Merge branch 'preview_private_artifacts' into 'master'

Enable previewing private artifacts

Closes gitlab-foss#10982 and #14897

See merge request gitlab-org/gitlab!16675

GITLAB_PAGES_VERSION

-1.9.0
+1.10.0

app/models/ci/artifact_blob.rb

@@ -53,7 +53,7 @@ module Ci
       pages_config.enabled &&
         pages_config.artifacts_server &&
         EXTENSIONS_SERVED_BY_PAGES.include?(File.extname(name)) &&
-        job.project.public?
+        (pages_config.access_control || job.project.public?)
     end
 
     private

changelogs/unreleased/preview_private_artifacts.yml

+---
+title: Enable preview of private artifacts
+merge_request: 16675
+author: Tuomo Ala-Vannesluoma
+type: added

doc/user/project/pipelines/job_artifacts.md

@@ -56,6 +56,8 @@ For more examples on artifacts, follow the [artifacts reference in
 > directly in a new tab without the need to download them when
 > [GitLab Pages](../../../administration/pages/index.md) is enabled.
 > The same holds for textual formats (currently supported extensions: `.txt`, `.json`, and `.log`).
+> With [GitLab 12.4][gitlab-16675], also artifacts in private projects can be previewed
+> when [GitLab Pages access control](../../../administration/pages/index.md#access-control) is enabled.
 
 After a job finishes, if you visit the job's specific page, there are three
 buttons. You can download the artifacts archive or browse its contents, whereas
@@ -198,6 +200,7 @@ In order to retrieve a job artifact of a different project, you might need to us
 
 [expiry date]: ../../../ci/yaml/README.md#artifactsexpire_in
 [ce-14399]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/14399
+[gitlab-16675]: https://gitlab.com/gitlab-org/gitlab/merge_requests/16675
 
 <!-- ## Troubleshooting
 

spec/controllers/projects/artifacts_controller_spec.rb

@@ -286,6 +286,25 @@ describe Projects::ArtifactsController do
         expect(response).to render_template('projects/artifacts/file')
       end
     end
+
+    context 'when the project is private and pages access control is enabled' do
+      let(:private_project) { create(:project, :repository, :private) }
+      let(:pipeline) { create(:ci_pipeline, project: private_project) }
+      let(:job) { create(:ci_build, :success, :artifacts, pipeline: pipeline) }
+
+      before do
+        private_project.add_developer(user)
+
+        allow(Gitlab.config.pages).to receive(:access_control).and_return(true)
+        allow(Gitlab.config.pages).to receive(:artifacts_server).and_return(true)
+      end
+
+      it 'renders the file view' do
+        get :file, params: { namespace_id: private_project.namespace, project_id: private_project, job_id: job, path: 'ci_artifacts.txt' }
+
+        expect(response).to have_gitlab_http_status(302)
+      end
+    end
   end
 
   describe 'GET raw' do

spec/features/projects/artifacts/user_browses_artifacts_spec.rb

@@ -114,5 +114,24 @@ describe "User browses artifacts" do
 
       it { expect(page).to have_link("doc_sample.txt").and have_no_selector(".js-artifact-tree-external-icon") }
     end
+
+    context "when the project is private and pages access control is enabled" do
+      let!(:private_project) { create(:project, :private) }
+      let(:pipeline) { create(:ci_empty_pipeline, project: private_project) }
+      let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) }
+      let(:user) { create(:user) }
+
+      before do
+        private_project.add_developer(user)
+
+        allow(Gitlab.config.pages).to receive(:access_control).and_return(true)
+
+        sign_in(user)
+
+        visit(browse_project_job_artifacts_path(private_project, job, "other_artifacts_0.1.2"))
+      end
+
+      it { expect(page).to have_link("doc_sample.txt").and have_selector(".js-artifact-tree-external-icon") }
+    end
   end
 end