Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
5e3f8db7
Commit
5e3f8db7
authored
7 years ago
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix build access policies when pipelines are public
parent
3a54128d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
93 additions
and
2 deletions
+93
-2
app/policies/ci/build_policy.rb
app/policies/ci/build_policy.rb
+0
-2
spec/policies/ci/build_policy_spec.rb
spec/policies/ci/build_policy_spec.rb
+93
-0
No files found.
app/policies/ci/build_policy.rb
View file @
5e3f8db7
module
Ci
class
BuildPolicy
<
CommitStatusPolicy
def
rules
can!
:read_build
if
@subject
.
project
.
public_builds?
super
# If we can't read build we should also not have that
...
...
This diff is collapsed.
Click to expand it.
spec/policies/ci/build_policy_spec.rb
0 → 100644
View file @
5e3f8db7
require
'spec_helper'
describe
Ci
::
BuildPolicy
,
:models
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
)
}
let
(
:policies
)
do
described_class
.
abilities
(
user
,
build
).
to_set
end
shared_context
'public pipelines disabled'
do
before
{
project
.
update_attribute
(
:public_builds
,
false
)
}
end
describe
'#rules'
do
context
'when user does not have access to the project'
do
let
(
:project
)
{
create
(
:empty_project
,
:private
)
}
context
'when public builds are enabled'
do
it
'does not include ability to read build'
do
expect
(
policies
).
not_to
include
:read_build
end
end
context
'when public builds are disabled'
do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
policies
).
not_to
include
:read_build
end
end
end
context
'when anonymous user has access to the project'
do
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
expect
(
policies
).
to
include
:read_build
end
end
context
'when public builds are disabled'
do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
policies
).
not_to
include
:read_build
end
end
end
context
'when team member has access to the project'
do
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
context
'team member is a guest'
do
before
{
project
.
team
<<
[
user
,
:guest
]
}
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
expect
(
policies
).
to
include
:read_build
end
end
context
'when public builds are disabled'
do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
policies
).
not_to
include
:read_build
end
end
end
context
'team member is a reporter'
do
before
{
project
.
team
<<
[
user
,
:reporter
]
}
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
expect
(
policies
).
to
include
:read_build
end
end
context
'when public builds are disabled'
do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
policies
).
to
include
:read_build
end
end
end
end
end
end
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment