Commit 236c9c17 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Simplify how we create container registry resources

parent 003a51d1
module ContainerRegistry
##
# Service for creating a container repository.
#
# It is usually executed before registry authenticator returns
# a token for given request.
#
class CreateRepositoryService < BaseService
def execute(path)
@path = path
return if path.has_repository?
unless user_can_create? || legacy_trigger_can_create?
raise Gitlab::Access::AccessDeniedError
end
ContainerRepository.create_from_path(path)
end
private
def user_can_create?
can?(@current_user, :create_container_image, @path.repository_project)
end
## TODO, remove it after removing legacy triggers.
#
def legacy_trigger_can_create?
@current_user.nil? && @project == @path.repository_project
end
end
end
require 'spec_helper'
describe ContainerRegistry::CreateRepositoryService, '#execute' do
let(:project) { create(:empty_project) }
let(:user) { create(:user) }
let(:path) do
ContainerRegistry::Path.new("#{project.full_path}/my/image")
end
let(:service) { described_class.new(project, user) }
before do
stub_container_registry_config(enabled: true)
end
context 'when repository is created by an user' do
context 'when user has no ability to create a repository' do
it 'does not create a new container repository' do
expect { service.execute(path) }
.to raise_error(Gitlab::Access::AccessDeniedError)
.and change { ContainerRepository.count }.by(0)
end
end
context 'when user has ability do create a repository' do
before do
project.add_developer(user)
end
context 'when repository already exists' do
before do
create(:container_repository, project: project, name: 'my/image')
end
it 'does not create container repository again' do
expect { service.execute(path) }
.to_not change { ContainerRepository.count }
end
end
context 'when repository does not exist yet' do
it 'creates a new container repository' do
expect { service.execute(path) }
.to change { project.container_repositories.count }.by(1)
end
end
end
end
context 'when repository is created by a legacy pipeline trigger' do
let(:user) { nil }
context 'when repository path matches authenticated project' do
it 'creates a new container repository' do
expect { service.execute(path) }
.to change { project.container_repositories.count }.by(1)
end
end
context 'when repository path does not match authenticated project' do
let(:private_project) { create(:empty_project, :private) }
let(:path) do
ContainerRegistry::Path.new("#{private_project.full_path}/my/image")
end
it 'does not create a new container repository' do
expect { service.execute(path) }
.to raise_error(Gitlab::Access::AccessDeniedError)
.and change { ContainerRepository.count }.by(0)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment