diff options
Diffstat (limited to 'spec/models')
| -rw-r--r-- | spec/models/application_setting_spec.rb | 48 | ||||
| -rw-r--r-- | spec/models/ci/pipeline_spec.rb | 8 | ||||
| -rw-r--r-- | spec/models/concerns/deprecated_assignee_spec.rb | 160 | ||||
| -rw-r--r-- | spec/models/concerns/issuable_spec.rb | 7 | ||||
| -rw-r--r-- | spec/models/concerns/protected_ref_access_spec.rb | 12 | ||||
| -rw-r--r-- | spec/models/event_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/instance_configuration_spec.rb | 7 | ||||
| -rw-r--r-- | spec/models/issue_spec.rb | 45 | ||||
| -rw-r--r-- | spec/models/merge_request_spec.rb | 60 | ||||
| -rw-r--r-- | spec/models/project_spec.rb | 69 | ||||
| -rw-r--r-- | spec/models/release_spec.rb | 16 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 6 |
12 files changed, 328 insertions, 112 deletions
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index c81572d739e..c7d7dbac736 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe ApplicationSetting do - let(:setting) { described_class.create_from_defaults } + subject(:setting) { described_class.create_from_defaults } it { include(CacheableAttributes) } it { include(ApplicationSettingImplementation) } @@ -284,6 +284,52 @@ describe ApplicationSetting do expect(subject).to be_valid end end + + describe 'when external authorization service is enabled' do + before do + setting.external_authorization_service_enabled = true + end + + it { is_expected.not_to allow_value('not a URL').for(:external_authorization_service_url) } + it { is_expected.to allow_value('https://example.com').for(:external_authorization_service_url) } + it { is_expected.to allow_value('').for(:external_authorization_service_url) } + it { is_expected.not_to allow_value(nil).for(:external_authorization_service_default_label) } + it { is_expected.not_to allow_value(11).for(:external_authorization_service_timeout) } + it { is_expected.not_to allow_value(0).for(:external_authorization_service_timeout) } + it { is_expected.not_to allow_value('not a certificate').for(:external_auth_client_cert) } + it { is_expected.to allow_value('').for(:external_auth_client_cert) } + it { is_expected.to allow_value('').for(:external_auth_client_key) } + + context 'when setting a valid client certificate for external authorization' do + let(:certificate_data) { File.read('spec/fixtures/passphrase_x509_certificate.crt') } + + before do + setting.external_auth_client_cert = certificate_data + end + + it 'requires a valid client key when a certificate is set' do + expect(setting).not_to allow_value('fefefe').for(:external_auth_client_key) + end + + it 'requires a matching certificate' do + other_private_key = File.read('spec/fixtures/x509_certificate_pk.key') + + expect(setting).not_to allow_value(other_private_key).for(:external_auth_client_key) + end + + it 'the credentials are valid when the private key can be read and matches the certificate' do + tls_attributes = [:external_auth_client_key_pass, + :external_auth_client_key, + :external_auth_client_cert] + setting.external_auth_client_key = File.read('spec/fixtures/passphrase_x509_certificate_pk.key') + setting.external_auth_client_key_pass = '5iveL!fe' + + setting.validate + + expect(setting.errors).not_to include(*tls_attributes) + end + end + end end context 'restrict creating duplicates' do diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb index 83b0f172f03..f3e78630c1b 100644 --- a/spec/models/ci/pipeline_spec.rb +++ b/spec/models/ci/pipeline_spec.rb @@ -684,12 +684,12 @@ describe Ci::Pipeline, :mailer do source_branch: 'feature', target_project: project, target_branch: 'master', - assignee: assignee, + assignees: assignees, milestone: milestone, labels: labels) end - let(:assignee) { create(:user) } + let(:assignees) { create_list(:user, 2) } let(:milestone) { create(:milestone, project: project) } let(:labels) { create_list(:label, 2) } @@ -710,7 +710,7 @@ describe Ci::Pipeline, :mailer do 'CI_MERGE_REQUEST_SOURCE_BRANCH_NAME' => merge_request.source_branch.to_s, 'CI_MERGE_REQUEST_SOURCE_BRANCH_SHA' => pipeline.source_sha.to_s, 'CI_MERGE_REQUEST_TITLE' => merge_request.title, - 'CI_MERGE_REQUEST_ASSIGNEES' => assignee.username, + 'CI_MERGE_REQUEST_ASSIGNEES' => merge_request.assignee_username_list, 'CI_MERGE_REQUEST_MILESTONE' => milestone.title, 'CI_MERGE_REQUEST_LABELS' => labels.map(&:title).join(',')) end @@ -730,7 +730,7 @@ describe Ci::Pipeline, :mailer do end context 'without assignee' do - let(:assignee) { nil } + let(:assignees) { [] } it 'does not expose assignee variable' do expect(subject.to_hash.keys).not_to include('CI_MERGE_REQUEST_ASSIGNEES') diff --git a/spec/models/concerns/deprecated_assignee_spec.rb b/spec/models/concerns/deprecated_assignee_spec.rb new file mode 100644 index 00000000000..e394de0aa34 --- /dev/null +++ b/spec/models/concerns/deprecated_assignee_spec.rb @@ -0,0 +1,160 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe DeprecatedAssignee do + let(:user) { create(:user) } + + describe '#assignee_id=' do + it 'creates the merge_request_assignees relation' do + merge_request = create(:merge_request, assignee_id: user.id) + + merge_request.reload + + expect(merge_request.merge_request_assignees.count).to eq(1) + end + + it 'nullifies the assignee_id column' do + merge_request = create(:merge_request, assignee_id: user.id) + + merge_request.reload + + expect(merge_request.read_attribute(:assignee_id)).to be_nil + end + + context 'when relation already exists' do + it 'overwrites existing assignees' do + other_user = create(:user) + merge_request = create(:merge_request, assignee_id: nil) + merge_request.merge_request_assignees.create!(user_id: user.id) + merge_request.merge_request_assignees.create!(user_id: other_user.id) + + expect { merge_request.update!(assignee_id: other_user.id) } + .to change { merge_request.reload.merge_request_assignees.count } + .from(2).to(1) + end + end + end + + describe '#assignee=' do + it 'creates the merge_request_assignees relation' do + merge_request = create(:merge_request, assignee: user) + + merge_request.reload + + expect(merge_request.merge_request_assignees.count).to eq(1) + end + + it 'nullifies the assignee_id column' do + merge_request = create(:merge_request, assignee: user) + + merge_request.reload + + expect(merge_request.read_attribute(:assignee_id)).to be_nil + end + + context 'when relation already exists' do + it 'overwrites existing assignees' do + other_user = create(:user) + merge_request = create(:merge_request, assignee: nil) + merge_request.merge_request_assignees.create!(user_id: user.id) + merge_request.merge_request_assignees.create!(user_id: other_user.id) + + expect { merge_request.update!(assignee: other_user) } + .to change { merge_request.reload.merge_request_assignees.count } + .from(2).to(1) + end + end + end + + describe '#assignee_id' do + it 'returns the first assignee ID' do + other_user = create(:user) + merge_request = create(:merge_request, assignees: [user, other_user]) + + merge_request.reload + + expect(merge_request.assignee_id).to eq(merge_request.assignee_ids.first) + end + end + + describe '#assignees' do + context 'when assignee_id exists and there is no relation' do + it 'creates the relation' do + merge_request = create(:merge_request, assignee_id: nil) + merge_request.update_column(:assignee_id, user.id) + + expect { merge_request.assignees }.to change { merge_request.merge_request_assignees.count }.from(0).to(1) + end + + it 'nullifies the assignee_id' do + merge_request = create(:merge_request, assignee_id: nil) + merge_request.update_column(:assignee_id, user.id) + + expect { merge_request.assignees } + .to change { merge_request.read_attribute(:assignee_id) } + .from(user.id).to(nil) + end + end + + context 'when DB is read-only' do + before do + allow(Gitlab::Database).to receive(:read_only?) { true } + end + + it 'returns a users relation' do + merge_request = create(:merge_request, assignee_id: user.id) + + expect(merge_request.assignees).to be_a(ActiveRecord::Relation) + expect(merge_request.assignees).to eq([user]) + end + + it 'returns an empty relation if no assignee_id is set' do + merge_request = create(:merge_request, assignee_id: nil) + + expect(merge_request.assignees).to be_a(ActiveRecord::Relation) + expect(merge_request.assignees).to eq([]) + end + end + end + + describe '#assignee_ids' do + context 'when assignee_id exists and there is no relation' do + it 'creates the relation' do + merge_request = create(:merge_request, assignee_id: nil) + merge_request.update_column(:assignee_id, user.id) + + expect { merge_request.assignee_ids }.to change { merge_request.merge_request_assignees.count }.from(0).to(1) + end + + it 'nullifies the assignee_id' do + merge_request = create(:merge_request, assignee_id: nil) + merge_request.update_column(:assignee_id, user.id) + + expect { merge_request.assignee_ids } + .to change { merge_request.read_attribute(:assignee_id) } + .from(user.id).to(nil) + end + end + + context 'when DB is read-only' do + before do + allow(Gitlab::Database).to receive(:read_only?) { true } + end + + it 'returns a list of user IDs' do + merge_request = create(:merge_request, assignee_id: user.id) + + expect(merge_request.assignee_ids).to be_a(Array) + expect(merge_request.assignee_ids).to eq([user.id]) + end + + it 'returns an empty relation if no assignee_id is set' do + merge_request = create(:merge_request, assignee_id: nil) + + expect(merge_request.assignee_ids).to be_a(Array) + expect(merge_request.assignee_ids).to eq([]) + end + end + end +end diff --git a/spec/models/concerns/issuable_spec.rb b/spec/models/concerns/issuable_spec.rb index 27ed298ae08..64f02978d79 100644 --- a/spec/models/concerns/issuable_spec.rb +++ b/spec/models/concerns/issuable_spec.rb @@ -502,8 +502,8 @@ describe Issuable do let(:user2) { create(:user) } before do - merge_request.update(assignee: user) - merge_request.update(assignee: user2) + merge_request.update(assignees: [user]) + merge_request.update(assignees: [user, user2]) expect(Gitlab::HookData::IssuableBuilder) .to receive(:new).with(merge_request).and_return(builder) end @@ -512,8 +512,7 @@ describe Issuable do expect(builder).to receive(:build).with( user: user, changes: hash_including( - 'assignee_id' => [user.id, user2.id], - 'assignee' => [user.hook_attrs, user2.hook_attrs] + 'assignees' => [[user.hook_attrs], [user.hook_attrs, user2.hook_attrs]] )) merge_request.to_hook_data(user, old_associations: { assignees: [user] }) diff --git a/spec/models/concerns/protected_ref_access_spec.rb b/spec/models/concerns/protected_ref_access_spec.rb index 94798f0590d..f63ad958ed3 100644 --- a/spec/models/concerns/protected_ref_access_spec.rb +++ b/spec/models/concerns/protected_ref_access_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' describe ProtectedRefAccess do + include ExternalAuthorizationServiceHelpers + subject(:protected_ref_access) do create(:protected_branch, :maintainers_can_push).push_access_levels.first end @@ -29,5 +31,15 @@ describe ProtectedRefAccess do expect(protected_ref_access.check_access(developer)).to be_falsy end + + context 'external authorization' do + it 'is false if external authorization denies access' do + maintainer = create(:user) + project.add_maintainer(maintainer) + external_service_deny_access(maintainer, project) + + expect(protected_ref_access.check_access(maintainer)).to be_falsey + end + end end end diff --git a/spec/models/event_spec.rb b/spec/models/event_spec.rb index d192fe70506..e91b5c4c86f 100644 --- a/spec/models/event_spec.rb +++ b/spec/models/event_spec.rb @@ -263,7 +263,7 @@ describe Event do context 'merge request diff note event' do let(:project) { create(:project, :public) } - let(:merge_request) { create(:merge_request, source_project: project, author: author, assignee: assignee) } + let(:merge_request) { create(:merge_request, source_project: project, author: author, assignees: [assignee]) } let(:note_on_merge_request) { create(:legacy_diff_note_on_merge_request, noteable: merge_request, project: project) } let(:target) { note_on_merge_request } diff --git a/spec/models/instance_configuration_spec.rb b/spec/models/instance_configuration_spec.rb index e65f97df3c3..43954511858 100644 --- a/spec/models/instance_configuration_spec.rb +++ b/spec/models/instance_configuration_spec.rb @@ -82,6 +82,13 @@ describe InstanceConfiguration do it 'returns the key artifacts_max_size' do expect(gitlab_ci.keys).to include(:artifacts_max_size) end + + it 'returns the key artifacts_max_size with values' do + stub_application_setting(max_artifacts_size: 200) + + expect(gitlab_ci[:artifacts_max_size][:default]).to eq(100.megabytes) + expect(gitlab_ci[:artifacts_max_size][:value]).to eq(200.megabytes) + end end end end diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index 892dd053e39..0cd69cb4817 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' describe Issue do + include ExternalAuthorizationServiceHelpers + describe "Associations" do it { is_expected.to belong_to(:milestone) } it { is_expected.to have_many(:assignees) } @@ -779,4 +781,47 @@ describe Issue do it_behaves_like 'throttled touch' do subject { create(:issue, updated_at: 1.hour.ago) } end + + context 'when an external authentication service' do + before do + enable_external_authorization_service_check + end + + describe '#visible_to_user?' do + it 'is `false` when an external authorization service is enabled' do + issue = build(:issue, project: build(:project, :public)) + + expect(issue).not_to be_visible_to_user + end + + it 'checks the external service to determine if an issue is readable by a user' do + project = build(:project, :public, + external_authorization_classification_label: 'a-label') + issue = build(:issue, project: project) + user = build(:user) + + expect(::Gitlab::ExternalAuthorization).to receive(:access_allowed?).with(user, 'a-label') { false } + expect(issue.visible_to_user?(user)).to be_falsy + end + + it 'does not check the external service if a user does not have access to the project' do + project = build(:project, :private, + external_authorization_classification_label: 'a-label') + issue = build(:issue, project: project) + user = build(:user) + + expect(::Gitlab::ExternalAuthorization).not_to receive(:access_allowed?) + expect(issue.visible_to_user?(user)).to be_falsy + end + + it 'does not check the external webservice for admins' do + issue = build(:issue) + user = build(:admin) + + expect(::Gitlab::ExternalAuthorization).not_to receive(:access_allowed?) + + issue.visible_to_user?(user) + end + end + end end diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb index 6f34ef9c1bc..f61857ea5ff 100644 --- a/spec/models/merge_request_spec.rb +++ b/spec/models/merge_request_spec.rb @@ -13,7 +13,7 @@ describe MergeRequest do it { is_expected.to belong_to(:target_project).class_name('Project') } it { is_expected.to belong_to(:source_project).class_name('Project') } it { is_expected.to belong_to(:merge_user).class_name("User") } - it { is_expected.to belong_to(:assignee) } + it { is_expected.to have_many(:assignees).through(:merge_request_assignees) } it { is_expected.to have_many(:merge_request_diffs) } context 'for forks' do @@ -181,31 +181,6 @@ describe MergeRequest do expect(MergeRequest::Metrics.count).to eq(1) end end - - describe '#refresh_merge_request_assignees' do - set(:user) { create(:user) } - - it 'creates merge request assignees relation upon MR creation' do - merge_request = create(:merge_request, assignee: nil) - - expect(merge_request.merge_request_assignees).to be_empty - - expect { merge_request.update!(assignee: user) } - .to change { merge_request.reload.merge_request_assignees.count } - .from(0).to(1) - end - - it 'updates merge request assignees relation upon MR assignee change' do - another_user = create(:user) - merge_request = create(:merge_request, assignee: user) - - expect { merge_request.update!(assignee: another_user) } - .to change { merge_request.reload.merge_request_assignees.first.assignee } - .from(user).to(another_user) - - expect(merge_request.merge_request_assignees.count).to eq(1) - end - end end describe 'respond to' do @@ -337,34 +312,18 @@ describe MergeRequest do describe '#card_attributes' do it 'includes the author name' do allow(subject).to receive(:author).and_return(double(name: 'Robert')) - allow(subject).to receive(:assignee).and_return(nil) + allow(subject).to receive(:assignees).and_return([]) expect(subject.card_attributes) - .to eq({ 'Author' => 'Robert', 'Assignee' => nil }) + .to eq({ 'Author' => 'Robert', 'Assignee' => "" }) end - it 'includes the assignee name' do + it 'includes the assignees name' do allow(subject).to receive(:author).and_return(double(name: 'Robert')) - allow(subject).to receive(:assignee).and_return(double(name: 'Douwe')) + allow(subject).to receive(:assignees).and_return([double(name: 'Douwe'), double(name: 'Robert')]) expect(subject.card_attributes) - .to eq({ 'Author' => 'Robert', 'Assignee' => 'Douwe' }) - end - end - - describe '#assignee_ids' do - it 'returns an array of the assigned user id' do - subject.assignee_id = 123 - - expect(subject.assignee_ids).to eq([123]) - end - end - - describe '#assignee_ids=' do - it 'sets assignee_id to the last id in the array' do - subject.assignee_ids = [123, 456] - - expect(subject.assignee_id).to eq(456) + .to eq({ 'Author' => 'Robert', 'Assignee' => 'Douwe and Robert' }) end end @@ -372,7 +331,7 @@ describe MergeRequest do let(:user) { create(:user) } it 'returns true for a user that is assigned to a merge request' do - subject.assignee = user + subject.assignees = [user] expect(subject.assignee_or_author?(user)).to eq(true) end @@ -1949,15 +1908,14 @@ describe MergeRequest do it 'updates when assignees change' do user1 = create(:user) user2 = create(:user) - mr = create(:merge_request, assignee: user1) + mr = create(:merge_request, assignees: [user1]) mr.project.add_developer(user1) mr.project.add_developer(user2) expect(user1.assigned_open_merge_requests_count).to eq(1) expect(user2.assigned_open_merge_requests_count).to eq(0) - mr.assignee = user2 - mr.save + mr.assignees = [user2] expect(user1.assigned_open_merge_requests_count).to eq(0) expect(user2.assigned_open_merge_requests_count).to eq(1) diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 5eb31430ccd..7f8d2ff91fd 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -5,6 +5,7 @@ require 'spec_helper' describe Project do include ProjectForksHelper include GitHelpers + include ExternalAuthorizationServiceHelpers it_behaves_like 'having unique enum values' @@ -2721,7 +2722,7 @@ describe Project do end describe '#any_lfs_file_locks?', :request_store do - let!(:project) { create(:project) } + set(:project) { create(:project) } it 'returns false when there are no LFS file locks' do expect(project.any_lfs_file_locks?).to be_falsey @@ -3159,53 +3160,6 @@ describe Project do expect(projects).to eq([public_project]) end end - - context 'with requested visibility levels' do - set(:internal_project) { create(:project, :internal, :repository) } - set(:private_project_2) { create(:project, :private) } - - context 'with admin user' do - set(:admin) { create(:admin) } - - it 'returns all projects' do - projects = described_class.all.public_or_visible_to_user(admin, []) - - expect(projects).to match_array([public_project, private_project, private_project_2, internal_project]) - end - - it 'returns all public and private projects' do - projects = described_class.all.public_or_visible_to_user(admin, [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE]) - - expect(projects).to match_array([public_project, private_project, private_project_2]) - end - - it 'returns all private projects' do - projects = described_class.all.public_or_visible_to_user(admin, [Gitlab::VisibilityLevel::PRIVATE]) - - expect(projects).to match_array([private_project, private_project_2]) - end - end - - context 'with regular user' do - it 'returns authorized projects' do - projects = described_class.all.public_or_visible_to_user(user, []) - - expect(projects).to match_array([public_project, private_project, internal_project]) - end - - it "returns user's public and private projects" do - projects = described_class.all.public_or_visible_to_user(user, [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE]) - - expect(projects).to match_array([public_project, private_project]) - end - - it 'returns one private project' do - projects = described_class.all.public_or_visible_to_user(user, [Gitlab::VisibilityLevel::PRIVATE]) - - expect(projects).to eq([private_project]) - end - end - end end describe '.with_feature_available_for_user' do @@ -4417,6 +4371,25 @@ describe Project do end end + describe '#external_authorization_classification_label' do + it 'falls back to the default when none is configured' do + enable_external_authorization_service_check + + expect(build(:project).external_authorization_classification_label) + .to eq('default_label') + end + + it 'returns the classification label if it was configured on the project' do + enable_external_authorization_service_check + + project = build(:project, + external_authorization_classification_label: 'hello') + + expect(project.external_authorization_classification_label) + .to eq('hello') + end + end + describe "#pages_https_only?" do subject { build(:project) } diff --git a/spec/models/release_spec.rb b/spec/models/release_spec.rb index b4b32c95dee..0b19a4f8efc 100644 --- a/spec/models/release_spec.rb +++ b/spec/models/release_spec.rb @@ -18,6 +18,22 @@ RSpec.describe Release do describe 'validation' do it { is_expected.to validate_presence_of(:project) } it { is_expected.to validate_presence_of(:description) } + it { is_expected.to validate_presence_of(:name) } + + context 'when a release exists in the database without a name' do + it 'does not require name' do + existing_release_without_name = build(:release, project: project, author: user, name: nil) + existing_release_without_name.save(validate: false) + + existing_release_without_name.description = "change" + existing_release_without_name.save + existing_release_without_name.reload + + expect(existing_release_without_name).to be_valid + expect(existing_release_without_name.description).to eq("change") + expect(existing_release_without_name.name).to be_nil + end + end end describe '#assets_count' do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index a45a2737b13..d1338e34bb8 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -2816,9 +2816,9 @@ describe User do project = create(:project, :public) archived_project = create(:project, :public, :archived) - create(:merge_request, source_project: project, author: user, assignee: user) - create(:merge_request, :closed, source_project: project, author: user, assignee: user) - create(:merge_request, source_project: archived_project, author: user, assignee: user) + create(:merge_request, source_project: project, author: user, assignees: [user]) + create(:merge_request, :closed, source_project: project, author: user, assignees: [user]) + create(:merge_request, source_project: archived_project, author: user, assignees: [user]) expect(user.assigned_open_merge_requests_count(force: true)).to eq 1 end |