completes to know # to wait until CI completes to know
unless @merge_request.mergeable?(skip_ci_check: merge_when_build_succeeds_active?) unless @merge_request.mergeable?(skip_ci_check: merge_when_build_succeeds_active?)
......
...@@ -16,7 +16,11 @@ module LfsHelper ...@@ -16,7 +16,11 @@ module LfsHelper
return if upload_request? && lfs_upload_access? return if upload_request? && lfs_upload_access?
if project.public? || (user && user.can?(:read_project, project)) if project.public? || (user && user.can?(:read_project, project))
render_lfs_forbidden if project.above_size_limit? || objects_exceeded_limit?
render_size_error
else
render_lfs_forbidden
end
else else
render_lfs_not_found render_lfs_not_found
end end
...@@ -30,10 +34,27 @@ module LfsHelper ...@@ -30,10 +34,27 @@ module LfsHelper
def lfs_upload_access? def lfs_upload_access?
return false unless project.lfs_enabled? return false unless project.lfs_enabled?
return false if project.above_size_limit? || objects_exceed_repo_limit?
user && user.can?(:push_code, project) user && user.can?(:push_code, project)
end end
def objects_exceed_repo_limit?
return false unless project.size_limit_enabled?
objects_size = 0
objects.each do |object|
objects_size += object[:size]
end
@limit_exceeded = true if (project.aggregated_repository_size + objects_size.to_mb) > project.repo_size_limit
end
def objects_exceeded_limit?
@limit_exceeded ||= false
end
def render_lfs_forbidden def render_lfs_forbidden
render( render(
json: { json: {
...@@ -56,6 +77,17 @@ module LfsHelper ...@@ -56,6 +77,17 @@ module LfsHelper
) )
end end
def render_size_error
render(
json: {
message: 'This repository has exceeded its storage limit. Please contact your GitLab admin.',
documentation_url: "#{Gitlab.config.gitlab.url}/help",
},
content_type: "application/vnd.git-lfs+json",
status: 406
)
end
def storage_project def storage_project
@storage_project ||= begin @storage_project ||= begin
result = project result = project
......
...@@ -63,6 +63,10 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -63,6 +63,10 @@ class ApplicationSetting < ActiveRecord::Base
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
validates :repository_size_limit,
presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
validates :container_registry_token_expire_delay, validates :container_registry_token_expire_delay,
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
......
...@@ -33,6 +33,9 @@ class Group < Namespace ...@@ -33,6 +33,9 @@ class Group < Namespace
validates :avatar, file_size: { maximum: 200.kilobytes.to_i } validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
validates :repository_size_limit,
numericality: { only_integer: true, greater_than_or_equal_to: 0, allow_nil: true }
mount_uploader :avatar, AvatarUploader mount_uploader :avatar, AvatarUploader
after_create :post_create_hook after_create :post_create_hook
...@@ -199,6 +202,12 @@ class Group < Namespace ...@@ -199,6 +202,12 @@ class Group < Namespace
system_hook_service.execute_hooks_for(self, :destroy) system_hook_service.execute_hooks_for(self, :destroy)
end end
def repo_size_limit
return current_application_settings.repository_size_limit if repository_size_limit.nil?
repository_size_limit
end
def system_hook_service def system_hook_service
SystemHooksService.new SystemHooksService.new
end end
......
...@@ -289,6 +289,10 @@ class MergeRequest < ActiveRecord::Base ...@@ -289,6 +289,10 @@ class MergeRequest < ActiveRecord::Base
end end
end end
def is_valid?
!(target_project.above_size_limit? || target_project.blank? || source_branch.blank?)
end
def branch_merge_base_sha def branch_merge_base_sha
branch_merge_base_commit.try(:sha) branch_merge_base_commit.try(:sha)
end end
......
...@@ -147,6 +147,10 @@ class Namespace < ActiveRecord::Base ...@@ -147,6 +147,10 @@ class Namespace < ActiveRecord::Base
Gitlab.config.lfs.enabled Gitlab.config.lfs.enabled
end end
def repo_size_limit
current_application_settings.repository_size_limit
end
private private
def repository_storage_paths def repository_storage_paths
......
...@@ -182,6 +182,9 @@ class Project < ActiveRecord::Base ...@@ -182,6 +182,9 @@ class Project < ActiveRecord::Base
presence: true, presence: true,
inclusion: { in: ->(_object) { Gitlab.config.repositories.storages.keys } } inclusion: { in: ->(_object) { Gitlab.config.repositories.storages.keys } }
validates :repository_size_limit,
numericality: { only_integer: true, greater_than_or_equal_to: 0, allow_nil: true }
with_options if: :mirror? do |project| with_options if: :mirror? do |project|
project.validates :import_url, presence: true project.validates :import_url, presence: true
project.validates :mirror_user, presence: true project.validates :mirror_user, presence: true
...@@ -1537,6 +1540,30 @@ class Project < ActiveRecord::Base ...@@ -1537,6 +1540,30 @@ class Project < ActiveRecord::Base
Gitlab::Redis.with { |redis| redis.del(pushes_since_gc_redis_key) } Gitlab::Redis.with { |redis| redis.del(pushes_since_gc_redis_key) }
end end
def aggregated_repository_size
repository_size + lfs_objects.sum(:size).to_i.to_mb
end
def above_size_limit?
return false if repo_size_limit == 0
aggregated_repository_size > repo_size_limit
end
def size_to_remove
aggregated_repository_size - repo_size_limit
end
def repo_size_limit
return namespace.repo_size_limit if repository_size_limit.nil?
repository_size_limit
end
def size_limit_enabled?
repo_size_limit != 0
end
private private
def pushes_since_gc_redis_key def pushes_since_gc_redis_key
......
...@@ -34,6 +34,10 @@ module Files ...@@ -34,6 +34,10 @@ module Files
error(ex.message) error(ex.message)
end end
def size_limit_error_message
"Your changes could not be committed, because this repository has exceeded its size limit of #{project.repo_size_limit}MB by #{project.size_to_remove}MB"
end
private private
def different_branch? def different_branch?
......
...@@ -9,6 +9,10 @@ module Files ...@@ -9,6 +9,10 @@ module Files
def validate def validate
super super
if project.above_size_limit?
raise_error(size_limit_error_message)
end
unless @file_path =~ Gitlab::Regex.file_path_regex unless @file_path =~ Gitlab::Regex.file_path_regex
raise_error( raise_error(
'Your changes could not be committed, because the file path ' + 'Your changes could not be committed, because the file path ' +
......
...@@ -9,6 +9,10 @@ module Files ...@@ -9,6 +9,10 @@ module Files
def validate def validate
super super
if project.above_size_limit?
raise_error(size_limit_error_message)
end
if @file_path =~ Gitlab::Regex.directory_traversal_regex if @file_path =~ Gitlab::Regex.directory_traversal_regex
raise_error( raise_error(
'Your changes could not be committed, because the file name ' + 'Your changes could not be committed, because the file name ' +
......
...@@ -16,6 +16,10 @@ module Files ...@@ -16,6 +16,10 @@ module Files
def validate def validate
super super
if project.above_size_limit?
raise_error(size_limit_error_message)
end
if file_has_changed? if file_has_changed?
raise FileChangedError.new("You are attempting to update a file that has changed since you started editing it.") raise FileChangedError.new("You are attempting to update a file that has changed since you started editing it.")
end end
......
...@@ -35,6 +35,10 @@ module MergeRequests ...@@ -35,6 +35,10 @@ module MergeRequests
end end
end end
def render_size_limit_message(project)
"The target's repository size (#{project.aggregated_repository_size}MB) exceeds the limit of #{project.repo_size_limit}MB by #{project.size_to_remove}MB"
end
private private
def filter_params def filter_params
......
...@@ -13,15 +13,23 @@ module MergeRequests ...@@ -13,15 +13,23 @@ module MergeRequests
merge_request.target_project ||= (project.forked_from_project || project) merge_request.target_project ||= (project.forked_from_project || project)
merge_request.target_branch ||= merge_request.target_project.default_branch merge_request.target_branch ||= merge_request.target_project.default_branch
if merge_request.target_project.above_size_limit?
message = render_size_limit_message(merge_request.target_project)
merge_request.errors.add(:base, message)
end
if merge_request.target_branch.blank? || merge_request.source_branch.blank? if merge_request.target_branch.blank? || merge_request.source_branch.blank?
message = message =
if params[:source_branch] || params[:target_branch] if params[:source_branch] || params[:target_branch]
"You must select source and target branch" "You must select source and target branch"
end end
return build_failed(merge_request, message) merge_request.errors.add(:base, message) unless message.nil?
end end
return build_failed(merge_request) unless merge_request.is_valid?
compare = CompareService.new.execute( compare = CompareService.new.execute(
merge_request.source_project, merge_request.source_project,
merge_request.source_branch, merge_request.source_branch,
...@@ -97,8 +105,7 @@ module MergeRequests ...@@ -97,8 +105,7 @@ module MergeRequests
merge_request merge_request
end end
def build_failed(merge_request, message) def build_failed(merge_request)
merge_request.errors.add(:base, message) unless message.nil?
merge_request.compare_commits = [] merge_request.compare_commits = []
merge_request.can_be_created = false merge_request.can_be_created = false
merge_request merge_request
......
...@@ -98,6 +98,11 @@ ...@@ -98,6 +98,11 @@
= f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2' = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2'
.col-sm-10 .col-sm-10
= f.number_field :max_attachment_size, class: 'form-control' = f.number_field :max_attachment_size, class: 'form-control'
.form-group
= f.label :repository_size_limit, 'Per repository size limit (MB)', class: 'control-label col-sm-2'
.col-sm-10
= f.number_field :repository_size_limit, class: 'form-control', min: 0
%span.help-block#repository_size_limit_help_block Includes LFS objects. It can be overridden per group, or per project. 0 for unlimited
.form-group .form-group
= f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2' = f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2'
.col-sm-10 .col-sm-10
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
= form_errors(@group) = form_errors(@group)
= render 'shared/group_form', f: f = render 'shared/group_form', f: f
= render 'groups/repository_size_limit_setting', f: f
.form-group.group-description-holder .form-group.group-description-holder
= f.label :avatar, "Group avatar", class: 'control-label' = f.label :avatar, "Group avatar", class: 'control-label'
.col-sm-10 .col-sm-10
......
- if current_user.admin?
.form-group
= f.label :repository_size_limit, class: 'control-label' do
Repository size limit (MB)
.col-sm-10
= f.number_field :repository_size_limit, class: 'form-control', min: 0
%span.help-block#repository_size_limit_help_block
Repositories within this group will be restricted to this maximum size (includes LFS objects). Can be overridden inside each project. 0 for unlimited.
...@@ -6,6 +6,8 @@ ...@@ -6,6 +6,8 @@
= form_errors(@group) = form_errors(@group)
= render 'shared/group_form', f: f = render 'shared/group_form', f: f
= render 'repository_size_limit_setting', f: f
.form-group .form-group
.col-sm-offset-2.col-sm-10 .col-sm-offset-2.col-sm-10
= image_tag group_icon(@group), alt: '', class: 'avatar group-avatar s160' = image_tag group_icon(@group), alt: '', class: 'avatar group-avatar s160'
......
...@@ -34,6 +34,14 @@ ...@@ -34,6 +34,14 @@
= visibility_level_label(@project.visibility_level) = visibility_level_label(@project.visibility_level)
.light= visibility_level_description(@project.visibility_level, @project) .light= visibility_level_description(@project.visibility_level, @project)
- if current_user.admin?
.form-group
= f.label :repository_size_limit, class: 'label-light' do
Repository size limit (MB)
= f.number_field :repository_size_limit, class: 'form-control', min: 0
%span.help-block#repository_size_limit_help_block
This project's repository will be restricted to this maximum size (includes LFS objects). 0 for unlimited.
.form-group .form-group
= render 'shared/allow_request_access', form: f = render 'shared/allow_request_access', form: f
......
...@@ -11,6 +11,9 @@ ...@@ -11,6 +11,9 @@
- when :sha_mismatch - when :sha_mismatch
:plain :plain
$('.mr-widget-body').html("#{escape_javascript(render('projects/merge_requests/widget/open/sha_mismatch'))}"); $('.mr-widget-body').html("#{escape_javascript(render('projects/merge_requests/widget/open/sha_mismatch'))}");
- when :size_limit_reached
:plain
$('.mr-widget-body').html("#{escape_javascript(render('projects/merge_requests/widget/open/size_limit_reached'))}");
- else - else
:plain :plain
$('.mr-widget-body').html("#{escape_javascript(render('projects/merge_requests/widget/open/reload'))}"); $('.mr-widget-body').html("#{escape_javascript(render('projects/merge_requests/widget/open/reload'))}");
%h4.size-limit-reached
= icon("exclamation-triangle")
This repository has reached its size limit.
%p
Please contact your GitLab administrator for more information.
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddRepositorySizeLimitToApplicationSettings < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
add_column :application_settings, :repository_size_limit, :integer, default: 0
end
end
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddRepositorySizeLimitToProjects < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
add_column :projects, :repository_size_limit, :integer
end
end
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddRepositorySizeLimitToNamespaces < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
add_column :namespaces, :repository_size_limit, :integer
end
end
...@@ -100,6 +100,7 @@ ActiveRecord::Schema.define(version: 20160915201649) do ...@@ -100,6 +100,7 @@ ActiveRecord::Schema.define(version: 20160915201649) do
t.boolean "usage_ping_enabled", default: true, null: false t.boolean "usage_ping_enabled", default: true, null: false
t.boolean "koding_enabled" t.boolean "koding_enabled"
t.string "koding_url" t.string "koding_url"
t.integer "repository_size_limit", default: 0
end end
create_table "approvals", force: :cascade do |t| create_table "approvals", force: :cascade do |t|
...@@ -736,6 +737,7 @@ ActiveRecord::Schema.define(version: 20160915201649) do ...@@ -736,6 +737,7 @@ ActiveRecord::Schema.define(version: 20160915201649) do
t.datetime "ldap_sync_last_successful_update_at" t.datetime "ldap_sync_last_successful_update_at"
t.datetime "ldap_sync_last_sync_at" t.datetime "ldap_sync_last_sync_at"
t.boolean "lfs_enabled" t.boolean "lfs_enabled"
t.integer "repository_size_limit"
end end
add_index "namespaces", ["created_at"], name: "index_namespaces_on_created_at", using: :btree add_index "namespaces", ["created_at"], name: "index_namespaces_on_created_at", using: :btree
...@@ -956,6 +958,7 @@ ActiveRecord::Schema.define(version: 20160915201649) do ...@@ -956,6 +958,7 @@ ActiveRecord::Schema.define(version: 20160915201649) do
t.boolean "has_external_wiki" t.boolean "has_external_wiki"
t.boolean "repository_read_only" t.boolean "repository_read_only"
t.boolean "lfs_enabled" t.boolean "lfs_enabled"
t.integer "repository_size_limit"
end end
add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree
......
...@@ -70,6 +70,8 @@ module Gitlab ...@@ -70,6 +70,8 @@ module Gitlab
return build_status_object(true) if git_annex_branch_sync?(changes) return build_status_object(true) if git_annex_branch_sync?(changes)
if user if user
return build_status_object(false, above_size_limit_message) if project.above_size_limit?
user_push_access_check(changes) user_push_access_check(changes)
elsif deploy_key elsif deploy_key
build_status_object(false, "Deploy keys are not allowed to push code.") build_status_object(false, "Deploy keys are not allowed to push code.")
...@@ -102,6 +104,8 @@ module Gitlab ...@@ -102,6 +104,8 @@ module Gitlab
changes_list = Gitlab::ChangesList.new(changes) changes_list = Gitlab::ChangesList.new(changes)
push_size_in_bytes = 0
# Iterate over all changes to find if user allowed all of them to be applied # Iterate over all changes to find if user allowed all of them to be applied
changes_list.each do |change| changes_list.each do |change|
status = change_access_check(change) status = change_access_check(change)
...@@ -109,11 +113,44 @@ module Gitlab ...@@ -109,11 +113,44 @@ module Gitlab
# If user does not have access to make at least one change - cancel all push # If user does not have access to make at least one change - cancel all push
return status return status
end end
if project.size_limit_enabled?
push_size_in_bytes += delta_size_check(change, project.repository)
end
end
if project.size_limit_enabled? && changes_above_limit(push_size_in_bytes.to_mb)
return build_status_object(false, will_go_over_limit_message)
end end
build_status_object(true) build_status_object(true)
end end
def delta_size_check(change, repo)
oldrev, newrev = change.values_at(:oldrev, :newrev)
size_of_deltas = 0
begin
tree_a = repo.lookup(oldrev)
tree_b = repo.lookup(newrev)
diff = tree_a.diff(tree_b)
diff.each_delta do |d|
new_file_size = d.deleted? ? 0 : Gitlab::Git::Blob.raw(repo, d.new_file[:oid]).size
size_of_deltas += new_file_size
end
size_of_deltas
rescue Rugged::OdbError, Rugged::ReferenceError, Rugged::InvalidError
size_of_deltas
end
end
def changes_above_limit(size_mb)
size_mb > project.repo_size_limit || size_mb + project.aggregated_repository_size > project.repo_size_limit
end
def change_access_check(change) def change_access_check(change)
Checks::ChangeAccess.new(change, user_access: user_access, project: project).exec Checks::ChangeAccess.new(change, user_access: user_access, project: project).exec
end end
...@@ -122,6 +159,21 @@ module Gitlab ...@@ -122,6 +159,21 @@ module Gitlab
Gitlab::ProtocolAccess.allowed?(protocol) Gitlab::ProtocolAccess.allowed?(protocol)
end end
def above_size_limit_message
[
"This repository's size (#{project.aggregated_repository_size}MB) exceeds the limit of #{project.repo_size_limit}MB",
"GitLab: by #{project.size_to_remove}MB and as a result you are unable to push to it.",
"GitLab: Please contact your Gitlab administrator for more information.",
].join("\n") + "\n"
end
def will_go_over_limit_message
[
"Your push to this repository would cause it to exceed the limit of #{project.repo_size_limit}MB.",
"GitLab: As a result it has been rejected. Please contact your Gitlab administrator for more information.",
].join("\n") + "\n"
end
def matching_merge_request?(newrev, branch_name) def matching_merge_request?(newrev, branch_name)
Checks::MatchingMergeRequest.new(newrev, branch_name, project).match? Checks::MatchingMergeRequest.new(newrev, branch_name, project).match?
end end
......
...@@ -355,6 +355,18 @@ describe Projects::MergeRequestsController do ...@@ -355,6 +355,18 @@ describe Projects::MergeRequestsController do
end end
end end
context 'when the repository is above size limit' do
before do
allow_any_instance_of(Project).to receive(:above_size_limit?).and_return(true)
post :merge, base_params.merge(sha: merge_request.diff_head_sha)
end
it 'returns :size_limit_reached' do
expect(assigns(:status)).to eq(:size_limit_reached)
end
end
context 'when the merge request is not mergeable' do context 'when the merge request is not mergeable' do
before do before do
merge_request.update_attributes(title: "WIP: #{merge_request.title}") merge_request.update_attributes(title: "WIP: #{merge_request.title}")
......
...@@ -581,6 +581,24 @@ describe Gitlab::GitAccess, lib: true do ...@@ -581,6 +581,24 @@ describe Gitlab::GitAccess, lib: true do
expect(access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master')).to be_allowed expect(access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master')).to be_allowed
end end
end end
describe 'repository size restrictions' do
before do
project.update_attribute(:repository_size_limit, 50)
end
it 'returns false when blob is too big' do
allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(100.megabytes.to_i)
expect(access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master')).not_to be_allowed
end
it 'returns true when blob is just right' do
allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(2.megabytes.to_i)
expect(access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master')).to be_allowed
end
end
end end
end end
......
...@@ -85,4 +85,22 @@ describe Group, models: true do ...@@ -85,4 +85,22 @@ describe Group, models: true do
expect { group.mark_ldap_sync_as_failed('Error') }.not_to raise_error expect { group.mark_ldap_sync_as_failed('Error') }.not_to raise_error
end end
end end
describe '#repo_size_limit' do
let(:group) { build(:group) }
before do
allow_any_instance_of(ApplicationSetting).to receive(:repository_size_limit).and_return(50)
end
it 'returns the value set globally' do
expect(group.repo_size_limit).to eq(50)
end
it 'returns the value set locally' do
group.update_attribute(:repository_size_limit, 75)
expect(group.repo_size_limit).to eq(75)
end
end
end end
...@@ -479,6 +479,67 @@ describe Project, models: true do ...@@ -479,6 +479,67 @@ describe Project, models: true do
end end
end end
describe 'repository size restrictions' do
let(:project) { build(:empty_project) }
before do
allow_any_instance_of(ApplicationSetting).to receive(:repository_size_limit).and_return(50)
end
describe '#repo_size_limit' do
it 'returns the limit set in the application settings' do
expect(project.repo_size_limit).to eq(50)
end
it 'returns the value set in the group' do
group = create(:group, repository_size_limit: 100)
project.update_attribute(:namespace_id, group.id)
expect(project.repo_size_limit).to eq(100)
end
it 'returns the value set locally' do
project.update_attribute(:repository_size_limit, 75)
expect(project.repo_size_limit).to eq(75)
end
end
describe '#size_limit_enabled?' do
it 'returns false when disabled' do
project.update_attribute(:repository_size_limit, 0)
expect(project.size_limit_enabled?).to be_falsey
end
it 'returns true when a limit is set' do
project.update_attribute(:repository_size_limit, 75)
expect(project.size_limit_enabled?).to be_truthy
end
end
describe '#above_size_limit?' do
it 'returns true when above the limit' do
allow(project).to receive(:aggregated_repository_size).and_return(100)
expect(project.above_size_limit?).to be_truthy
end
it 'returns false when not over the limit' do
expect(project.above_size_limit?).to be_falsey
end
end
describe '#size_to_remove' do
it 'returns the correct value' do
allow(project).to receive(:aggregated_repository_size).and_return(100)
expect(project.size_to_remove).to eq(50)
end
end
end
describe '#default_issues_tracker?' do describe '#default_issues_tracker?' do
let(:project) { create(:project) } let(:project) { create(:project) }
let(:ext_project) { create(:redmine_project) } let(:ext_project) { create(:redmine_project) }
......
...@@ -222,6 +222,22 @@ describe 'Git HTTP requests', lib: true do ...@@ -222,6 +222,22 @@ describe 'Git HTTP requests', lib: true do
end end
end end
context "when repository is above size limit" do
let(:env) { { user: user.username, password: user.password } }
before do
project.team << [user, :master]
end
it 'responds with status 403' do
allow_any_instance_of(Project).to receive(:above_size_limit?).and_return(true)
upload(path, env) do |response|
expect(response).to have_http_status(403)
end
end
end
context "when username and password are provided" do context "when username and password are provided" do
let(:env) { { user: user.username, password: 'nope' } } let(:env) { { user: user.username, password: 'nope' } }
......
...@@ -520,7 +520,7 @@ describe 'Git LFS API and storage' do ...@@ -520,7 +520,7 @@ describe 'Git LFS API and storage' do
{ 'operation' => 'upload', { 'operation' => 'upload',
'objects' => [ 'objects' => [
{ 'oid' => '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897', { 'oid' => '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897',
'size' => 1575078 'size' => 157507855
}] }]
} }
end end
...@@ -532,10 +532,30 @@ describe 'Git LFS API and storage' do ...@@ -532,10 +532,30 @@ describe 'Git LFS API and storage' do
it 'responds with upload hypermedia link' do it 'responds with upload hypermedia link' do
expect(json_response['objects']).to be_kind_of(Array) expect(json_response['objects']).to be_kind_of(Array)
expect(json_response['objects'].first['oid']).to eq("91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897") expect(json_response['objects'].first['oid']).to eq("91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897")
expect(json_response['objects'].first['size']).to eq(1575078) expect(json_response['objects'].first['size']).to eq(157507855)
expect(json_response['objects'].first['actions']['upload']['href']).to eq("#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}.git/gitlab-lfs/objects/91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897/1575078") expect(json_response['objects'].first['actions']['upload']['href']).to eq("#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}.git/gitlab-lfs/objects/91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897/157507855")
expect(json_response['objects'].first['actions']['upload']['header']).to eq('Authorization' => authorization) expect(json_response['objects'].first['actions']['upload']['header']).to eq('Authorization' => authorization)
end end
context 'and project is above the limit' do
let(:update_lfs_permissions) do
allow_any_instance_of(Project).to receive(:above_size_limit?).and_return(true)
end
it 'responds with status 406' do
expect(response).to have_http_status(406)
end
end
context 'and project will go over the limit' do
let(:update_lfs_permissions) do
allow_any_instance_of(Project).to receive_messages(repo_size_limit: 145, size_limit_enabled?: true)
end
it 'responds with status 406' do
expect(response).to have_http_status(406)
end
end
end end
context 'when pushing one new and one existing lfs object' do context 'when pushing one new and one existing lfs object' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment