BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
8026f47d
Commit
8026f47d
authored
Jun 05, 2017
by
Shinya Maeda
Committed by
Shinya Maeda
Jun 28, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add changelog. Add AccessMatchersForController
parent
d67b5c09
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
150 additions
and
0 deletions
+150
-0
33082-use-update_pipeline_schedule-for-edit-and-take_ownership-in-pipelineschedulescontroller.yml
...dit-and-take_ownership-in-pipelineschedulescontroller.yml
+4
-0
pipeline_schedules_controller_spec.rb
...ontrollers/projects/pipeline_schedules_controller_spec.rb
+58
-0
access_matchers_for_controller.rb
spec/support/matchers/access_matchers_for_controller.rb
+88
-0
No files found.
changelogs/unreleased/33082-use-update_pipeline_schedule-for-edit-and-take_ownership-in-pipelineschedulescontroller.yml
0 → 100644
View file @
8026f47d
---
title
:
Use authorize_update_pipeline_schedule in PipelineSchedulesController
merge_request
:
11846
author
:
dosuken123
spec/controllers/projects/pipeline_schedules_controller_spec.rb
View file @
8026f47d
...
@@ -84,4 +84,62 @@ describe Projects::PipelineSchedulesController do
...
@@ -84,4 +84,62 @@ describe Projects::PipelineSchedulesController do
end
end
end
end
end
end
describe
'security'
do
include
AccessMatchersForController
describe
'GET edit'
do
let
(
:action
)
do
Proc
.
new
do
|
user
|
get
:edit
,
namespace_id:
project
.
namespace
.
to_param
,
project_id:
project
,
id:
pipeline_schedule
.
id
end
end
specify
{
expect
(
action
).
to
be_allowed_for
(
:admin
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:owner
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:master
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:developer
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:reporter
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:guest
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:user
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:external
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:visitor
)
}
end
describe
'GET take_ownership'
do
let
(
:action
)
do
Proc
.
new
do
|
user
|
post
:take_ownership
,
namespace_id:
project
.
namespace
.
to_param
,
project_id:
project
,
id:
pipeline_schedule
.
id
end
end
specify
{
expect
(
action
).
to
be_allowed_for
(
:admin
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:owner
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:master
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:developer
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:reporter
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:guest
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:user
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:external
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:visitor
)
}
end
describe
'PUT update'
do
let
(
:action
)
do
Proc
.
new
do
|
user
|
put
:update
,
namespace_id:
project
.
namespace
.
to_param
,
project_id:
project
,
id:
pipeline_schedule
.
id
end
end
specify
{
expect
(
action
).
to
be_allowed_for
(
:admin
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:owner
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:master
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_allowed_for
(
:developer
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:reporter
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:guest
).
of
(
project
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:user
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:external
)
}
specify
{
expect
(
action
).
to
be_denied_for
(
:visitor
)
}
end
end
end
end
spec/support/matchers/access_matchers_for_controller.rb
0 → 100644
View file @
8026f47d
# AccessMatchersForController
#
# For testing authorize_xxx in controller.
module
AccessMatchersForController
extend
RSpec
::
Matchers
::
DSL
include
Warden
::
Test
::
Helpers
EXPECTED_STATUS_CODE_ALLOWED
=
[
200
,
302
]
EXPECTED_STATUS_CODE_DENIED
=
[
404
]
def
emulate_user
(
role
,
membership
=
nil
)
case
role
when
:admin
user
=
create
(
:admin
)
sign_in
(
user
)
when
*
Gitlab
::
Access
.
sym_options_with_owner
.
keys
# owner, master, developer, reporter, guest
raise
ArgumentError
,
"cannot emulate
#{
role
}
without membership parent"
unless
membership
if
role
==
:owner
&&
membership
.
owner
user
=
membership
.
owner
else
user
=
create
(
:user
)
membership
.
public_send
(
:"add_
#{
role
}
"
,
user
)
end
sign_in
(
user
)
when
:user
user
=
create
(
:user
)
sign_in
(
user
)
when
:external
user
=
create
(
:user
,
external:
true
)
sign_in
(
user
)
when
:visitor
# no-op
else
raise
ArgumentError
,
"cannot emulate user
#{
role
}
"
end
user
end
def
description_for
(
role
,
type
,
expected
,
result
)
"be
#{
type
}
for
#{
role
}
."
\
" Expected:
#{
expected
.
join
(
','
)
}
Result:
#{
result
}
"
end
matcher
:be_allowed_for
do
|
role
|
match
do
|
action
|
user
=
emulate_user
(
role
,
@membership
)
begin
action
.
call
(
user
)
rescue
Exception
=>
e
# Ignore internal exceptions which will be caused in the controller
# In such cases, response.status will be 200.
end
EXPECTED_STATUS_CODE_ALLOWED
.
include?
(
response
.
status
)
end
chain
:of
do
|
membership
|
@membership
=
membership
end
description
{
description_for
(
role
,
'allowed'
,
EXPECTED_STATUS_CODE_ALLOWED
,
response
.
status
)
}
supports_block_expectations
end
matcher
:be_denied_for
do
|
role
|
match
do
|
action
|
user
=
emulate_user
(
role
,
@membership
)
begin
action
.
call
(
user
)
rescue
Exception
=>
e
# Ignore internal exceptions which will be caused in the controller
# In such cases, response.status will be 200.
end
EXPECTED_STATUS_CODE_DENIED
.
include?
(
response
.
status
)
end
chain
:of
do
|
membership
|
@membership
=
membership
end
description
{
description_for
(
role
,
'denied'
,
EXPECTED_STATUS_CODE_DENIED
,
response
.
status
)
}
supports_block_expectations
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment