Add more tests and fix write to project check

71ae01fe · Lin Jen-Shin · 38fbcb99 · 71ae01fe · 71ae01fe · 71ae01fe
Commit 71ae01fe authored Nov 11, 2016 by Lin Jen-Shin
Showing with 36 additions and 8 deletions

app/models/deploy_key.rb app/models/deploy_key.rb +4 -0

lib/gitlab/git_access.rb lib/gitlab/git_access.rb +1 -1

spec/lib/gitlab/git_access_spec.rb spec/lib/gitlab/git_access_spec.rb +31 -7

No files found.
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@@ -20,4 +20,8 @@ class DeployKey < Key
  def destroyed_when_orphaned?
    self.private?
  end
+
+  def can_push_to?(project)
+    can_push? && projects.include?(project)
+  end
 end
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -89,7 +89,7 @@ module Gitlab
    end

    def deploy_key_push_access_check(changes)
-      if deploy_key.can_push?
+      if deploy_key.can_push_to?(project)
        check_repository_existence!
        check_change_access!(changes) if user
      else

--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -353,13 +353,13 @@ describe Gitlab::GitAccess, lib: true do
    end
  end

-  shared_examples 'can not push code' do
+  shared_examples 'pushing code' do |can|
    subject { access.check('git-receive-pack', '_any') }

    context 'when project is authorized' do
      before { authorize }

-      it { expect(subject).not_to be_allowed }
+      it { expect(subject).public_send(can, be_allowed) }
    end

    context 'when unauthorized' do
@@ -383,10 +383,20 @@ describe Gitlab::GitAccess, lib: true do
    end
  end

+  describe 'full authentication abilities' do
+    let(:authentication_abilities) { full_authentication_abilities }
+
+    it_behaves_like 'pushing code', :to do
+      def authorize
+        project.team << [user, :developer]
+      end
+    end
+  end
+
  describe 'build authentication abilities' do
    let(:authentication_abilities) { build_authentication_abilities }

-    it_behaves_like 'can not push code' do
+    it_behaves_like 'pushing code', :not_to do
      def authorize
        project.team << [user, :reporter]
      end
@@ -394,16 +404,30 @@ describe Gitlab::GitAccess, lib: true do
  end

  describe 'deploy key permissions' do
-    let(:key) { create(:deploy_key) }
+    let(:key) { create(:deploy_key, can_push: can_push) }
    let(:actor) { key }

-    it_behaves_like 'can not push code' do
+    context 'when deploy_key can push' do
+      let(:can_push) { true }
+
+      it_behaves_like 'pushing code', :to do
        def authorize
          key.projects << project
        end
      end
    end

+    context 'when deploy_key cannot push' do
+      let(:can_push) { false }
+
+      it_behaves_like 'pushing code', :not_to do
+        def authorize
+          key.projects << project
+        end
+      end
+    end
+  end
+
  private

  def build_authentication_abilities