Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e5863fb8
Commit
e5863fb8
authored
Dec 15, 2020
by
Etienne Baqué
Committed by
Thong Kuah
Dec 15, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added can_push_for_ref? method
Add it for DeployKeyAccess and UserAccess.
parent
7b4ef3d2
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
57 additions
and
16 deletions
+57
-16
lib/gitlab/checks/push_check.rb
lib/gitlab/checks/push_check.rb
+1
-9
lib/gitlab/deploy_key_access.rb
lib/gitlab/deploy_key_access.rb
+4
-0
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+4
-0
spec/lib/gitlab/checks/push_check_spec.rb
spec/lib/gitlab/checks/push_check_spec.rb
+22
-1
spec/lib/gitlab/deploy_key_access_spec.rb
spec/lib/gitlab/deploy_key_access_spec.rb
+6
-6
spec/lib/gitlab/user_access_spec.rb
spec/lib/gitlab/user_access_spec.rb
+20
-0
No files found.
lib/gitlab/checks/push_check.rb
View file @
e5863fb8
...
@@ -14,17 +14,9 @@ module Gitlab
...
@@ -14,17 +14,9 @@ module Gitlab
private
private
def
can_push?
def
can_push?
user_access
_can_push?
||
user_access
.
can_push_for_ref?
(
ref
)
||
project
.
branch_allows_collaboration?
(
user_access
.
user
,
branch_name
)
project
.
branch_allows_collaboration?
(
user_access
.
user
,
branch_name
)
end
end
def
user_access_can_push?
if
Feature
.
enabled?
(
:deploy_keys_on_protected_branches
,
project
)
user_access
.
can_push_to_branch?
(
ref
)
else
user_access
.
can_do_action?
(
:push_code
)
end
end
end
end
end
end
end
end
lib/gitlab/deploy_key_access.rb
View file @
e5863fb8
...
@@ -8,6 +8,10 @@ module Gitlab
...
@@ -8,6 +8,10 @@ module Gitlab
@container
=
container
@container
=
container
end
end
def
can_push_for_ref?
(
ref
)
can_push_to_branch?
(
ref
)
end
private
private
attr_reader
:deploy_key
attr_reader
:deploy_key
...
...
lib/gitlab/user_access.rb
View file @
e5863fb8
...
@@ -81,6 +81,10 @@ module Gitlab
...
@@ -81,6 +81,10 @@ module Gitlab
end
end
end
end
def
can_push_for_ref?
(
_
)
can_do_action?
(
:push_code
)
end
private
private
def
can_push?
def
can_push?
...
...
spec/lib/gitlab/checks/push_check_spec.rb
View file @
e5863fb8
...
@@ -12,11 +12,32 @@ RSpec.describe Gitlab::Checks::PushCheck do
...
@@ -12,11 +12,32 @@ RSpec.describe Gitlab::Checks::PushCheck do
context
'when the user is not allowed to push to the repo'
do
context
'when the user is not allowed to push to the repo'
do
it
'raises an error'
do
it
'raises an error'
do
expect
(
user_access
).
to
receive
(
:can_
push_to_branch?
).
and_return
(
false
)
expect
(
user_access
).
to
receive
(
:can_
do_action?
).
with
(
:push_code
).
and_return
(
false
)
expect
(
project
).
to
receive
(
:branch_allows_collaboration?
).
with
(
user_access
.
user
,
'master'
).
and_return
(
false
)
expect
(
project
).
to
receive
(
:branch_allows_collaboration?
).
with
(
user_access
.
user
,
'master'
).
and_return
(
false
)
expect
{
subject
.
validate!
}.
to
raise_error
(
Gitlab
::
GitAccess
::
ForbiddenError
,
'You are not allowed to push code to this project.'
)
expect
{
subject
.
validate!
}.
to
raise_error
(
Gitlab
::
GitAccess
::
ForbiddenError
,
'You are not allowed to push code to this project.'
)
end
end
end
end
context
'when using a DeployKeyAccess instance'
do
let
(
:deploy_key
)
{
create
(
:deploy_key
)
}
let
(
:user_access
)
{
Gitlab
::
DeployKeyAccess
.
new
(
deploy_key
,
container:
project
)
}
context
'when the deploy key cannot push to the targetted branch'
do
it
'raises an error'
do
allow
(
user_access
).
to
receive
(
:can_push_to_branch?
).
and_return
(
false
)
expect
{
subject
.
validate!
}.
to
raise_error
(
Gitlab
::
GitAccess
::
ForbiddenError
,
'You are not allowed to push code to this project.'
)
end
end
context
'when the deploy key can push to the targetted branch'
do
it
'is valid'
do
allow
(
user_access
).
to
receive
(
:can_push_to_branch?
).
and_return
(
true
)
expect
{
subject
.
validate!
}.
not_to
raise_error
end
end
end
end
end
end
end
spec/lib/gitlab/deploy_key_access_spec.rb
View file @
e5863fb8
...
@@ -25,7 +25,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
...
@@ -25,7 +25,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
end
end
end
end
describe
'#can_push_
to_branch
?'
do
describe
'#can_push_
for_ref
?'
do
context
'push to a protected branch of this project via a deploy key'
do
context
'push to a protected branch of this project via a deploy key'
do
before
do
before
do
create
(
:protected_branch_push_access_level
,
protected_branch:
protected_branch
,
deploy_key:
deploy_key
)
create
(
:protected_branch_push_access_level
,
protected_branch:
protected_branch
,
deploy_key:
deploy_key
)
...
@@ -33,7 +33,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
...
@@ -33,7 +33,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
context
'when the project has active deploy key owned by this user'
do
context
'when the project has active deploy key owned by this user'
do
it
'returns true'
do
it
'returns true'
do
expect
(
access
.
can_push_
to_branch
?
(
protected_branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_
for_ref
?
(
protected_branch
.
name
)).
to
be_truthy
end
end
end
end
...
@@ -41,7 +41,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
...
@@ -41,7 +41,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
let
(
:deploy_key
)
{
create
(
:deploy_key
,
user:
create
(
:user
))
}
let
(
:deploy_key
)
{
create
(
:deploy_key
,
user:
create
(
:user
))
}
it
'returns false'
do
it
'returns false'
do
expect
(
access
.
can_push_
to_branch
?
(
protected_branch
.
name
)).
to
be_falsey
expect
(
access
.
can_push_
for_ref
?
(
protected_branch
.
name
)).
to
be_falsey
end
end
end
end
...
@@ -49,15 +49,15 @@ RSpec.describe Gitlab::DeployKeyAccess do
...
@@ -49,15 +49,15 @@ RSpec.describe Gitlab::DeployKeyAccess do
let
(
:another_branch
)
{
create
(
:protected_branch
,
:no_one_can_push
,
name:
'another_branch'
,
project:
project
)
}
let
(
:another_branch
)
{
create
(
:protected_branch
,
:no_one_can_push
,
name:
'another_branch'
,
project:
project
)
}
it
'returns false when trying to push to that other branch'
do
it
'returns false when trying to push to that other branch'
do
expect
(
access
.
can_push_
to_branch
?
(
another_branch
.
name
)).
to
be_falsey
expect
(
access
.
can_push_
for_ref
?
(
another_branch
.
name
)).
to
be_falsey
end
end
context
'and the deploy key added for the first protected branch is also added for this other branch'
do
context
'and the deploy key added for the first protected branch is also added for this other branch'
do
it
'returns true for both protected branches'
do
it
'returns true for both protected branches'
do
create
(
:protected_branch_push_access_level
,
protected_branch:
another_branch
,
deploy_key:
deploy_key
)
create
(
:protected_branch_push_access_level
,
protected_branch:
another_branch
,
deploy_key:
deploy_key
)
expect
(
access
.
can_push_
to_branch
?
(
protected_branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_
for_ref
?
(
protected_branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_
to_branch
?
(
another_branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_
for_ref
?
(
another_branch
.
name
)).
to
be_truthy
end
end
end
end
end
end
...
...
spec/lib/gitlab/user_access_spec.rb
View file @
e5863fb8
...
@@ -310,4 +310,24 @@ RSpec.describe Gitlab::UserAccess do
...
@@ -310,4 +310,24 @@ RSpec.describe Gitlab::UserAccess do
end
end
end
end
end
end
describe
'#can_push_for_ref?'
do
let
(
:ref
)
{
'test_ref'
}
context
'when user cannot push_code to a project repository (eg. as a guest)'
do
it
'is false'
do
project
.
add_user
(
user
,
:guest
)
expect
(
access
.
can_push_for_ref?
(
ref
)).
to
be_falsey
end
end
context
'when user can push_code to a project repository (eg. as a developer)'
do
it
'is true'
do
project
.
add_user
(
user
,
:developer
)
expect
(
access
.
can_push_for_ref?
(
ref
)).
to
be_truthy
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment