Commit 4b464ffb authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'ce-to-ee-2018-09-10' into 'master'

CE upstream - 2018-09-10 10:57 UTC

Closes gitlab-ce#51295

See merge request gitlab-org/gitlab-ee!7305
parents 726410b2 472f1f6d
# Getting started with interactive web terminals
> Introduced in GitLab 11.3.
CAUTION: **Warning:**
Interactive web terminals are in beta, so they might not work properly and
lack features. For more information [follow issue #25990](https://gitlab.com/gitlab-org/gitlab-ce/issues/25990).
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/50144) in GitLab 11.3.
Interactive web terminals give the user access to a terminal in GitLab for
running one-of commands for their CI pipeline.
......
......@@ -49,6 +49,7 @@ description: 'Learn how to contribute to GitLab.'
- [Working with the GitHub importer](github_importer.md)
- [Elasticsearch integration docs](elasticsearch.md)
- [Working with Merge Request diffs](diffs.md)
- [Permissions](permissions.md)
- [Prometheus metrics](prometheus_metrics.md)
## Performance guides
......
# GitLab permissions guide
There are multiple types of permissions across GitLab, and when implementing
anything that deals with permissions, all of them should be considered.
## Groups and Projects
### General permissions
Groups and projects can have the following visibility levels:
- public (20) - an entity is visible to everyone
- internal (10) - an entity is visible to logged in users
- private (0) - an entity is visible only to the approved members of the entity
The visibility level of a group can be changed only if all subgroups and
subprojects have the same or lower visibility level. (e.g., a group can be set
to internal only if all subgroups and projects are internal or private).
Visibility levels can be found in the `Gitlab::VisibilityLevel` module.
### Feature specific permissions
Additionally, the following project features can have different visibility levels:
- Issues
- Repository
- Merge Request
- Pipelines
- Container Registry
- Git Large File Storage
- Wiki
- Snippets
These features can be set to "Everyone with Access" or "Only Project Members".
They make sense only for public or internal projects because private projects
can be accessed only by project members by default.
### Members
Users can be members of multiple groups and projects. The following access
levels are available (defined in the `Gitlab::Access` module):
- Guest
- Reporter
- Developer
- Maintainer
- Owner
If a user is the member of both a project and the project parent group, the
higher permission is taken into account for the project.
If a user is the member of a project, but not the parent group (or groups), they
can still view the groups and their entities (like epics).
Project membership (where the group membership is already taken into account)
is stored in the `project_authorizations` table.
### Confidential issues
Confidential issues can be accessed only by project members who are at least
reporters (they can't be accessed by guests). Additionally they can be accessed
by their authors and assignees.
......@@ -8,6 +8,8 @@ module QA
class Geo < QA::Scenario::Template
include QA::Scenario::Bootable
tags :geo
attribute :geo_primary_address, '--primary-address PRIMARY'
attribute :geo_primary_name, '--primary-name PRIMARY_NAME'
attribute :geo_secondary_address, '--secondary-address SECONDARY'
......@@ -32,8 +34,8 @@ module QA
Specs::Runner.perform do |specs|
specs.tty = true
specs.tags = %w[geo]
specs.options = rspec_options.any? ? rspec_options : 'qa/specs/features'
specs.tags = self.class.focus
specs.options = rspec_options if rspec_options.any?
end
end
......
......@@ -5,10 +5,12 @@ module QA
class Runner < Scenario::Template
attr_accessor :tty, :tags, :options
DEFAULT_TEST_PATH_ARGS = ['--', File.expand_path('./features', __dir__)].freeze
def initialize
@tty = false
@tags = []
@options = [File.expand_path('./features', __dir__)]
@options = []
end
def perform
......@@ -18,10 +20,11 @@ module QA
if tags.any?
tags.each { |tag| args.push(['--tag', tag.to_s]) }
else
args.push(%w[--tag ~orchestrated])
args.push(%w[--tag ~orchestrated]) unless (%w[-t --tag] & options).any?
end
args.push(options)
args.push(DEFAULT_TEST_PATH_ARGS) unless options.any? { |opt| opt =~ %r{/features/} }
Runtime::Browser.configure!
......
......@@ -7,43 +7,65 @@ describe QA::Specs::Runner do
end
it 'excludes the orchestrated tag by default' do
expect(RSpec::Core::Runner).to receive(:run)
.with(['--tag', '~orchestrated', File.expand_path('../../qa/specs/features', __dir__)], $stderr, $stdout)
.and_return(0)
expect_rspec_runner_arguments(['--tag', '~orchestrated', *described_class::DEFAULT_TEST_PATH_ARGS])
subject.perform
end
context 'when tty is set' do
subject do
described_class.new.tap do |runner|
runner.tty = true
end
end
subject { described_class.new.tap { |runner| runner.tty = true } }
it 'sets the `--tty` flag' do
expect(RSpec::Core::Runner).to receive(:run)
.with(['--tty', '--tag', '~orchestrated', File.expand_path('../../qa/specs/features', __dir__)], $stderr, $stdout)
.and_return(0)
expect_rspec_runner_arguments(['--tty', '--tag', '~orchestrated', *described_class::DEFAULT_TEST_PATH_ARGS])
subject.perform
end
end
context 'when tags are set' do
subject do
described_class.new.tap do |runner|
runner.tags = %i[orchestrated github]
end
end
subject { described_class.new.tap { |runner| runner.tags = %i[orchestrated github] } }
it 'focuses on the given tags' do
expect(RSpec::Core::Runner).to receive(:run)
.with(['--tag', 'orchestrated', '--tag', 'github', File.expand_path('../../qa/specs/features', __dir__)], $stderr, $stdout)
.and_return(0)
expect_rspec_runner_arguments(['--tag', 'orchestrated', '--tag', 'github', *described_class::DEFAULT_TEST_PATH_ARGS])
subject.perform
end
end
context 'when "--tag smoke" is set as options' do
subject { described_class.new.tap { |runner| runner.options = %w[--tag smoke] } }
it 'focuses on the given tag without excluded the orchestrated tag' do
expect_rspec_runner_arguments(['--tag', 'smoke', *described_class::DEFAULT_TEST_PATH_ARGS])
subject.perform
end
end
context 'when "qa/specs/features/foo" is set as options' do
subject { described_class.new.tap { |runner| runner.options = %w[qa/specs/features/foo] } }
it 'passes the given tests path and excludes the orchestrated tag' do
expect_rspec_runner_arguments(['--tag', '~orchestrated', 'qa/specs/features/foo'])
subject.perform
end
end
context 'when "-- qa/specs/features/foo" is set as options' do
subject { described_class.new.tap { |runner| runner.options = %w[-- qa/specs/features/foo] } }
it 'passes the given tests path and excludes the orchestrated tag' do
expect_rspec_runner_arguments(['--tag', '~orchestrated', '--', 'qa/specs/features/foo'])
subject.perform
end
end
def expect_rspec_runner_arguments(arguments)
expect(RSpec::Core::Runner).to receive(:run)
.with(arguments, $stderr, $stdout)
.and_return(0)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment