438 lines
11 KiB
Ruby
438 lines
11 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
describe Projects::ReleasesController do
|
|
let!(:project) { create(:project, :repository, :public) }
|
|
let!(:private_project) { create(:project, :repository, :private) }
|
|
let(:user) { developer }
|
|
let(:developer) { create(:user) }
|
|
let(:reporter) { create(:user) }
|
|
let!(:release_1) { create(:release, project: project, released_at: Time.zone.parse('2018-10-18')) }
|
|
let!(:release_2) { create(:release, project: project, released_at: Time.zone.parse('2019-10-19')) }
|
|
|
|
before do
|
|
project.add_developer(developer)
|
|
project.add_reporter(reporter)
|
|
end
|
|
|
|
shared_examples_for 'successful request' do
|
|
it 'renders a 200' do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:success)
|
|
end
|
|
end
|
|
|
|
shared_examples_for 'not found' do
|
|
it 'renders 404' do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
|
|
shared_examples 'common access controls' do
|
|
it 'renders a 200' do
|
|
get_index
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
context 'when the project is private' do
|
|
let(:project) { private_project }
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when user is a developer' do
|
|
let(:user) { developer }
|
|
|
|
it 'renders a 200 for a logged in developer' do
|
|
sign_in(user)
|
|
|
|
get_index
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context 'when user is an external user' do
|
|
let(:user) { create(:user) }
|
|
|
|
it 'renders a 404 when logged in but not in the project' do
|
|
sign_in(user)
|
|
|
|
get_index
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'GET #index' do
|
|
before do
|
|
get_index
|
|
end
|
|
|
|
context 'as html' do
|
|
let(:format) { :html }
|
|
|
|
it 'returns a text/html content_type' do
|
|
expect(response.content_type).to eq 'text/html'
|
|
end
|
|
|
|
it_behaves_like 'common access controls'
|
|
|
|
context 'when the project is private and the user is not logged in' do
|
|
let(:project) { private_project }
|
|
|
|
it 'returns a redirect' do
|
|
expect(response).to have_gitlab_http_status(:redirect)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'as json' do
|
|
let(:format) { :json }
|
|
|
|
it 'returns an application/json content_type' do
|
|
expect(response.content_type).to eq 'application/json'
|
|
end
|
|
|
|
it "returns the project's releases as JSON, ordered by released_at" do
|
|
expect(response.body).to eq([release_2, release_1].to_json)
|
|
end
|
|
|
|
it_behaves_like 'common access controls'
|
|
|
|
context 'when the project is private and the user is not logged in' do
|
|
let(:project) { private_project }
|
|
|
|
it 'returns a redirect' do
|
|
expect(response).to have_gitlab_http_status(:redirect)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'GET #edit' do
|
|
subject do
|
|
get :edit, params: { namespace_id: project.namespace, project_id: project, tag: tag }
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
let(:release) { create(:release, project: project) }
|
|
let(:tag) { CGI.escape(release.tag) }
|
|
|
|
it_behaves_like 'successful request'
|
|
|
|
context 'when tag name contains slash' do
|
|
let(:release) { create(:release, project: project, tag: 'awesome/v1.0') }
|
|
let(:tag) { CGI.escape(release.tag) }
|
|
|
|
it_behaves_like 'successful request'
|
|
|
|
it 'is accesible at a URL encoded path' do
|
|
expect(edit_project_release_path(project, release))
|
|
.to eq("/#{project.namespace.path}/#{project.name}/-/releases/awesome%252Fv1.0/edit")
|
|
end
|
|
end
|
|
|
|
context 'when release does not exist' do
|
|
let(:tag) { 'non-existent-tag' }
|
|
|
|
it_behaves_like 'not found'
|
|
end
|
|
|
|
context 'when user is a reporter' do
|
|
let(:user) { reporter }
|
|
|
|
it_behaves_like 'not found'
|
|
end
|
|
end
|
|
|
|
describe 'GET #show' do
|
|
subject do
|
|
get :show, params: { namespace_id: project.namespace, project_id: project, tag: tag }
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
let(:release) { create(:release, project: project) }
|
|
let(:tag) { CGI.escape(release.tag) }
|
|
|
|
it_behaves_like 'successful request'
|
|
|
|
context 'when tag name contains slash' do
|
|
let(:release) { create(:release, project: project, tag: 'awesome/v1.0') }
|
|
let(:tag) { CGI.escape(release.tag) }
|
|
|
|
it_behaves_like 'successful request'
|
|
|
|
it 'is accesible at a URL encoded path' do
|
|
expect(project_release_path(project, release))
|
|
.to eq("/#{project.namespace.path}/#{project.name}/-/releases/awesome%252Fv1.0")
|
|
end
|
|
end
|
|
|
|
context 'when feature flag `release_show_page` is disabled' do
|
|
before do
|
|
stub_feature_flags(release_show_page: false)
|
|
end
|
|
|
|
it_behaves_like 'not found'
|
|
end
|
|
|
|
context 'when release does not exist' do
|
|
let(:tag) { 'non-existent-tag' }
|
|
|
|
it_behaves_like 'not found'
|
|
end
|
|
end
|
|
|
|
context 'GET #downloads' do
|
|
subject do
|
|
get :downloads, params: { namespace_id: project.namespace, project_id: project, tag: tag, filepath: filepath }
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
let(:release) { create(:release, project: project, tag: tag ) }
|
|
let!(:link) { create(:release_link, release: release, name: 'linux-amd64 binaries', filepath: '/binaries/linux-amd64', url: 'https://downloads.example.com/bin/gitlab-linux-amd64') }
|
|
let(:tag) { 'v11.9.0-rc2' }
|
|
|
|
context 'valid filepath' do
|
|
let(:filepath) { CGI.escape('/binaries/linux-amd64') }
|
|
|
|
it 'redirects to the asset direct link' do
|
|
subject
|
|
|
|
expect(response).to redirect_to('https://downloads.example.com/bin/gitlab-linux-amd64')
|
|
end
|
|
|
|
it 'redirects with a status of 302' do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:redirect)
|
|
end
|
|
end
|
|
|
|
context 'invalid filepath' do
|
|
let(:filepath) { CGI.escape('/binaries/win32') }
|
|
|
|
it 'is not found' do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'GET #downloads' do
|
|
subject do
|
|
get :downloads, params: {
|
|
namespace_id: project.namespace,
|
|
project_id: project,
|
|
tag: tag,
|
|
filepath: filepath
|
|
}
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
let(:release) { create(:release, project: project, tag: tag ) }
|
|
let(:tag) { 'v11.9.0-rc2' }
|
|
let(:db_filepath) { '/binaries/linux-amd64' }
|
|
let!(:link) do
|
|
create :release_link,
|
|
release: release,
|
|
name: 'linux-amd64 binaries',
|
|
filepath: db_filepath,
|
|
url: 'https://downloads.example.com/bin/gitlab-linux-amd64'
|
|
end
|
|
|
|
context 'valid filepath' do
|
|
let(:filepath) { CGI.escape('/binaries/linux-amd64') }
|
|
|
|
it 'redirects to the asset direct link' do
|
|
subject
|
|
|
|
expect(response).to redirect_to(link.url)
|
|
end
|
|
end
|
|
|
|
context 'invalid filepath' do
|
|
let(:filepath) { CGI.escape('/binaries/win32') }
|
|
|
|
it 'is not found' do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
|
|
context 'ignores filepath extension' do
|
|
let(:db_filepath) { '/binaries/linux-amd64.json' }
|
|
let(:filepath) { CGI.escape(db_filepath) }
|
|
|
|
it 'redirects to the asset direct link' do
|
|
subject
|
|
|
|
expect(response).to redirect_to(link.url)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'GET #evidence' do
|
|
let_it_be(:tag_name) { "v1.1.0-evidence" }
|
|
let!(:release) { create(:release, :with_evidence, project: project, tag: tag_name) }
|
|
let(:tag) { CGI.escape(release.tag) }
|
|
let(:format) { :json }
|
|
|
|
subject do
|
|
get :evidence, params: {
|
|
namespace_id: project.namespace,
|
|
project_id: project,
|
|
tag: tag,
|
|
format: format
|
|
}
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when the user is a developer' do
|
|
it 'returns the correct evidence summary as a json' do
|
|
subject
|
|
|
|
expect(json_response).to eq(release.evidence.summary)
|
|
end
|
|
|
|
context 'when the release was created before evidence existed' do
|
|
before do
|
|
release.evidence.destroy
|
|
end
|
|
|
|
it 'returns an empty json' do
|
|
subject
|
|
|
|
expect(json_response).to eq({})
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when the user is a guest for the project' do
|
|
before do
|
|
project.add_guest(user)
|
|
end
|
|
|
|
context 'when the project is private' do
|
|
let(:project) { private_project }
|
|
|
|
it_behaves_like 'not found'
|
|
end
|
|
|
|
context 'when the project is public' do
|
|
it_behaves_like 'successful request'
|
|
end
|
|
end
|
|
|
|
context 'when release is associated to a milestone which includes an issue' do
|
|
let_it_be(:project) { create(:project, :repository, :public) }
|
|
let_it_be(:issue) { create(:issue, project: project) }
|
|
let_it_be(:milestone) { create(:milestone, project: project, issues: [issue]) }
|
|
let_it_be(:release) { create(:release, project: project, tag: tag_name, milestones: [milestone]) }
|
|
|
|
before do
|
|
create(:evidence, release: release)
|
|
end
|
|
|
|
shared_examples_for 'does not show the issue in evidence' do
|
|
it do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(json_response['release']['milestones']
|
|
.all? { |milestone| milestone['issues'].nil? }).to eq(true)
|
|
end
|
|
end
|
|
|
|
shared_examples_for 'evidence not found' do
|
|
it do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
|
|
shared_examples_for 'safely expose evidence' do
|
|
it_behaves_like 'does not show the issue in evidence'
|
|
|
|
context 'when the issue is confidential' do
|
|
let(:issue) { create(:issue, :confidential, project: project) }
|
|
|
|
it_behaves_like 'does not show the issue in evidence'
|
|
end
|
|
|
|
context 'when the user is the author of the confidential issue' do
|
|
let(:issue) { create(:issue, :confidential, project: project, author: user) }
|
|
|
|
it_behaves_like 'does not show the issue in evidence'
|
|
end
|
|
|
|
context 'when project is private' do
|
|
let!(:project) { create(:project, :repository, :private) }
|
|
|
|
it_behaves_like 'evidence not found'
|
|
end
|
|
|
|
context 'when project restricts the visibility of issues to project members only' do
|
|
let!(:project) { create(:project, :repository, :issues_private) }
|
|
|
|
it_behaves_like 'evidence not found'
|
|
end
|
|
end
|
|
|
|
context 'when user is non-project member' do
|
|
let(:user) { create(:user) }
|
|
|
|
it_behaves_like 'safely expose evidence'
|
|
end
|
|
|
|
context 'when user is auditor', if: Gitlab.ee? do
|
|
let(:user) { create(:user, :auditor) }
|
|
|
|
it_behaves_like 'safely expose evidence'
|
|
end
|
|
|
|
context 'when external authorization control is enabled' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
stub_application_setting(external_authorization_service_enabled: true)
|
|
end
|
|
|
|
it_behaves_like 'evidence not found'
|
|
end
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def get_index
|
|
get :index, params: { namespace_id: project.namespace, project_id: project, format: format }
|
|
end
|
|
end
|