Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
47b93fd7
Commit
47b93fd7
authored
Jun 06, 2017
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don't check permission, only protected ref if no user
parent
3c71c12b
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
64 additions
and
3 deletions
+64
-3
app/services/ci/create_pipeline_service.rb
app/services/ci/create_pipeline_service.rb
+9
-1
spec/services/ci/create_pipeline_service_spec.rb
spec/services/ci/create_pipeline_service_spec.rb
+55
-2
No files found.
app/services/ci/create_pipeline_service.rb
View file @
47b93fd7
...
...
@@ -27,7 +27,7 @@ module Ci
return
error
(
'Reference not found'
)
end
unless
Ci
::
Pipeline
.
allowed_to_create?
(
current_user
,
projec
t
,
ref
)
unless
triggering_user_allowed_for_ref?
(
trigger_reques
t
,
ref
)
return
error
(
"Insufficient permissions for protected
#{
ref
}
"
)
end
...
...
@@ -56,6 +56,14 @@ module Ci
private
def
triggering_user_allowed_for_ref?
(
trigger_request
,
ref
)
triggering_user
=
current_user
||
trigger_request
.
trigger
.
owner
(
triggering_user
&&
Ci
::
Pipeline
.
allowed_to_create?
(
triggering_user
,
project
,
ref
))
||
!
project
.
protected_for?
(
ref
)
end
def
process!
Ci
::
Pipeline
.
transaction
do
update_merge_requests_head_pipeline
if
pipeline
.
save
...
...
spec/services/ci/create_pipeline_service_spec.rb
View file @
47b93fd7
...
...
@@ -10,13 +10,19 @@ describe Ci::CreatePipelineService, services: true do
end
describe
'#execute'
do
def
execute_service
(
source: :push
,
after:
project
.
commit
.
id
,
message:
'Message'
,
ref:
ref_name
)
def
execute_service
(
source: :push
,
after:
project
.
commit
.
id
,
message:
'Message'
,
ref:
ref_name
,
trigger_request:
nil
)
params
=
{
ref:
ref
,
before:
'00000000'
,
after:
after
,
commits:
[{
message:
message
}]
}
described_class
.
new
(
project
,
user
,
params
).
execute
(
source
)
described_class
.
new
(
project
,
user
,
params
).
execute
(
source
,
trigger_request:
trigger_request
)
end
context
'valid params'
do
...
...
@@ -337,6 +343,53 @@ describe Ci::CreatePipelineService, services: true do
expect
(
Ci
::
Pipeline
.
count
).
to
eq
(
1
)
end
end
context
'when trigger belongs to no one'
do
let
(
:user
)
{}
let
(
:trigger_request
)
{
create
(
:ci_trigger_request
)
}
it
'does not create a pipeline'
do
expect
(
execute_service
(
trigger_request:
trigger_request
))
.
not_to
be_persisted
expect
(
Ci
::
Pipeline
.
count
).
to
eq
(
0
)
end
end
context
'when trigger belongs to a developer'
do
let
(
:user
)
{}
let
(
:trigger_request
)
do
create
(
:ci_trigger_request
).
tap
do
|
request
|
user
=
create
(
:user
)
project
.
add_developer
(
user
)
request
.
trigger
.
update
(
owner:
user
)
end
end
it
'does not create a pipeline'
do
expect
(
execute_service
(
trigger_request:
trigger_request
))
.
not_to
be_persisted
expect
(
Ci
::
Pipeline
.
count
).
to
eq
(
0
)
end
end
context
'when trigger belongs to a master'
do
let
(
:user
)
{}
let
(
:trigger_request
)
do
create
(
:ci_trigger_request
).
tap
do
|
request
|
user
=
create
(
:user
)
project
.
add_master
(
user
)
request
.
trigger
.
update
(
owner:
user
)
end
end
it
'does not create a pipeline'
do
expect
(
execute_service
(
trigger_request:
trigger_request
))
.
to
be_persisted
expect
(
Ci
::
Pipeline
.
count
).
to
eq
(
1
)
end
end
end
context
'when ref is a protected branch'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment