Update policy and tests for maven package feature

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Update policy and tests for maven package feature
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
e4164106 · Dmitriy Zaporozhets · b4e8bca6 · e4164106 · e4164106 · e4164106
Commit e4164106 authored Aug 03, 2018 by Dmitriy Zaporozhets
3 changed files
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -84,24 +84,22 @@ module EE

      rule { can?(:read_issue) }.enable :read_issue_link

-      rule { can?(:public_access) }.policy do
-        enable :read_packages
-      end
-
      rule { can?(:reporter_access) }.policy do
        enable :admin_board
        enable :read_deploy_board
        enable :admin_issue_link
        enable :admin_epic_issue
-        enable :read_packages
+        enable :read_package
      end

      rule { can?(:developer_access) }.policy do
        enable :admin_board
        enable :admin_vulnerability_feedback
-        enable :write_packages
+        enable :admin_package
      end

+      rule { can?(:public_access) }.enable :read_package
+
      rule { can?(:developer_access) & security_reports_feature_available }.enable :read_project_security_dashboard

      rule { can?(:read_project) }.enable :read_vulnerability_feedback

--- a/ee/lib/api/maven_packages.rb
+++ b/ee/lib/api/maven_packages.rb
@@ -80,7 +80,7 @@ module API
      end
      put ':id/packages/maven/*app_group/:app_name/:app_version/:file_name/authorize', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
        not_allowed! unless Gitlab.config.packages.enabled
-        unauthorized! unless can?(current_user, :write_package, user_project)
+        unauthorized! unless can?(current_user, :admin_package, user_project)

        require_gitlab_workhorse!
        Gitlab::Workhorse.verify_api_request!(headers)
@@ -106,7 +106,7 @@ module API
      end
      put ':id/packages/maven/*app_group/:app_name/:app_version/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
        not_allowed! unless Gitlab.config.packages.enabled
-        unauthorized! unless can?(current_user, :write_package, user_project)
+        unauthorized! unless can?(current_user, :admin_package, user_project)

        require_gitlab_workhorse!


--- a/ee/spec/requests/api/maven_packages_spec.rb
+++ b/ee/spec/requests/api/maven_packages_spec.rb
@@ -52,15 +52,13 @@ describe API::MavenPackages do

        download_file_with_token(package_file_xml.file_name)

-        expect(response).to have_gitlab_http_status(400)
+        expect(response).to have_gitlab_http_status(401)
      end

      it 'denies download when no private token' do
-        project.add_guest(user)
-
        download_file(package_file_xml.file_name)

-        expect(response).to have_gitlab_http_status(400)
+        expect(response).to have_gitlab_http_status(404)
      end
    end

@@ -70,8 +68,8 @@ describe API::MavenPackages do
              "#{maven_metadatum.app_version}/#{file_name}"), params, request_headers
    end

-    def download_file_with_token(params = {}, request_headers = headers_with_token)
-      download_file(params, request_headers)
+    def download_file_with_token(file_name, params = {}, request_headers = headers_with_token)
+      download_file(file_name, params, request_headers)
    end
  end

@@ -109,7 +107,7 @@ describe API::MavenPackages do
    end

    def authorize_upload(params = {}, request_headers = headers)
-      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1-0-SNAPSHOT/maven-metadata.xml/authorize"), params, request_headers
+      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1.0-SNAPSHOT/maven-metadata.xml/authorize"), params, request_headers
    end

    def authorize_upload_with_token(params = {}, request_headers = headers_with_token)
@@ -153,12 +151,12 @@ describe API::MavenPackages do
          .and change { Packages::PackageFile.count }.by(1)

        expect(response).to have_gitlab_http_status(200)
-        expect(package_file.original_filename).to eq(file_upload.original_filename)
+        expect(package_file.file_name).to eq(file_upload.original_filename)
      end
    end

    def upload_file(params = {}, request_headers = headers)
-      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1-0-SNAPSHOT/maven-metadata.xml"), params, request_headers
+      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1.0-SNAPSHOT/maven-metadata.xml"), params, request_headers
    end

    def upload_file_with_token(params = {}, request_headers = headers_with_token)