Commit 08429f67 authored by Thong Kuah's avatar Thong Kuah

Fix NoMethodError when accessing protected environment for job

When checking if a job can be :update_build by a user, this user is then
passed all the way to ProtectedEnvironment::DeployAccessLevel. As this
user can be nil, we return false if so.

Also fixes environment json schema so that it works correctly with
oneOf.
parent 3934a31b
......@@ -21,6 +21,7 @@ class ProtectedEnvironment::DeployAccessLevel < ApplicationRecord
delegate :project, to: :protected_environment
def check_access(user)
return false unless user
return true if user.admin?
return user.id == user_id if user_type?
return group.users.exists?(user.id) if group_type?
......
---
title: Fix NoMethodError when accessing protected environment for job
merge_request: 44257
author:
type: fixed
......@@ -74,16 +74,45 @@ RSpec.describe Projects::JobsController do
before do
stub_application_setting(shared_runners_minutes: 2)
get_show(id: job.id, format: :json)
end
it 'exposes quota information' do
get_show(id: job.id, format: :json)
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details', dir: 'ee')
expect(json_response['runners']['quota']['used']).to eq 0
expect(json_response['runners']['quota']['limit']).to eq 2
end
context 'the environment is protected' do
before do
stub_licensed_features(protected_environments: true)
create(:protected_environment, project: project)
end
let(:job) { create(:ci_build, :deploy_to_production, :with_deployment, :success, pipeline: pipeline, runner: runner) }
it 'renders successfully' do
get_show(id: job.id, format: :json)
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details', dir: 'ee')
end
context 'anonymous user' do
before do
sign_out(user)
end
it 'renders successfully' do
get_show(id: job.id, format: :json)
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details', dir: 'ee')
end
end
end
end
end
......
......@@ -20,8 +20,15 @@ RSpec.describe ProtectedEnvironment::DeployAccessLevel do
describe '#check_access' do
subject { deploy_access_level.check_access(user) }
context 'anonymous access' do
let(:user) { nil }
let(:deploy_access_level) { create(:protected_environment_deploy_access_level, protected_environment: protected_environment) }
it { is_expected.to be_falsy }
end
describe 'admin access' do
let(:user) { create(:user, :admin) }
let_it_be(:user) { create(:user, :admin) }
context 'when admin user does have specific access' do
let(:deploy_access_level) { create(:protected_environment_deploy_access_level, protected_environment: protected_environment, user: user) }
......@@ -51,7 +58,7 @@ RSpec.describe ProtectedEnvironment::DeployAccessLevel do
end
describe 'group access' do
let(:group) { create(:group, projects: [project]) }
let_it_be(:group) { create(:group, projects: [project]) }
context 'when specific access has been assigned to a group' do
let(:deploy_access_level) { create(:protected_environment_deploy_access_level, protected_environment: protected_environment, group: group) }
......@@ -111,7 +118,7 @@ RSpec.describe ProtectedEnvironment::DeployAccessLevel do
end
describe '#humanize' do
let(:protected_environment) { create(:protected_environment) }
let_it_be(:protected_environment) { create(:protected_environment) }
subject { deploy_access_level.humanize }
......
......@@ -41,9 +41,12 @@
{ "type": "null" },
{ "$ref": "deployment.json" },
{
"type": "object",
"properties" : {
"name": { "type": "string" },
"build_path": { "type": "string" }
}
}
]
},
"can_delete": { "type": "boolean" }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment