Skip to content

G
gitlab-ce
Commit 6ea7db76 authored by Darby Frey's avatar Darby Frey
Browse files
Options

Adding resource block for admin APIs, updated API specs

parent 494c6dde
Show whitespace changes
Inline Side-by-side
Showing with 73 additions and 47 deletions
lib/api/ci/secure_files.rb
View file @ 6ea7db76
...@@ -52,8 +52,7 @@ module API ...@@ -52,8 +52,7 @@ module API
body secure_file.file.read body secure_file.file.read
end end
# Additional authorization check for admin endpoints resource do
# All APIs defined below this block will require admin level permissions
before do before do
authorize! :admin_secure_files, user_project authorize! :admin_secure_files, user_project
end end
...@@ -92,6 +91,7 @@ module API ...@@ -92,6 +91,7 @@ module API
no_content! no_content!
end end
end end
end
helpers do helpers do
def feature_flag_enabled? def feature_flag_enabled?
......
spec/requests/api/ci/secure_files_spec.rb
View file @ 6ea7db76
...@@ -235,7 +235,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -235,7 +235,9 @@ RSpec.describe API::Ci::SecureFiles do
it 'returns an error when the file checksum fails to validate' do it 'returns an error when the file checksum fails to validate' do
secure_file.update!(checksum: 'foo') secure_file.update!(checksum: 'foo')
expect do
get api("/projects/#{project.id}/secure_files/#{secure_file.id}/download", maintainer) get api("/projects/#{project.id}/secure_files/#{secure_file.id}/download", maintainer)
end.not_to change { project.secure_files.count }
expect(response.code).to eq("500") expect(response.code).to eq("500")
end end
...@@ -245,7 +247,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -245,7 +247,9 @@ RSpec.describe API::Ci::SecureFiles do
name: 'upload-keystore.jks' name: 'upload-keystore.jks'
} }
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to eq('file is missing') expect(json_response['error']).to eq('file is missing')
...@@ -256,7 +260,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -256,7 +260,9 @@ RSpec.describe API::Ci::SecureFiles do
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks') file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks')
} }
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to eq('name is missing') expect(json_response['error']).to eq('name is missing')
...@@ -269,7 +275,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -269,7 +275,9 @@ RSpec.describe API::Ci::SecureFiles do
permissions: 'foo' permissions: 'foo'
} }
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to eq('permissions does not have a valid value') expect(json_response['error']).to eq('permissions does not have a valid value')
...@@ -287,7 +295,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -287,7 +295,9 @@ RSpec.describe API::Ci::SecureFiles do
name: 'upload-keystore.jks' name: 'upload-keystore.jks'
} }
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
end end
...@@ -302,7 +312,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -302,7 +312,9 @@ RSpec.describe API::Ci::SecureFiles do
name: 'upload-keystore.jks' name: 'upload-keystore.jks'
} }
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:payload_too_large) expect(response).to have_gitlab_http_status(:payload_too_large)
end end
...@@ -310,7 +322,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -310,7 +322,9 @@ RSpec.describe API::Ci::SecureFiles do
context 'authenticated user with read permissions' do context 'authenticated user with read permissions' do
it 'does not create a secure file' do it 'does not create a secure file' do
expect do
post api("/projects/#{project.id}/secure_files", developer) post api("/projects/#{project.id}/secure_files", developer)
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:forbidden) expect(response).to have_gitlab_http_status(:forbidden)
end end
...@@ -318,7 +332,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -318,7 +332,9 @@ RSpec.describe API::Ci::SecureFiles do
context 'authenticated user with no permissions' do context 'authenticated user with no permissions' do
it 'does not create a secure file' do it 'does not create a secure file' do
expect do
post api("/projects/#{project.id}/secure_files", anonymous) post api("/projects/#{project.id}/secure_files", anonymous)
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
...@@ -326,7 +342,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -326,7 +342,9 @@ RSpec.describe API::Ci::SecureFiles do
context 'unauthenticated user' do context 'unauthenticated user' do
it 'does not create a secure file' do it 'does not create a secure file' do
expect do
post api("/projects/#{project.id}/secure_files") post api("/projects/#{project.id}/secure_files")
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:unauthorized)
end end
...@@ -340,11 +358,13 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -340,11 +358,13 @@ RSpec.describe API::Ci::SecureFiles do
delete api("/projects/#{project.id}/secure_files/#{secure_file.id}", maintainer) delete api("/projects/#{project.id}/secure_files/#{secure_file.id}", maintainer)
expect(response).to have_gitlab_http_status(:no_content) expect(response).to have_gitlab_http_status(:no_content)
end.to change {project.secure_files.count}.by(-1) end.to change { project.secure_files.count }
end end
it 'responds with 404 Not Found if requesting non-existing secure_file' do it 'responds with 404 Not Found if requesting non-existing secure_file' do
expect do
delete api("/projects/#{project.id}/secure_files/#{non_existing_record_id}", maintainer) delete api("/projects/#{project.id}/secure_files/#{non_existing_record_id}", maintainer)
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
...@@ -352,7 +372,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -352,7 +372,9 @@ RSpec.describe API::Ci::SecureFiles do
context 'authenticated user with read permissions' do context 'authenticated user with read permissions' do
it 'does not delete the secure_file' do it 'does not delete the secure_file' do
expect do
delete api("/projects/#{project.id}/secure_files/#{secure_file.id}", developer) delete api("/projects/#{project.id}/secure_files/#{secure_file.id}", developer)
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:forbidden) expect(response).to have_gitlab_http_status(:forbidden)
end end
...@@ -360,7 +382,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -360,7 +382,9 @@ RSpec.describe API::Ci::SecureFiles do
context 'authenticated user with no permissions' do context 'authenticated user with no permissions' do
it 'does not delete the secure_file' do it 'does not delete the secure_file' do
expect do
delete api("/projects/#{project.id}/secure_files/#{secure_file.id}", anonymous) delete api("/projects/#{project.id}/secure_files/#{secure_file.id}", anonymous)
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
...@@ -368,7 +392,9 @@ RSpec.describe API::Ci::SecureFiles do ...@@ -368,7 +392,9 @@ RSpec.describe API::Ci::SecureFiles do
context 'unauthenticated user' do context 'unauthenticated user' do
it 'does not delete the secure_file' do it 'does not delete the secure_file' do
expect do
delete api("/projects/#{project.id}/secure_files/#{secure_file.id}") delete api("/projects/#{project.id}/secure_files/#{secure_file.id}")
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:unauthorized)
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7