Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
0bc14b45
Commit
0bc14b45
authored
Nov 13, 2018
by
Matija Čupić
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Authorize DestroyPipelineService against pipeline
parent
6173d463
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
25 additions
and
4 deletions
+25
-4
app/policies/ci/pipeline_policy.rb
app/policies/ci/pipeline_policy.rb
+4
-0
app/policies/project_policy.rb
app/policies/project_policy.rb
+0
-1
app/services/ci/destroy_pipeline_service.rb
app/services/ci/destroy_pipeline_service.rb
+2
-2
lib/api/pipelines.rb
lib/api/pipelines.rb
+1
-1
spec/policies/ci/pipeline_policy_spec.rb
spec/policies/ci/pipeline_policy_spec.rb
+18
-0
No files found.
app/policies/ci/pipeline_policy.rb
View file @
0bc14b45
...
@@ -16,6 +16,10 @@ module Ci
...
@@ -16,6 +16,10 @@ module Ci
enable
:update_pipeline
enable
:update_pipeline
end
end
rule
{
can?
(
:owner_access
)
}.
policy
do
enable
:destroy_pipeline
end
def
ref_protected?
(
user
,
project
,
tag
,
ref
)
def
ref_protected?
(
user
,
project
,
tag
,
ref
)
access
=
::
Gitlab
::
UserAccess
.
new
(
user
,
project:
project
)
access
=
::
Gitlab
::
UserAccess
.
new
(
user
,
project:
project
)
...
...
app/policies/project_policy.rb
View file @
0bc14b45
...
@@ -144,7 +144,6 @@ class ProjectPolicy < BasePolicy
...
@@ -144,7 +144,6 @@ class ProjectPolicy < BasePolicy
enable
:destroy_merge_request
enable
:destroy_merge_request
enable
:destroy_issue
enable
:destroy_issue
enable
:remove_pages
enable
:remove_pages
enable
:destroy_pipeline
enable
:set_issue_iid
enable
:set_issue_iid
enable
:set_issue_created_at
enable
:set_issue_created_at
...
...
app/services/ci/destroy_pipeline_service.rb
View file @
0bc14b45
...
@@ -3,11 +3,11 @@
...
@@ -3,11 +3,11 @@
module
Ci
module
Ci
class
DestroyPipelineService
<
BaseService
class
DestroyPipelineService
<
BaseService
def
execute
(
pipeline
)
def
execute
(
pipeline
)
return
false
unless
can?
(
current_user
,
:destroy_pipeline
,
p
roject
)
return
false
unless
can?
(
current_user
,
:destroy_pipeline
,
p
ipeline
)
AuditEventService
.
new
(
current_user
,
pipeline
).
security_event
AuditEventService
.
new
(
current_user
,
pipeline
).
security_event
pipeline
.
destroy
pipeline
.
destroy
!
end
end
end
end
end
end
lib/api/pipelines.rb
View file @
0bc14b45
...
@@ -89,7 +89,7 @@ module API
...
@@ -89,7 +89,7 @@ module API
requires
:pipeline_id
,
type:
Integer
,
desc:
'The pipeline ID'
requires
:pipeline_id
,
type:
Integer
,
desc:
'The pipeline ID'
end
end
delete
':id/pipelines/:pipeline_id'
do
delete
':id/pipelines/:pipeline_id'
do
authorize!
:destroy_pipeline
,
user_project
authorize!
:destroy_pipeline
,
pipeline
destroy_conditionally!
(
pipeline
)
do
destroy_conditionally!
(
pipeline
)
do
::
Ci
::
DestroyPipelineService
.
new
(
user_project
,
current_user
).
execute
(
pipeline
)
::
Ci
::
DestroyPipelineService
.
new
(
user_project
,
current_user
).
execute
(
pipeline
)
...
...
spec/policies/ci/pipeline_policy_spec.rb
View file @
0bc14b45
...
@@ -74,5 +74,23 @@ describe Ci::PipelinePolicy, :models do
...
@@ -74,5 +74,23 @@ describe Ci::PipelinePolicy, :models do
expect
(
policy
).
to
be_allowed
:update_pipeline
expect
(
policy
).
to
be_allowed
:update_pipeline
end
end
end
end
describe
'destroy_pipeline'
do
let
(
:project
)
{
create
(
:project
,
:public
)
}
context
'when user has owner access'
do
let
(
:user
)
{
project
.
owner
}
it
'is enabled'
do
expect
(
policy
).
to
be_allowed
:destroy_pipeline
end
end
context
'when user is not owner'
do
it
'is disabled'
do
expect
(
policy
).
not_to
be_allowed
:destroy_pipeline
end
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment