Commit da48b74b authored by Luke Duncalfe's avatar Luke Duncalfe Committed by Douglas Barbosa Alexandre

Allow all fork network members to access LfsObject

This changes LfsObject#project_allowed_access? to allow all members of
a fork network to be considered allowed access.

https://gitlab.com/gitlab-org/gitlab/merge_requests/17558
parent 0ece59c9
...@@ -24,7 +24,13 @@ class LfsObject < ApplicationRecord ...@@ -24,7 +24,13 @@ class LfsObject < ApplicationRecord
end end
def project_allowed_access?(project) def project_allowed_access?(project)
projects.exists?(project.lfs_storage_project.id) if project.fork_network_member
lfs_objects_projects
.where("EXISTS(?)", project.fork_network.fork_network_members.select(1).where("fork_network_members.project_id = lfs_objects_projects.project_id"))
.exists?
else
lfs_objects_projects.where(project_id: project.id).exists?
end
end end
def local_store? def local_store?
......
...@@ -31,6 +31,46 @@ describe LfsObject do ...@@ -31,6 +31,46 @@ describe LfsObject do
end end
end end
describe '#project_allowed_access?' do
set(:lfs_object) { create(:lfs_objects_project).lfs_object }
set(:project) { create(:project) }
it 'returns true when project is linked' do
create(:lfs_objects_project, lfs_object: lfs_object, project: project)
expect(lfs_object.project_allowed_access?(project)).to eq(true)
end
it 'returns false when project is not linked' do
expect(lfs_object.project_allowed_access?(project)).to eq(false)
end
context 'when project is a member of a fork network' do
set(:fork_network) { create(:fork_network) }
set(:fork_network_root_project) { fork_network.root_project }
set(:fork_network_membership) { create(:fork_network_member, project: project, fork_network: fork_network) }
it 'returns true for all members when forked project is linked' do
create(:lfs_objects_project, lfs_object: lfs_object, project: project)
expect(lfs_object.project_allowed_access?(project)).to eq(true)
expect(lfs_object.project_allowed_access?(fork_network_root_project)).to eq(true)
end
it 'returns true for all members when root of network is linked' do
create(:lfs_objects_project, lfs_object: lfs_object, project: fork_network_root_project)
expect(lfs_object.project_allowed_access?(project)).to eq(true)
expect(lfs_object.project_allowed_access?(fork_network_root_project)).to eq(true)
end
it 'returns false when no member of fork network is linked' do
expect(lfs_object.project_allowed_access?(project)).to eq(false)
expect(lfs_object.project_allowed_access?(fork_network_root_project)).to eq(false)
end
end
end
describe '#schedule_background_upload' do describe '#schedule_background_upload' do
before do before do
stub_lfs_setting(enabled: true) stub_lfs_setting(enabled: true)
......
...@@ -25,13 +25,17 @@ shared_examples 'a controller that can serve LFS files' do |options = {}| ...@@ -25,13 +25,17 @@ shared_examples 'a controller that can serve LFS files' do |options = {}|
context 'when lfs is enabled' do context 'when lfs is enabled' do
before do before do
allow_any_instance_of(Project).to receive(:lfs_enabled?).and_return(true) allow_any_instance_of(Project).to receive(:lfs_enabled?).and_return(true)
allow_any_instance_of(LfsObjectUploader).to receive(:exists?).and_return(true)
allow(controller).to receive(:send_file) { controller.head :ok }
end end
context 'when project has access' do def link_project(project)
project.lfs_objects << lfs_object
end
context 'when the project is linked to the LfsObject' do
before do before do
project.lfs_objects << lfs_object link_project(project)
allow_any_instance_of(LfsObjectUploader).to receive(:exists?).and_return(true)
allow(controller).to receive(:send_file) { controller.head :ok }
end end
it 'serves the file' do it 'serves the file' do
...@@ -76,13 +80,68 @@ shared_examples 'a controller that can serve LFS files' do |options = {}| ...@@ -76,13 +80,68 @@ shared_examples 'a controller that can serve LFS files' do |options = {}|
end end
end end
context 'when project does not have access' do context 'when project is not linked to the LfsObject' do
it 'does not serve the file' do it 'does not serve the file' do
subject subject
expect(response).to have_gitlab_http_status(404) expect(response).to have_gitlab_http_status(404)
end end
end end
context 'when the project is part of a fork network' do
shared_examples 'a controller that correctly serves lfs files within a fork network' do
it do
expect(fork_network_member).not_to eq(fork_network.root_project)
end
it 'does not serve the file if no members are linked to the LfsObject' do
subject
expect(response).to have_gitlab_http_status(404)
end
it 'serves the file when the fork network root is linked to the LfsObject' do
link_project(fork_network.root_project)
subject
expect(response).to have_gitlab_http_status(200)
end
it 'serves the file when the fork network member is linked to the LfsObject' do
link_project(fork_network_member)
subject
expect(response).to have_gitlab_http_status(200)
end
end
context 'when the project is the root of the fork network' do
let!(:fork_network) { create(:fork_network, root_project: project) }
let!(:fork_network_member) { create(:fork_network_member, fork_network: fork_network).project }
before do
project.reload
end
it_behaves_like 'a controller that correctly serves lfs files within a fork network'
end
context 'when the project is a downstream member of the fork network' do
let!(:fork_network) { create(:fork_network) }
let!(:fork_network_member) do
create(:fork_network_member, project: project, fork_network: fork_network)
project
end
before do
project.reload
end
it_behaves_like 'a controller that correctly serves lfs files within a fork network'
end
end
end end
context 'when lfs is not enabled' do context 'when lfs is not enabled' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment