BigW Consortium Gitlab

Commit ac7ad422 by Shinya Maeda

IMprove access_matchers

parent 043f1b82
...@@ -127,7 +127,8 @@ describe Projects::PipelineSchedulesController do ...@@ -127,7 +127,8 @@ describe Projects::PipelineSchedulesController do
describe 'PUT update' do describe 'PUT update' do
let(:action) do let(:action) do
proc do |user| proc do |user|
put :update, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id put :update, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id,
schedule: { description: 'a' }
end end
end end
......
...@@ -5,8 +5,8 @@ module AccessMatchersForController ...@@ -5,8 +5,8 @@ module AccessMatchersForController
extend RSpec::Matchers::DSL extend RSpec::Matchers::DSL
include Warden::Test::Helpers include Warden::Test::Helpers
EXPECTED_STATUS_CODE_ALLOWED = [200, 302].freeze EXPECTED_STATUS_CODE_ALLOWED = [200, 201, 302].freeze
EXPECTED_STATUS_CODE_DENIED = [404].freeze EXPECTED_STATUS_CODE_DENIED = [401, 404].freeze
def emulate_user(role, membership = nil) def emulate_user(role, membership = nil)
case role case role
...@@ -19,18 +19,13 @@ module AccessMatchersForController ...@@ -19,18 +19,13 @@ module AccessMatchersForController
when :external when :external
user = create(:user, external: true) user = create(:user, external: true)
sign_in(user) sign_in(user)
when :visitor # rubocop:disable Lint/EmptyWhen when :visitor
# no-op user = nil
when User
user = role
sign_in(user)
when *Gitlab::Access.sym_options_with_owner.keys # owner, master, developer, reporter, guest when *Gitlab::Access.sym_options_with_owner.keys # owner, master, developer, reporter, guest
raise ArgumentError, "cannot emulate #{role} without membership parent" unless membership user = cerate_user_by_membership(role, membership)
if role == :owner && membership.owner
user = membership.owner
else
user = create(:user)
membership.public_send(:"add_#{role}", user)
end
sign_in(user) sign_in(user)
else else
raise ArgumentError, "cannot emulate user #{role}" raise ArgumentError, "cannot emulate user #{role}"
...@@ -39,6 +34,18 @@ module AccessMatchersForController ...@@ -39,6 +34,18 @@ module AccessMatchersForController
user user
end end
def cerate_user_by_membership(role, membership = nil)
raise ArgumentError, "cannot emulate #{role} without membership parent" unless membership
if role == :owner && membership.owner
user = membership.owner
else
user = create(:user)
membership.public_send(:"add_#{role}", user)
end
user
end
def description_for(role, type, expected, result) def description_for(role, type, expected, result)
"be #{type} for #{role}." \ "be #{type} for #{role}." \
" Expected: #{expected.join(',')} Got: #{result}" " Expected: #{expected.join(',')} Got: #{result}"
...@@ -47,12 +54,7 @@ module AccessMatchersForController ...@@ -47,12 +54,7 @@ module AccessMatchersForController
matcher :be_allowed_for do |role| matcher :be_allowed_for do |role|
match do |action| match do |action|
user = emulate_user(role, @membership) user = emulate_user(role, @membership)
begin action.call(user)
action.call(user)
rescue
# Ignore internal exceptions which will be caused in the controller
# In such cases, response.status will be 200.
end
EXPECTED_STATUS_CODE_ALLOWED.include?(response.status) EXPECTED_STATUS_CODE_ALLOWED.include?(response.status)
end end
...@@ -68,12 +70,7 @@ module AccessMatchersForController ...@@ -68,12 +70,7 @@ module AccessMatchersForController
matcher :be_denied_for do |role| matcher :be_denied_for do |role|
match do |action| match do |action|
user = emulate_user(role, @membership) user = emulate_user(role, @membership)
begin action.call(user)
action.call(user)
rescue
# Ignore internal exceptions which will be caused in the controller
# In such cases, response.status will be 200.
end
EXPECTED_STATUS_CODE_DENIED.include?(response.status) EXPECTED_STATUS_CODE_DENIED.include?(response.status)
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment