Commit b3e05899 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Cleanup tests and add admin_container_image to

full_authentication_abilities. This is fine because
we're going to check with can?(..) anyway
parent 1cdc76f4
......@@ -218,7 +218,8 @@ module Gitlab
def full_authentication_abilities
read_authentication_abilities + [
:push_code,
:create_container_image
:create_container_image,
:admin_container_image
]
end
alias_method :api_scope_authentication_abilities, :full_authentication_abilities
......
......@@ -313,7 +313,8 @@ describe Gitlab::Auth do
def full_authentication_abilities
read_authentication_abilities + [
:push_code,
:create_container_image
:create_container_image,
:admin_container_image
]
end
end
......@@ -8,7 +8,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:payload) { JWT.decode(subject[:token], rsa_key).first }
let(:authentication_abilities) do
[:read_container_image, :create_container_image]
[:read_container_image, :create_container_image, :admin_container_image]
end
subject do
......@@ -60,7 +60,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
shared_examples 'a deletable' do
it_behaves_like 'a accessible' do
it_behaves_like 'an accessible' do
let(:actions) { ['*'] }
end
end
......@@ -126,7 +126,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'allow developer to push images' do
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
let(:current_params) do
......@@ -138,18 +138,21 @@ describe Auth::ContainerRegistryAuthenticationService do
end
context 'disallow developer to delete images' do
before { project.team << [current_user, :developer] }
before do
project.add_developer(current_user)
end
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'allow reporter to pull images' do
before do
project.team << [current_user, :reporter]
project.add_reporter(current_user)
end
context 'when pulling from root level repository' do
......@@ -172,11 +175,12 @@ describe Auth::ContainerRegistryAuthenticationService do
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'return a least of privileges' do
before do
project.team << [current_user, :reporter]
project.add_reporter(current_user)
end
let(:current_params) do
......@@ -189,7 +193,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'disallow guest to pull or push images' do
before do
project.team << [current_user, :guest]
project.add_guest(current_user)
end
let(:current_params) do
......@@ -201,13 +205,16 @@ describe Auth::ContainerRegistryAuthenticationService do
end
context 'disallow guest to delete images' do
before { project.team << [current_user, :guest] }
before do
project.add_guest(current_user)
end
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
end
......@@ -238,6 +245,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'when repository name is invalid' do
......@@ -248,14 +256,6 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
context 'disallow anyone to delete images' do
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
end
end
context 'for internal project' do
......@@ -286,6 +286,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
end
......@@ -313,13 +314,16 @@ describe Auth::ContainerRegistryAuthenticationService do
end
end
context 'delete authorized as admin' do
context 'delete authorized as master' do
let(:current_project) { create(:empty_project) }
let(:current_user) { create(:admin) }
let(:current_user) { create(:user) }
let(:authentication_abilities) do
[
:admin_container_image
]
[:admin_container_image]
end
before do
current_project.add_master(current_user)
end
it_behaves_like 'a valid token'
......@@ -344,7 +348,7 @@ describe Auth::ContainerRegistryAuthenticationService do
end
before do
current_project.team << [current_user, :developer]
current_project.add_developer(current_user)
end
it_behaves_like 'a valid token'
......@@ -394,7 +398,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'when you are member' do
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
it_behaves_like 'a pullable'
......@@ -424,7 +428,7 @@ describe Auth::ContainerRegistryAuthenticationService do
context 'when you are member' do
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
it_behaves_like 'a pullable'
......@@ -451,7 +455,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:project) { create(:empty_project, :public) }
before do
project.team << [current_user, :developer]
project.add_developer(current_user)
end
it_behaves_like 'an inaccessible'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment