diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-07-18 12:36:44 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-07-19 12:23:41 +0200 |
| commit | 2532ec9edcf9a961c2020c7180c24ec44a8b8308 (patch) | |
| tree | 7bb62d7d9d04db1264a0fcb4c1e34f024759a50a /spec | |
| parent | cd546a784434a8d1a872bc37e5a0c252b030f73c (diff) | |
| download | gitlab-ce-2532ec9edcf9a961c2020c7180c24ec44a8b8308.tar.gz | |
Allow to pull code with deploy key from public projectsallow-deploy-key-to-download-public-projects
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 72 |
1 files changed, 61 insertions, 11 deletions
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index db33c7a22bb..ae064a878b0 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -44,12 +44,12 @@ describe Gitlab::GitAccess, lib: true do end describe 'download_access_check' do + subject { access.check('git-upload-pack') } + describe 'master permissions' do before { project.team << [user, :master] } context 'pull code' do - subject { access.download_access_check } - it { expect(subject.allowed?).to be_truthy } end end @@ -58,8 +58,6 @@ describe Gitlab::GitAccess, lib: true do before { project.team << [user, :guest] } context 'pull code' do - subject { access.download_access_check } - it { expect(subject.allowed?).to be_falsey } end end @@ -71,16 +69,12 @@ describe Gitlab::GitAccess, lib: true do end context 'pull code' do - subject { access.download_access_check } - it { expect(subject.allowed?).to be_falsey } end end describe 'without acccess to project' do context 'pull code' do - subject { access.download_access_check } - it { expect(subject.allowed?).to be_falsey } end end @@ -90,10 +84,31 @@ describe Gitlab::GitAccess, lib: true do let(:actor) { key } context 'pull code' do - before { key.projects << project } - subject { access.download_access_check } + context 'when project is authorized' do + before { key.projects << project } - it { expect(subject.allowed?).to be_truthy } + it { expect(subject).to be_allowed } + end + + context 'when unauthorized' do + context 'from public project' do + let(:project) { create(:project, :public) } + + it { expect(subject).to be_allowed } + end + + context 'from internal project' do + let(:project) { create(:project, :internal) } + + it { expect(subject).not_to be_allowed } + end + + context 'from private project' do + let(:project) { create(:project, :internal) } + + it { expect(subject).not_to be_allowed } + end + end end end end @@ -240,5 +255,40 @@ describe Gitlab::GitAccess, lib: true do run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true })) end end + + describe 'deploy key permissions' do + let(:key) { create(:deploy_key) } + let(:actor) { key } + + context 'push code' do + subject { access.check('git-receive-pack') } + + context 'when project is authorized' do + before { key.projects << project } + + it { expect(subject).not_to be_allowed } + end + + context 'when unauthorized' do + context 'to public project' do + let(:project) { create(:project, :public) } + + it { expect(subject).not_to be_allowed } + end + + context 'to internal project' do + let(:project) { create(:project, :internal) } + + it { expect(subject).not_to be_allowed } + end + + context 'to private project' do + let(:project) { create(:project, :internal) } + + it { expect(subject).not_to be_allowed } + end + end + end + end end end |