Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e2a5f98e
Commit
e2a5f98e
authored
Feb 17, 2021
by
lauraMon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Updates authorization for lint
* Adds signup_disabled to CurrentSettings
parent
2cfd79d4
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
42 additions
and
8 deletions
+42
-8
changelogs/unreleased/lm-fix-authorization-lint.yml
changelogs/unreleased/lm-fix-authorization-lint.yml
+5
-0
lib/api/lint.rb
lib/api/lint.rb
+1
-1
lib/gitlab/current_settings.rb
lib/gitlab/current_settings.rb
+4
-0
spec/lib/gitlab/current_settings_spec.rb
spec/lib/gitlab/current_settings_spec.rb
+20
-0
spec/requests/api/lint_spec.rb
spec/requests/api/lint_spec.rb
+12
-7
No files found.
changelogs/unreleased/lm-fix-authorization-lint.yml
0 → 100644
View file @
e2a5f98e
---
title
:
Updates authorization for linting endpoint
merge_request
:
54492
author
:
type
:
changed
lib/api/lint.rb
View file @
e2a5f98e
...
@@ -11,7 +11,7 @@ module API
...
@@ -11,7 +11,7 @@ module API
optional
:include_merged_yaml
,
type:
Boolean
,
desc:
'Whether or not to include merged CI config yaml in the response'
optional
:include_merged_yaml
,
type:
Boolean
,
desc:
'Whether or not to include merged CI config yaml in the response'
end
end
post
'/lint'
do
post
'/lint'
do
unauthorized!
unless
Gitlab
::
CurrentSettings
.
signup_enabled?
&&
current_user
unauthorized!
if
Gitlab
::
CurrentSettings
.
signup_disabled?
&&
current_user
.
nil?
result
=
Gitlab
::
Ci
::
YamlProcessor
.
new
(
params
[
:content
],
user:
current_user
).
execute
result
=
Gitlab
::
Ci
::
YamlProcessor
.
new
(
params
[
:content
],
user:
current_user
).
execute
...
...
lib/gitlab/current_settings.rb
View file @
e2a5f98e
...
@@ -3,6 +3,10 @@
...
@@ -3,6 +3,10 @@
module
Gitlab
module
Gitlab
module
CurrentSettings
module
CurrentSettings
class
<<
self
class
<<
self
def
signup_disabled?
!
signup_enabled?
end
def
current_application_settings
def
current_application_settings
Gitlab
::
SafeRequestStore
.
fetch
(
:current_application_settings
)
{
ensure_application_settings!
}
Gitlab
::
SafeRequestStore
.
fetch
(
:current_application_settings
)
{
ensure_application_settings!
}
end
end
...
...
spec/lib/gitlab/current_settings_spec.rb
View file @
e2a5f98e
...
@@ -24,6 +24,26 @@ RSpec.describe Gitlab::CurrentSettings do
...
@@ -24,6 +24,26 @@ RSpec.describe Gitlab::CurrentSettings do
end
end
end
end
describe
'.signup_disabled?'
do
subject
{
described_class
.
signup_disabled?
}
context
'when signup is enabled'
do
before
do
create
(
:application_setting
,
signup_enabled:
true
)
end
it
{
is_expected
.
to
be_falsey
}
end
context
'when signup is disabled'
do
before
do
create
(
:application_setting
,
signup_enabled:
false
)
end
it
{
is_expected
.
to
be_truthy
}
end
end
describe
'#current_application_settings'
,
:use_clean_rails_memory_store_caching
do
describe
'#current_application_settings'
,
:use_clean_rails_memory_store_caching
do
it
'allows keys to be called directly'
do
it
'allows keys to be called directly'
do
db_settings
=
create
(
:application_setting
,
db_settings
=
create
(
:application_setting
,
...
...
spec/requests/api/lint_spec.rb
View file @
e2a5f98e
...
@@ -5,7 +5,9 @@ require 'spec_helper'
...
@@ -5,7 +5,9 @@ require 'spec_helper'
RSpec
.
describe
API
::
Lint
do
RSpec
.
describe
API
::
Lint
do
describe
'POST /ci/lint'
do
describe
'POST /ci/lint'
do
context
'when signup settings are disabled'
do
context
'when signup settings are disabled'
do
Gitlab
::
CurrentSettings
.
signup_enabled
=
false
before
do
Gitlab
::
CurrentSettings
.
signup_enabled
=
false
end
context
'when unauthenticated'
do
context
'when unauthenticated'
do
it
'returns authentication error'
do
it
'returns authentication error'
do
...
@@ -16,22 +18,25 @@ RSpec.describe API::Lint do
...
@@ -16,22 +18,25 @@ RSpec.describe API::Lint do
end
end
context
'when authenticated'
do
context
'when authenticated'
do
it
'returns unauthorized error'
do
let_it_be
(
:api_user
)
{
create
(
:user
)
}
post
api
(
'/ci/lint'
),
params:
{
content:
'content'
}
it
'returns authorized'
do
post
api
(
'/ci/lint'
,
api_user
),
params:
{
content:
'content'
}
expect
(
response
).
to
have_gitlab_http_status
(
:
unauthorized
)
expect
(
response
).
to
have_gitlab_http_status
(
:
ok
)
end
end
end
end
end
end
context
'when signup settings are enabled'
do
context
'when signup settings are enabled'
do
Gitlab
::
CurrentSettings
.
signup_enabled
=
true
before
do
Gitlab
::
CurrentSettings
.
signup_enabled
=
true
end
context
'when unauthenticated'
do
context
'when unauthenticated'
do
it
'returns auth
entication error
'
do
it
'returns auth
orized success
'
do
post
api
(
'/ci/lint'
),
params:
{
content:
'content'
}
post
api
(
'/ci/lint'
),
params:
{
content:
'content'
}
expect
(
response
).
to
have_gitlab_http_status
(
:
unauthorized
)
expect
(
response
).
to
have_gitlab_http_status
(
:
ok
)
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment