Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
1e15444a
Commit
1e15444a
authored
Apr 04, 2017
by
James Edwards-Jones
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Cleanup & tests for UserAccess#can_create_tag?
parent
90c8bb83
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
76 additions
and
9 deletions
+76
-9
app/models/concerns/protected_ref.rb
app/models/concerns/protected_ref.rb
+1
-1
lib/gitlab/checks/change_access.rb
lib/gitlab/checks/change_access.rb
+1
-1
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+4
-7
spec/lib/gitlab/user_access_spec.rb
spec/lib/gitlab/user_access_spec.rb
+70
-0
No files found.
app/models/concerns/protected_ref.rb
View file @
1e15444a
...
...
@@ -8,7 +8,7 @@ module ProtectedRef
delegate
:matching
,
:matches?
,
:wildcard?
,
to: :ref_matcher
def
self
.
matching_refs_accesible_to
(
ref
,
user
,
action: :push
)
def
self
.
protected_ref_accessible_to?
(
ref
,
user
,
action: :push
)
access_levels_for_ref
(
ref
,
action:
action
).
any?
do
|
access_level
|
access_level
.
check_access
(
user
)
end
...
...
lib/gitlab/checks/change_access.rb
View file @
1e15444a
...
...
@@ -79,7 +79,7 @@ module Gitlab
return
"Protected tags cannot be deleted."
end
unless
user_access
.
can_
push
_tag?
(
@tag_name
)
unless
user_access
.
can_
create
_tag?
(
@tag_name
)
return
"You are not allowed to create this tag as it is protected."
end
end
...
...
lib/gitlab/user_access.rb
View file @
1e15444a
...
...
@@ -28,14 +28,11 @@ module Gitlab
true
end
#TODO: Test this
#TODO move most to ProtectedTag::AccessChecker. Or maybe UserAccess::Protections::Tag
#TODO: then consider removing method, if it turns out can_access_git? and can?(:push_code are checked in change_access
def
can_push_tag?
(
ref
)
def
can_create_tag?
(
ref
)
return
false
unless
can_access_git?
if
ProtectedTag
.
protected?
(
project
,
ref
)
project
.
protected_tags
.
matching_refs_accesible_to
(
ref
,
user
)
project
.
protected_tags
.
protected_ref_accessible_to?
(
ref
,
user
)
else
user
.
can?
(
:push_code
,
project
)
end
...
...
@@ -47,7 +44,7 @@ module Gitlab
if
ProtectedBranch
.
protected?
(
project
,
ref
)
return
true
if
project
.
empty_repo?
&&
project
.
user_can_push_to_empty_repo?
(
user
)
has_access
=
project
.
protected_branches
.
matching_refs_accesible_to
(
ref
,
user
,
action: :push
)
has_access
=
project
.
protected_branches
.
protected_ref_accessible_to?
(
ref
,
user
,
action: :push
)
has_access
||
!
project
.
repository
.
branch_exists?
(
ref
)
&&
can_merge_to_branch?
(
ref
)
else
...
...
@@ -59,7 +56,7 @@ module Gitlab
return
false
unless
can_access_git?
if
ProtectedBranch
.
protected?
(
project
,
ref
)
project
.
protected_branches
.
matching_refs_accesible_to
(
ref
,
user
,
action: :merge
)
project
.
protected_branches
.
protected_ref_accessible_to?
(
ref
,
user
,
action: :merge
)
else
user
.
can?
(
:push_code
,
project
)
end
...
...
spec/lib/gitlab/user_access_spec.rb
View file @
1e15444a
...
...
@@ -142,4 +142,74 @@ describe Gitlab::UserAccess, lib: true do
end
end
end
describe
'can_create_tag?'
do
describe
'push to none protected tag'
do
it
'returns true if user is a master'
do
project
.
add_user
(
user
,
:master
)
expect
(
access
.
can_create_tag?
(
'random_tag'
)).
to
be_truthy
end
it
'returns true if user is a developer'
do
project
.
add_user
(
user
,
:developer
)
expect
(
access
.
can_create_tag?
(
'random_tag'
)).
to
be_truthy
end
it
'returns false if user is a reporter'
do
project
.
add_user
(
user
,
:reporter
)
expect
(
access
.
can_create_tag?
(
'random_tag'
)).
to
be_falsey
end
end
describe
'push to protected tag'
do
let
(
:tag
)
{
create
(
:protected_tag
,
project:
project
,
name:
"test"
)
}
let
(
:not_existing_tag
)
{
create
:protected_tag
,
project:
project
}
it
'returns true if user is a master'
do
project
.
add_user
(
user
,
:master
)
expect
(
access
.
can_create_tag?
(
tag
.
name
)).
to
be_truthy
end
it
'returns false if user is a developer'
do
project
.
add_user
(
user
,
:developer
)
expect
(
access
.
can_create_tag?
(
tag
.
name
)).
to
be_falsey
end
it
'returns false if user is a reporter'
do
project
.
add_user
(
user
,
:reporter
)
expect
(
access
.
can_create_tag?
(
tag
.
name
)).
to
be_falsey
end
end
describe
'push to protected tag if allowed for developers'
do
before
do
@tag
=
create
(
:protected_tag
,
:developers_can_push
,
project:
project
)
end
it
'returns true if user is a master'
do
project
.
add_user
(
user
,
:master
)
expect
(
access
.
can_create_tag?
(
@tag
.
name
)).
to
be_truthy
end
it
'returns true if user is a developer'
do
project
.
add_user
(
user
,
:developer
)
expect
(
access
.
can_create_tag?
(
@tag
.
name
)).
to
be_truthy
end
it
'returns false if user is a reporter'
do
project
.
add_user
(
user
,
:reporter
)
expect
(
access
.
can_create_tag?
(
@tag
.
name
)).
to
be_falsey
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment