diff options
| author | Lin Jen-Shin <godfat@godfat.org> | 2017-07-04 05:01:05 +0800 | 
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2017-07-04 05:01:05 +0800 | 
| commit | 23bfd8c13c803f4efdb9eaf8e6e3c1ffd17640e8 (patch) | |
| tree | 03db93cdd953b49d28fbe62da4655dcb0c23af04 /spec/policies | |
| parent | 24a1f0d833941a30b91813f36d184d3e7c3f7425 (diff) | |
| download | gitlab-ce-23bfd8c13c803f4efdb9eaf8e6e3c1ffd17640e8.tar.gz | |
Consistently check permission for creating pipelines,
updating builds and updating pipelines. We check against
being able to merge or push if the ref is protected.
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/ci/build_policy_spec.rb | 52 | ||||
| -rw-r--r-- | spec/policies/ci/pipeline_policy_spec.rb | 47 | 
2 files changed, 64 insertions, 35 deletions
| diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb index 48a139d4b83..b4c6f3141fb 100644 --- a/spec/policies/ci/build_policy_spec.rb +++ b/spec/policies/ci/build_policy_spec.rb @@ -96,55 +96,37 @@ describe Ci::BuildPolicy, :models do        end      end -    describe 'rules for manual actions' do +    describe 'rules for protected branch' do        let(:project) { create(:project) }        before do          project.add_developer(user) -      end - -      context 'when branch build is assigned to is protected' do -        before do -          create(:protected_branch, :no_one_can_push, -                 name: 'some-ref', project: project) -        end -        context 'when build is a manual action' do -          let(:build) do -            create(:ci_build, :manual, ref: 'some-ref', pipeline: pipeline) -          end - -          it 'does not include ability to update build' do -            expect(policies).not_to include :update_build -          end -        end +        create(:protected_branch, branch_policy, +               name: build.ref, project: project) +      end -        context 'when build is not a manual action' do -          let(:build) do -            create(:ci_build, ref: 'some-ref', pipeline: pipeline) -          end +      context 'when no one can push or merge to the branch' do +        let(:branch_policy) { :no_one_can_push } -          it 'includes ability to update build' do -            expect(policies).to include :update_build -          end +        it 'does not include ability to update build' do +          expect(policies).not_to include :update_build          end        end -      context 'when branch build is assigned to is not protected' do -        context 'when build is a manual action' do -          let(:build) { create(:ci_build, :manual, pipeline: pipeline) } +      context 'when developers can push to the branch' do +        let(:branch_policy) { :developers_can_push } -          it 'includes ability to update build' do -            expect(policies).to include :update_build -          end +        it 'includes ability to update build' do +          expect(policies).to include :update_build          end +      end -        context 'when build is not a manual action' do -          let(:build) { create(:ci_build, pipeline: pipeline) } +      context 'when developers can push to the branch' do +        let(:branch_policy) { :developers_can_merge } -          it 'includes ability to update build' do -            expect(policies).to include :update_build -          end +        it 'includes ability to update build' do +          expect(policies).to include :update_build          end        end      end diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb new file mode 100644 index 00000000000..4ecf07a1bf2 --- /dev/null +++ b/spec/policies/ci/pipeline_policy_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +describe Ci::PipelinePolicy, :models do +  let(:user) { create(:user) } +  let(:pipeline) { create(:ci_empty_pipeline, project: project) } + +  let(:policies) do +    described_class.abilities(user, pipeline).to_set +  end + +  describe 'rules' do +    describe 'rules for protected branch' do +      let(:project) { create(:project) } + +      before do +        project.add_developer(user) + +        create(:protected_branch, branch_policy, +               name: pipeline.ref, project: project) +      end + +      context 'when no one can push or merge to the branch' do +        let(:branch_policy) { :no_one_can_push } + +        it 'does not include ability to update pipeline' do +          expect(policies).not_to include :update_pipeline +        end +      end + +      context 'when developers can push to the branch' do +        let(:branch_policy) { :developers_can_push } + +        it 'includes ability to update pipeline' do +          expect(policies).to include :update_pipeline +        end +      end + +      context 'when developers can push to the branch' do +        let(:branch_policy) { :developers_can_merge } + +        it 'includes ability to update pipeline' do +          expect(policies).to include :update_pipeline +        end +      end +    end +  end +end | 
