2016-09-13 17:45:13 +05:30
require 'spec_helper'
2017-09-10 17:25:29 +05:30
describe Gitlab :: Checks :: ChangeAccess do
2016-09-13 17:45:13 +05:30
describe '#exec' do
let ( :user ) { create ( :user ) }
2017-08-17 22:00:37 +05:30
let ( :project ) { create ( :project , :repository ) }
2016-09-13 17:45:13 +05:30
let ( :user_access ) { Gitlab :: UserAccess . new ( user , project : project ) }
2017-08-17 22:00:37 +05:30
let ( :oldrev ) { 'be93687618e4b132087f430a4d8fc3a609c9b77c' }
let ( :newrev ) { '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51' }
let ( :ref ) { 'refs/heads/master' }
let ( :changes ) { { oldrev : oldrev , newrev : newrev , ref : ref } }
let ( :protocol ) { 'ssh' }
subject do
described_class . new (
changes ,
project : project ,
user_access : user_access ,
protocol : protocol
) . exec
2016-09-13 17:45:13 +05:30
end
2017-09-10 17:25:29 +05:30
before do
project . add_developer ( user )
end
2016-09-13 17:45:13 +05:30
context 'without failed checks' do
2017-09-10 17:25:29 +05:30
it " doesn't raise an error " do
expect { subject } . not_to raise_error
2016-09-13 17:45:13 +05:30
end
end
context 'when the user is not allowed to push code' do
2017-09-10 17:25:29 +05:30
it 'raises an error' do
2016-09-13 17:45:13 +05:30
expect ( user_access ) . to receive ( :can_do_action? ) . with ( :push_code ) . and_return ( false )
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You are not allowed to push code to this project.' )
2016-09-13 17:45:13 +05:30
end
end
context 'tags check' do
2017-08-17 22:00:37 +05:30
let ( :ref ) { 'refs/tags/v1.0.0' }
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
it 'raises an error if the user is not allowed to update tags' do
2017-08-17 22:00:37 +05:30
allow ( user_access ) . to receive ( :can_do_action? ) . with ( :push_code ) . and_return ( true )
2016-09-13 17:45:13 +05:30
expect ( user_access ) . to receive ( :can_do_action? ) . with ( :admin_project ) . and_return ( false )
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You are not allowed to change existing tags on this project.' )
2016-09-13 17:45:13 +05:30
end
2017-08-17 22:00:37 +05:30
context 'with protected tag' do
let! ( :protected_tag ) { create ( :protected_tag , project : project , name : 'v*' ) }
context 'as master' do
2017-09-10 17:25:29 +05:30
before do
project . add_master ( user )
end
2017-08-17 22:00:37 +05:30
context 'deletion' do
let ( :oldrev ) { 'be93687618e4b132087f430a4d8fc3a609c9b77c' }
let ( :newrev ) { '0000000000000000000000000000000000000000' }
it 'is prevented' do
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , / cannot be deleted / )
2017-08-17 22:00:37 +05:30
end
end
context 'update' do
let ( :oldrev ) { 'be93687618e4b132087f430a4d8fc3a609c9b77c' }
let ( :newrev ) { '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51' }
it 'is prevented' do
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , / cannot be updated / )
2017-08-17 22:00:37 +05:30
end
end
end
context 'creation' do
let ( :oldrev ) { '0000000000000000000000000000000000000000' }
let ( :newrev ) { '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51' }
let ( :ref ) { 'refs/tags/v9.1.0' }
it 'prevents creation below access level' do
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , / allowed to create this tag as it is protected / )
2017-08-17 22:00:37 +05:30
end
context 'when user has access' do
let! ( :protected_tag ) { create ( :protected_tag , :developers_can_create , project : project , name : 'v*' ) }
it 'allows tag creation' do
2017-09-10 17:25:29 +05:30
expect { subject } . not_to raise_error
2017-08-17 22:00:37 +05:30
end
end
end
end
2016-09-13 17:45:13 +05:30
end
2017-09-10 17:25:29 +05:30
context 'branches check' do
context 'trying to delete the default branch' do
let ( :newrev ) { '0000000000000000000000000000000000000000' }
let ( :ref ) { 'refs/heads/master' }
it 'raises an error' do
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'The default branch of a project cannot be deleted.' )
end
2016-09-13 17:45:13 +05:30
end
2017-09-10 17:25:29 +05:30
context 'protected branches check' do
before do
allow ( ProtectedBranch ) . to receive ( :protected? ) . with ( project , 'master' ) . and_return ( true )
allow ( ProtectedBranch ) . to receive ( :protected? ) . with ( project , 'feature' ) . and_return ( true )
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
it 'raises an error if the user is not allowed to do forced pushes to protected branches' do
expect ( Gitlab :: Checks :: ForcePush ) . to receive ( :force_push? ) . and_return ( true )
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You are not allowed to force push code to a protected branch on this project.' )
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
it 'raises an error if the user is not allowed to merge to protected branches' do
expect_any_instance_of ( Gitlab :: Checks :: MatchingMergeRequest ) . to receive ( :match? ) . and_return ( true )
expect ( user_access ) . to receive ( :can_merge_to_branch? ) . and_return ( false )
expect ( user_access ) . to receive ( :can_push_to_branch? ) . and_return ( false )
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You are not allowed to merge code into protected branches on this project.' )
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
it 'raises an error if the user is not allowed to push to protected branches' do
expect ( user_access ) . to receive ( :can_push_to_branch? ) . and_return ( false )
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You are not allowed to push code to protected branches on this project.' )
end
context 'branch deletion' do
let ( :newrev ) { '0000000000000000000000000000000000000000' }
let ( :ref ) { 'refs/heads/feature' }
context 'if the user is not allowed to delete protected branches' do
it 'raises an error' do
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You are not allowed to delete protected branches from this project. Only a project master or owner can delete a protected branch.' )
end
end
context 'if the user is allowed to delete protected branches' do
before do
project . add_master ( user )
end
context 'through the web interface' do
let ( :protocol ) { 'web' }
it 'allows branch deletion' do
expect { subject } . not_to raise_error
end
end
2016-09-13 17:45:13 +05:30
2017-09-10 17:25:29 +05:30
context 'over SSH or HTTP' do
it 'raises an error' do
expect { subject } . to raise_error ( Gitlab :: GitAccess :: UnauthorizedError , 'You can only delete protected branches using the web interface.' )
end
end
end
2016-09-13 17:45:13 +05:30
end
end
end
end
end
