Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
973bd462
Commit
973bd462
authored
Mar 25, 2018
by
James Edwards-Jones
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ProtectedBranchPolicy used from Controller for destroy/update
parent
e7061396
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
97 additions
and
4 deletions
+97
-4
app/policies/protected_branch_policy.rb
app/policies/protected_branch_policy.rb
+4
-0
app/services/protected_branches/create_service.rb
app/services/protected_branches/create_service.rb
+13
-4
app/services/protected_branches/destroy_service.rb
app/services/protected_branches/destroy_service.rb
+2
-0
spec/controllers/projects/protected_branches_controller_spec.rb
...ontrollers/projects/protected_branches_controller_spec.rb
+41
-0
spec/services/protected_branches/create_service_spec.rb
spec/services/protected_branches/create_service_spec.rb
+13
-0
spec/services/protected_branches/destroy_service_spec.rb
spec/services/protected_branches/destroy_service_spec.rb
+13
-0
spec/services/protected_branches/update_service_spec.rb
spec/services/protected_branches/update_service_spec.rb
+11
-0
No files found.
app/policies/protected_branch_policy.rb
View file @
973bd462
...
@@ -6,10 +6,14 @@ class ProtectedBranchPolicy < BasePolicy
...
@@ -6,10 +6,14 @@ class ProtectedBranchPolicy < BasePolicy
end
end
rule
{
can?
(
:admin_project
)
}.
policy
do
rule
{
can?
(
:admin_project
)
}.
policy
do
enable
:create_protected_branch
enable
:update_protected_branch
enable
:update_protected_branch
enable
:destroy_protected_branch
end
end
rule
{
requires_admin_to_unprotect?
&
~
admin
}.
policy
do
rule
{
requires_admin_to_unprotect?
&
~
admin
}.
policy
do
prevent
:create_protected_branch
prevent
:update_protected_branch
prevent
:update_protected_branch
prevent
:destroy_protected_branch
end
end
end
end
app/services/protected_branches/create_service.rb
View file @
973bd462
module
ProtectedBranches
module
ProtectedBranches
class
CreateService
<
BaseService
class
CreateService
<
BaseService
attr_reader
:protected_branch
def
execute
(
skip_authorization:
false
)
def
execute
(
skip_authorization:
false
)
raise
Gitlab
::
Access
::
AccessDeniedError
unless
skip_authorization
||
can?
(
current_user
,
:admin_project
,
project
)
raise
Gitlab
::
Access
::
AccessDeniedError
unless
skip_authorization
||
authorized?
protected_branch
.
save
protected_branch
end
def
authorized?
can?
(
current_user
,
:create_protected_branch
,
protected_branch
)
end
private
project
.
protected_branches
.
create
(
params
)
def
protected_branch
@protected_branch
||=
project
.
protected_branches
.
new
(
params
)
end
end
end
end
end
end
app/services/protected_branches/destroy_service.rb
View file @
973bd462
module
ProtectedBranches
module
ProtectedBranches
class
DestroyService
<
BaseService
class
DestroyService
<
BaseService
def
execute
(
protected_branch
)
def
execute
(
protected_branch
)
raise
Gitlab
::
Access
::
AccessDeniedError
unless
can?
(
current_user
,
:destroy_protected_branch
,
protected_branch
)
protected_branch
.
destroy
protected_branch
.
destroy
end
end
end
end
...
...
spec/controllers/projects/protected_branches_controller_spec.rb
View file @
973bd462
...
@@ -36,6 +36,19 @@ describe Projects::ProtectedBranchesController do
...
@@ -36,6 +36,19 @@ describe Projects::ProtectedBranchesController do
post
(
:create
,
project_params
.
merge
(
protected_branch:
create_params
))
post
(
:create
,
project_params
.
merge
(
protected_branch:
create_params
))
end
.
to
change
(
ProtectedBranch
,
:count
).
by
(
1
)
end
.
to
change
(
ProtectedBranch
,
:count
).
by
(
1
)
end
end
context
'when a policy restricts rule deletion'
do
before
do
policy
=
instance_double
(
ProtectedBranchPolicy
,
can?:
false
)
allow
(
ProtectedBranchPolicy
).
to
receive
(
:new
).
and_return
(
policy
)
end
it
"prevents creation of the protected branch rule"
do
post
(
:create
,
project_params
.
merge
(
protected_branch:
create_params
))
expect
(
ProtectedBranch
.
count
).
to
eq
0
end
end
end
end
describe
"PUT #update"
do
describe
"PUT #update"
do
...
@@ -51,6 +64,21 @@ describe Projects::ProtectedBranchesController do
...
@@ -51,6 +64,21 @@ describe Projects::ProtectedBranchesController do
expect
(
protected_branch
.
reload
.
name
).
to
eq
(
'new_name'
)
expect
(
protected_branch
.
reload
.
name
).
to
eq
(
'new_name'
)
expect
(
json_response
[
"name"
]).
to
eq
(
'new_name'
)
expect
(
json_response
[
"name"
]).
to
eq
(
'new_name'
)
end
end
context
'when a policy restricts rule deletion'
do
before
do
policy
=
instance_double
(
ProtectedBranchPolicy
,
can?:
false
)
allow
(
ProtectedBranchPolicy
).
to
receive
(
:new
).
and_return
(
policy
)
end
it
"prevents update of the protected branch rule"
do
old_name
=
protected_branch
.
name
put
(
:update
,
base_params
.
merge
(
protected_branch:
update_params
))
expect
(
protected_branch
.
reload
.
name
).
to
eq
(
old_name
)
end
end
end
end
describe
"DELETE #destroy"
do
describe
"DELETE #destroy"
do
...
@@ -63,5 +91,18 @@ describe Projects::ProtectedBranchesController do
...
@@ -63,5 +91,18 @@ describe Projects::ProtectedBranchesController do
expect
{
ProtectedBranch
.
find
(
protected_branch
.
id
)
}.
to
raise_error
(
ActiveRecord
::
RecordNotFound
)
expect
{
ProtectedBranch
.
find
(
protected_branch
.
id
)
}.
to
raise_error
(
ActiveRecord
::
RecordNotFound
)
end
end
context
'when a policy restricts rule deletion'
do
before
do
policy
=
instance_double
(
ProtectedBranchPolicy
,
can?:
false
)
allow
(
ProtectedBranchPolicy
).
to
receive
(
:new
).
and_return
(
policy
)
end
it
"prevents deletion of the protected branch rule"
do
delete
(
:destroy
,
base_params
)
expect
(
response
.
status
).
to
eq
(
403
)
end
end
end
end
end
end
spec/services/protected_branches/create_service_spec.rb
View file @
973bd462
...
@@ -35,5 +35,18 @@ describe ProtectedBranches::CreateService do
...
@@ -35,5 +35,18 @@ describe ProtectedBranches::CreateService do
expect
{
service
.
execute
}.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
expect
{
service
.
execute
}.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
end
end
end
end
context
'when a policy restricts rule creation'
do
before
do
policy
=
instance_double
(
ProtectedBranchPolicy
,
can?:
false
)
expect
(
ProtectedBranchPolicy
).
to
receive
(
:new
).
and_return
(
policy
)
end
it
"prevents creation of the protected branch rule"
do
expect
do
service
.
execute
end
.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
end
end
end
end
end
end
spec/services/protected_branches/destroy_service_spec.rb
View file @
973bd462
...
@@ -13,5 +13,18 @@ describe ProtectedBranches::DestroyService do
...
@@ -13,5 +13,18 @@ describe ProtectedBranches::DestroyService do
expect
(
protected_branch
).
to
be_destroyed
expect
(
protected_branch
).
to
be_destroyed
end
end
context
'when a policy restricts rule deletion'
do
before
do
policy
=
instance_double
(
ProtectedBranchPolicy
,
can?:
false
)
expect
(
ProtectedBranchPolicy
).
to
receive
(
:new
).
and_return
(
policy
)
end
it
"prevents deletion of the protected branch rule"
do
expect
do
service
.
execute
(
protected_branch
)
end
.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
end
end
end
end
end
end
spec/services/protected_branches/update_service_spec.rb
View file @
973bd462
...
@@ -22,5 +22,16 @@ describe ProtectedBranches::UpdateService do
...
@@ -22,5 +22,16 @@ describe ProtectedBranches::UpdateService do
expect
{
service
.
execute
(
protected_branch
)
}.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
expect
{
service
.
execute
(
protected_branch
)
}.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
end
end
end
end
context
'when a policy restricts rule creation'
do
before
do
policy
=
instance_double
(
ProtectedBranchPolicy
,
can?:
false
)
expect
(
ProtectedBranchPolicy
).
to
receive
(
:new
).
and_return
(
policy
)
end
it
"prevents creation of the protected branch rule"
do
expect
{
service
.
execute
(
protected_branch
)
}.
to
raise_error
(
Gitlab
::
Access
::
AccessDeniedError
)
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment