Merge branch '208290-fix-unauthorized-errors' into 'master'

Fix broken specs depending on UnauthorizedError Closes #208290 See merge request gitlab-org/gitlab!26080

Merge branch '208290-fix-unauthorized-errors' into 'master'
Fix broken specs depending on UnauthorizedError Closes #208290 See merge request gitlab-org/gitlab!26080
c7b7c67f · Rémy Coutable · 6f4bb03a · 173d3d8e · c7b7c67f · c7b7c67f
Commit c7b7c67f authored Feb 27, 2020 by Rémy Coutable
4 changed files
--- a/lib/gitlab/checks/snippet_check.rb
+++ b/lib/gitlab/checks/snippet_check.rb
@@ -21,7 +21,7 @@ module Gitlab
      def exec
        if creation? || deletion?
-          raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:create_delete_branch]
+          raise GitAccess::ForbiddenError, ERROR_MESSAGES[:create_delete_branch]
        end
        # TODO: https://gitlab.com/gitlab-org/gitlab/issues/205628

--- a/lib/gitlab/git_access_snippet.rb
+++ b/lib/gitlab/git_access_snippet.rb
@@ -28,7 +28,7 @@ module Gitlab
      # TODO: Investigate if expanding actor/authentication types are needed.
      # https://gitlab.com/gitlab-org/gitlab/issues/202190
      if actor && !actor.is_a?(User) && !actor.instance_of?(Key)
-        raise UnauthorizedError, ERROR_MESSAGES[:authentication_mechanism]
+        raise ForbiddenError, ERROR_MESSAGES[:authentication_mechanism]
      end
      unless Feature.enabled?(:version_snippets, user)
@@ -53,7 +53,7 @@ module Gitlab
    override :check_push_access!
    def check_push_access!
-      raise UnauthorizedError, ERROR_MESSAGES[:update_snippet] unless user
+      raise ForbiddenError, ERROR_MESSAGES[:update_snippet] unless user
      check_change_access!
    end
@@ -74,7 +74,7 @@ module Gitlab
      passed = guest_can_download_code? || user_can_download_code?
      unless passed
-        raise UnauthorizedError, ERROR_MESSAGES[:read_snippet]
+        raise ForbiddenError, ERROR_MESSAGES[:read_snippet]
      end
    end
@@ -91,7 +91,7 @@ module Gitlab
    override :check_change_access!
    def check_change_access!
      unless user_access.can_do_action?(:update_snippet)
-        raise UnauthorizedError, ERROR_MESSAGES[:update_snippet]
+        raise ForbiddenError, ERROR_MESSAGES[:update_snippet]
      end
      changes_list.each do |change|

--- a/spec/lib/gitlab/checks/snippet_check_spec.rb
+++ b/spec/lib/gitlab/checks/snippet_check_spec.rb
@@ -19,7 +19,7 @@ describe Gitlab::Checks::SnippetCheck do
      let(:newrev) { '0000000000000000000000000000000000000000' }
      it 'raises an error' do
-        expect { subject.exec }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can not create or delete branches.')
+        expect { subject.exec }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can not create or delete branches.')
      end
    end
@@ -27,7 +27,7 @@ describe Gitlab::Checks::SnippetCheck do
      let(:oldrev) { '0000000000000000000000000000000000000000' }
      it 'raises an error' do
-        expect { subject.exec }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can not create or delete branches.')
+        expect { subject.exec }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can not create or delete branches.')
      end
    end
  end

--- a/spec/lib/gitlab/git_access_snippet_spec.rb
+++ b/spec/lib/gitlab/git_access_snippet_spec.rb
@@ -26,7 +26,7 @@ describe Gitlab::GitAccessSnippet do
    let(:actor) { build(:deploy_key) }
    it 'does not allow push and pull access' do
-      expect { pull_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:authentication_mechanism])
+      expect { pull_access_check }.to raise_forbidden(described_class::ERROR_MESSAGES[:authentication_mechanism])
    end
  end
@@ -76,8 +76,8 @@ describe Gitlab::GitAccessSnippet do
    it 'blocks access when the user did not accept terms' do
      message = /must accept the Terms of Service in order to perform this action/
-      expect { push_access_check }.to raise_unauthorized(message)
+      expect { push_access_check }.to raise_forbidden(message)
-      expect { pull_access_check }.to raise_unauthorized(message)
+      expect { pull_access_check }.to raise_forbidden(message)
    end
    it 'allows access when the user accepted the terms' do
@@ -101,13 +101,13 @@ describe Gitlab::GitAccessSnippet do
            if Ability.allowed?(user, :update_snippet, snippet)
              expect { push_access_check }.not_to raise_error
            else
-              expect { push_access_check }.to raise_error(described_class::UnauthorizedError)
+              expect { push_access_check }.to raise_error(described_class::ForbiddenError)
            end
            if Ability.allowed?(user, :read_snippet, snippet)
              expect { pull_access_check }.not_to raise_error
            else
-              expect { pull_access_check }.to raise_error(described_class::UnauthorizedError)
+              expect { pull_access_check }.to raise_error(described_class::ForbiddenError)
            end
          end
        end
@@ -154,7 +154,7 @@ describe Gitlab::GitAccessSnippet do
    with_them do
      it "respects accessibility" do
-        error_class = described_class::UnauthorizedError
+        error_class = described_class::ForbiddenError
        if Ability.allowed?(user, :update_snippet, snippet)
          expect { push_access_check }.not_to raise_error
@@ -180,7 +180,7 @@ describe Gitlab::GitAccessSnippet do
      allow(::Gitlab::Database).to receive(:read_only?).and_return(true)
      allow(::Gitlab::Geo).to receive(:secondary_with_primary?).and_return(true)
-      expect { push_access_check }.to raise_unauthorized(/You can't push code to a read-only GitLab instance/)
+      expect { push_access_check }.to raise_forbidden(/You can't push code to a read-only GitLab instance/)
    end
  end
@@ -198,10 +198,10 @@ describe Gitlab::GitAccessSnippet do
    it 'raises error if SnippetCheck raises error' do
      expect_next_instance_of(Gitlab::Checks::SnippetCheck) do |check|
-        allow(check).to receive(:exec).and_raise(Gitlab::GitAccess::UnauthorizedError, 'foo')
+        allow(check).to receive(:exec).and_raise(Gitlab::GitAccess::ForbiddenError, 'foo')
      end
-      expect { push_access_check }.to raise_unauthorized('foo')
+      expect { push_access_check }.to raise_forbidden('foo')
    end
  end
@@ -215,7 +215,7 @@ describe Gitlab::GitAccessSnippet do
    raise_error(Gitlab::GitAccess::NotFoundError, Gitlab::GitAccess::ERROR_MESSAGES[:project_not_found])
  end
-  def raise_unauthorized(message)
+  def raise_forbidden(message)
-    raise_error(Gitlab::GitAccess::UnauthorizedError, message)
+    raise_error(Gitlab::GitAccess::ForbiddenError, message)
  end
 end