debian-mirror-gitlab/spec/lib/gitlab/checks/branch_check_spec.rb

300 lines
10 KiB
Ruby
Raw Normal View History

2019-02-15 15:39:39 +05:30
# frozen_string_literal: true
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe Gitlab::Checks::BranchCheck do
2019-02-15 15:39:39 +05:30
include_context 'change access checks context'
describe '#validate!' do
it 'does not raise any error' do
expect { subject.validate! }.not_to raise_error
end
context 'trying to delete the default branch' do
let(:newrev) { '0000000000000000000000000000000000000000' }
let(:ref) { 'refs/heads/master' }
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'The default branch of a project cannot be deleted.')
2019-02-15 15:39:39 +05:30
end
end
2020-08-18 19:51:02 +05:30
context "prohibited branches check" do
it "prohibits 40-character hexadecimal branch names" do
allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e")
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.")
end
it "doesn't prohibit a nested hexadecimal in a branch name" do
allow(subject).to receive(:branch_name).and_return("fix-267208abfe40e546f5e847444276f7d43a39503e")
expect { subject.validate! }.not_to raise_error
end
context "the feature flag is disabled" do
it "doesn't prohibit a 40-character hexadecimal branch name" do
stub_feature_flags(prohibit_hexadecimal_branch_names: false)
allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e")
expect { subject.validate! }.not_to raise_error
end
end
end
2019-02-15 15:39:39 +05:30
context 'protected branches check' do
before do
allow(ProtectedBranch).to receive(:protected?).with(project, 'master').and_return(true)
allow(ProtectedBranch).to receive(:protected?).with(project, 'feature').and_return(true)
end
it 'raises an error if the user is not allowed to do forced pushes to protected branches' do
expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true)
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to force push code to a protected branch on this project.')
2019-02-15 15:39:39 +05:30
end
it 'raises an error if the user is not allowed to merge to protected branches' do
2020-01-01 13:55:28 +05:30
expect_next_instance_of(Gitlab::Checks::MatchingMergeRequest) do |instance|
expect(instance).to receive(:match?).and_return(true)
end
2019-02-15 15:39:39 +05:30
expect(user_access).to receive(:can_merge_to_branch?).and_return(false)
expect(user_access).to receive(:can_push_to_branch?).and_return(false)
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to merge code into protected branches on this project.')
2019-02-15 15:39:39 +05:30
end
it 'raises an error if the user is not allowed to push to protected branches' do
expect(user_access).to receive(:can_push_to_branch?).and_return(false)
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to push code to protected branches on this project.')
2019-02-15 15:39:39 +05:30
end
2021-04-17 20:07:23 +05:30
context 'when user has push access' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.and_return(true)
end
context 'if protected branches is allowed to force push' do
before do
allow(ProtectedBranch)
.to receive(:allow_force_push?)
.with(project, 'master')
.and_return(true)
end
it 'allows force push' do
expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true)
expect { subject.validate! }.not_to raise_error
end
end
context 'if protected branches is not allowed to force push' do
before do
allow(ProtectedBranch)
.to receive(:allow_force_push?)
.with(project, 'master')
.and_return(false)
end
it 'prevents force push' do
expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true)
expect { subject.validate! }.to raise_error
end
end
end
context 'when user does not have push access' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.and_return(false)
end
context 'if protected branches is allowed to force push' do
before do
allow(ProtectedBranch)
.to receive(:allow_force_push?)
.with(project, 'master')
.and_return(true)
end
it 'prevents force push' do
expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true)
expect { subject.validate! }.to raise_error
end
end
context 'if protected branches is not allowed to force push' do
before do
allow(ProtectedBranch)
.to receive(:allow_force_push?)
.with(project, 'master')
.and_return(false)
end
it 'prevents force push' do
expect(Gitlab::Checks::ForcePush).to receive(:force_push?).and_return(true)
expect { subject.validate! }.to raise_error
end
end
end
2019-02-15 15:39:39 +05:30
context 'when project repository is empty' do
let(:project) { create(:project) }
2019-07-07 11:18:12 +05:30
context 'user is not allowed to push to protected branches' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.and_return(false)
end
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /Ask a project Owner or Maintainer to create a default branch/)
2019-07-07 11:18:12 +05:30
end
end
context 'user is allowed to push to protected branches' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.and_return(true)
end
it 'allows branch creation' do
expect { subject.validate! }.not_to raise_error
end
end
end
context 'branch creation' do
let(:oldrev) { '0000000000000000000000000000000000000000' }
let(:ref) { 'refs/heads/feature' }
2019-07-31 22:56:46 +05:30
context 'user can push to branch' do
2019-07-07 11:18:12 +05:30
before do
2019-07-31 22:56:46 +05:30
allow(user_access)
.to receive(:can_push_to_branch?)
.with('feature')
.and_return(true)
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
it 'does not raise an error' do
expect { subject.validate! }.not_to raise_error
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
end
2019-07-07 11:18:12 +05:30
2019-07-31 22:56:46 +05:30
context 'user cannot push to branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.with('feature')
.and_return(false)
2019-07-07 11:18:12 +05:30
end
2019-02-15 15:39:39 +05:30
2019-07-31 22:56:46 +05:30
context 'user cannot merge to branch' do
2019-07-07 11:18:12 +05:30
before do
allow(user_access)
2019-07-31 22:56:46 +05:30
.to receive(:can_merge_to_branch?)
2019-07-07 11:18:12 +05:30
.with('feature')
2019-07-31 22:56:46 +05:30
.and_return(false)
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to create protected branches on this project.')
2019-07-07 11:18:12 +05:30
end
end
2019-07-31 22:56:46 +05:30
context 'user can merge to branch' do
2019-07-07 11:18:12 +05:30
before do
allow(user_access)
2019-07-31 22:56:46 +05:30
.to receive(:can_merge_to_branch?)
2019-07-07 11:18:12 +05:30
.with('feature')
2019-07-31 22:56:46 +05:30
.and_return(true)
allow(project.repository)
.to receive(:branch_names_contains_sha)
.with(newrev)
.and_return(['branch'])
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
context "newrev isn't in any protected branches" do
2019-07-07 11:18:12 +05:30
before do
2019-07-31 22:56:46 +05:30
allow(ProtectedBranch)
.to receive(:any_protected?)
.with(project, ['branch'])
2019-07-07 11:18:12 +05:30
.and_return(false)
end
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can only use an existing protected branch ref as the basis of a new protected branch.')
2019-07-07 11:18:12 +05:30
end
end
2019-07-31 22:56:46 +05:30
context 'newrev is included in a protected branch' do
2019-07-07 11:18:12 +05:30
before do
2019-07-31 22:56:46 +05:30
allow(ProtectedBranch)
.to receive(:any_protected?)
.with(project, ['branch'])
2019-07-07 11:18:12 +05:30
.and_return(true)
end
2019-07-31 22:56:46 +05:30
context 'via web interface' do
let(:protocol) { 'web' }
2019-07-07 11:18:12 +05:30
2019-07-31 22:56:46 +05:30
it 'allows branch creation' do
expect { subject.validate! }.not_to raise_error
2019-07-07 11:18:12 +05:30
end
end
2019-07-31 22:56:46 +05:30
context 'via SSH' do
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can only create protected branches using the web interface and API.')
2019-07-07 11:18:12 +05:30
end
end
end
end
2019-02-15 15:39:39 +05:30
end
end
context 'branch deletion' do
let(:newrev) { '0000000000000000000000000000000000000000' }
let(:ref) { 'refs/heads/feature' }
context 'if the user is not allowed to delete protected branches' do
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to delete protected branches from this project. Only a project maintainer or owner can delete a protected branch.')
2019-02-15 15:39:39 +05:30
end
end
context 'if the user is allowed to delete protected branches' do
before do
project.add_maintainer(user)
end
context 'through the web interface' do
let(:protocol) { 'web' }
it 'allows branch deletion' do
expect { subject.validate! }.not_to raise_error
end
end
context 'over SSH or HTTP' do
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can only delete protected branches using the web interface.')
2019-02-15 15:39:39 +05:30
end
end
end
end
end
end
end