Commit 1ed6725f authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch 'chore/disable-admin-mode-in-lib' into 'master'

Disable auto admin mode for lib specs [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!50056
parents 107adcd3 f9356b47
---
title: Disable auto admin mode for lib specs
merge_request: 50056
author: Diego Louzán
type: other
...@@ -5,7 +5,7 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::GroupStageTimeSummary do ...@@ -5,7 +5,7 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::GroupStageTimeSummary do
let_it_be(:group) { create(:group) } let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, :repository, namespace: group) } let_it_be(:project) { create(:project, :repository, namespace: group) }
let_it_be(:project_2) { create(:project, :repository, namespace: group) } let_it_be(:project_2) { create(:project, :repository, namespace: group) }
let_it_be(:user) { create(:user, :admin) } let_it_be(:user) { create(:user) }
let(:from) { 1.day.ago } let(:from) { 1.day.ago }
let(:to) { nil } let(:to) { nil }
let(:options) { { from: from, to: to, current_user: user } } let(:options) { { from: from, to: to, current_user: user } }
...@@ -16,6 +16,10 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::GroupStageTimeSummary do ...@@ -16,6 +16,10 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::GroupStageTimeSummary do
freeze_time { example.run } freeze_time { example.run }
end end
before do
group.add_owner(user)
end
describe '#lead_time' do describe '#lead_time' do
describe 'issuable filter parameters' do describe 'issuable filter parameters' do
let_it_be(:label) { create(:group_label, group: group) } let_it_be(:label) { create(:group_label, group: group) }
......
...@@ -6,10 +6,14 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::Summary::Group::StageSummary d ...@@ -6,10 +6,14 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::Summary::Group::StageSummary d
let(:project) { create(:project, :repository, namespace: group) } let(:project) { create(:project, :repository, namespace: group) }
let(:project_2) { create(:project, :repository, namespace: group) } let(:project_2) { create(:project, :repository, namespace: group) }
let(:from) { 1.day.ago } let(:from) { 1.day.ago }
let(:user) { create(:user, :admin) } let(:user) { create(:user) }
subject { described_class.new(group, options: { from: Time.now, current_user: user }).data } subject { described_class.new(group, options: { from: Time.now, current_user: user }).data }
before do
group.add_owner(user)
end
describe "#new_issues" do describe "#new_issues" do
context 'with from date' do context 'with from date' do
before do before do
......
...@@ -7,7 +7,7 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::Summary::Group::StageTimeSumma ...@@ -7,7 +7,7 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::Summary::Group::StageTimeSumma
let(:project_2) { create(:project, :repository, namespace: group) } let(:project_2) { create(:project, :repository, namespace: group) }
let(:from) { 1.day.ago } let(:from) { 1.day.ago }
let(:to) { nil } let(:to) { nil }
let(:user) { create(:user, :admin) } let(:user) { create(:user) }
subject { described_class.new(group, options: { from: from, to: to, current_user: user }).data } subject { described_class.new(group, options: { from: from, to: to, current_user: user }).data }
...@@ -15,6 +15,10 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::Summary::Group::StageTimeSumma ...@@ -15,6 +15,10 @@ RSpec.describe Gitlab::Analytics::CycleAnalytics::Summary::Group::StageTimeSumma
freeze_time { example.run } freeze_time { example.run }
end end
before do
group.add_owner(user)
end
describe '#lead_time' do describe '#lead_time' do
context 'with `from` date' do context 'with `from` date' do
let(:from) { 6.days.ago } let(:from) { 6.days.ago }
......
...@@ -19,13 +19,13 @@ RSpec.describe 'Jobs/Browser-Performance-Testing.gitlab-ci.yml' do ...@@ -19,13 +19,13 @@ RSpec.describe 'Jobs/Browser-Performance-Testing.gitlab-ci.yml' do
end end
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:project) do let(:project) do
create(:project, :repository, variables: [ create(:project, :repository, variables: [
build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true') build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true')
]) ])
end end
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) }
......
...@@ -22,13 +22,13 @@ RSpec.describe 'Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml' do ...@@ -22,13 +22,13 @@ RSpec.describe 'Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml' do
end end
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:project) do let(:project) do
create(:project, :repository, variables: [ create(:project, :repository, variables: [
build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true') build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true')
]) ])
end end
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) }
......
...@@ -19,13 +19,13 @@ RSpec.describe 'Jobs/Load-Performance-Testing.gitlab-ci.yml' do ...@@ -19,13 +19,13 @@ RSpec.describe 'Jobs/Load-Performance-Testing.gitlab-ci.yml' do
end end
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:project) do let(:project) do
create(:project, :repository, variables: [ create(:project, :repository, variables: [
build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true') build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true')
]) ])
end end
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) }
......
...@@ -18,9 +18,9 @@ RSpec.describe 'Verify/Browser-Performance.gitlab-ci.yml' do ...@@ -18,9 +18,9 @@ RSpec.describe 'Verify/Browser-Performance.gitlab-ci.yml' do
YAML YAML
end end
describe 'the created pipeline' do describe 'the created pipeline', :clean_gitlab_redis_cache do
let(:user) { create(:admin) }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -18,9 +18,9 @@ RSpec.describe 'Verify/Load-Performance-Testing.gitlab-ci.yml' do ...@@ -18,9 +18,9 @@ RSpec.describe 'Verify/Load-Performance-Testing.gitlab-ci.yml' do
YAML YAML
end end
describe 'the created pipeline' do describe 'the created pipeline', :clean_gitlab_redis_cache do
let(:user) { create(:admin) }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -27,16 +27,17 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do ...@@ -27,16 +27,17 @@ RSpec.describe 'API-Fuzzing.gitlab-ci.yml' do
end end
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_branch) { default_branch } let(:pipeline_branch) { default_branch }
let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
before do before do
stub_ci_pipeline_yaml_file(template.content) stub_ci_pipeline_yaml_file(template.content)
allow_any_instance_of(Ci::BuildScheduleWorker).to receive(:perform).and_return(true) allow_any_instance_of(Ci::BuildScheduleWorker).to receive(:perform).and_return(true)
allow(project).to receive(:default_branch).and_return(default_branch) allow(project).to receive(:default_branch).and_return(default_branch)
end end
......
...@@ -6,9 +6,9 @@ RSpec.describe 'Container-Scanning.gitlab-ci.yml' do ...@@ -6,9 +6,9 @@ RSpec.describe 'Container-Scanning.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Container-Scanning') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Container-Scanning') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,9 +6,9 @@ RSpec.describe 'Coverage-Fuzzing.gitlab-ci.yml' do ...@@ -6,9 +6,9 @@ RSpec.describe 'Coverage-Fuzzing.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Coverage-Fuzzing') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Coverage-Fuzzing') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,10 +6,10 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -6,10 +6,10 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('DAST') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('DAST') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_branch) { default_branch } let(:pipeline_branch) { default_branch }
let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,10 +6,10 @@ RSpec.describe 'Dependency-Scanning.gitlab-ci.yml' do ...@@ -6,10 +6,10 @@ RSpec.describe 'Dependency-Scanning.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Dependency-Scanning') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Dependency-Scanning') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:files) { { 'README.txt' => '' } } let(:files) { { 'README.txt' => '' } }
let(:project) { create(:project, :custom_repo, files: files) } let(:project) { create(:project, :custom_repo, files: files) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,9 +6,9 @@ RSpec.describe 'License-Scanning.gitlab-ci.yml' do ...@@ -6,9 +6,9 @@ RSpec.describe 'License-Scanning.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('License-Scanning') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('License-Scanning') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,10 +6,10 @@ RSpec.describe 'SAST.gitlab-ci.yml' do ...@@ -6,10 +6,10 @@ RSpec.describe 'SAST.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('SAST') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('SAST') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:files) { { 'README.txt' => '' } } let(:files) { { 'README.txt' => '' } }
let(:project) { create(:project, :custom_repo, files: files) } let(:project) { create(:project, :custom_repo, files: files) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -445,17 +445,36 @@ RSpec.describe Gitlab::Elastic::SearchResults, :elastic, :sidekiq_might_not_need ...@@ -445,17 +445,36 @@ RSpec.describe Gitlab::Elastic::SearchResults, :elastic, :sidekiq_might_not_need
expect(results.issues_count).to eq 4 expect(results.issues_count).to eq 4
end end
it 'lists all issues for admin' do context 'for admin users' do
results = described_class.new(admin, query, limit_project_ids) context 'when admin mode enabled', :enable_admin_mode do
issues = results.objects('issues') it 'lists all issues' do
results = described_class.new(admin, query, limit_project_ids)
issues = results.objects('issues')
expect(issues).to include @issue
expect(issues).to include @security_issue_1
expect(issues).to include @security_issue_2
expect(issues).to include @security_issue_3
expect(issues).to include @security_issue_4
expect(issues).to include @security_issue_5
expect(results.issues_count).to eq 6
end
end
expect(issues).to include @issue context 'when admin mode disabled' do
expect(issues).to include @security_issue_1 it 'does not list confidential issues' do
expect(issues).to include @security_issue_2 results = described_class.new(admin, query, limit_project_ids)
expect(issues).to include @security_issue_3 issues = results.objects('issues')
expect(issues).to include @security_issue_4
expect(issues).to include @security_issue_5 expect(issues).to include @issue
expect(results.issues_count).to eq 6 expect(issues).not_to include @security_issue_1
expect(issues).not_to include @security_issue_2
expect(issues).not_to include @security_issue_3
expect(issues).not_to include @security_issue_4
expect(issues).not_to include @security_issue_5
expect(results.issues_count).to eq 1
end
end
end end
end end
...@@ -530,17 +549,36 @@ RSpec.describe Gitlab::Elastic::SearchResults, :elastic, :sidekiq_might_not_need ...@@ -530,17 +549,36 @@ RSpec.describe Gitlab::Elastic::SearchResults, :elastic, :sidekiq_might_not_need
expect(results.issues_count).to eq 3 expect(results.issues_count).to eq 3
end end
it 'lists all issues for admin' do context 'for admin users' do
results = described_class.new(admin, query, limit_project_ids) context 'when admin mode enabled', :enable_admin_mode do
issues = results.objects('issues') it 'lists all issues' do
results = described_class.new(admin, query, limit_project_ids)
issues = results.objects('issues')
expect(issues).to include @issue
expect(issues).not_to include @security_issue_1
expect(issues).not_to include @security_issue_2
expect(issues).to include @security_issue_3
expect(issues).to include @security_issue_4
expect(issues).to include @security_issue_5
expect(results.issues_count).to eq 4
end
end
expect(issues).to include @issue context 'when admin mode disabled' do
expect(issues).not_to include @security_issue_1 it 'does not list confidential issues' do
expect(issues).not_to include @security_issue_2 results = described_class.new(admin, query, limit_project_ids)
expect(issues).to include @security_issue_3 issues = results.objects('issues')
expect(issues).to include @security_issue_4
expect(issues).to include @security_issue_5 expect(issues).to include @issue
expect(results.issues_count).to eq 4 expect(issues).not_to include @security_issue_1
expect(issues).not_to include @security_issue_2
expect(issues).not_to include @security_issue_3
expect(issues).not_to include @security_issue_4
expect(issues).not_to include @security_issue_5
expect(results.issues_count).to eq 1
end
end
end end
end end
end end
...@@ -1095,18 +1133,20 @@ RSpec.describe Gitlab::Elastic::SearchResults, :elastic, :sidekiq_might_not_need ...@@ -1095,18 +1133,20 @@ RSpec.describe Gitlab::Elastic::SearchResults, :elastic, :sidekiq_might_not_need
end end
context 'when user is admin' do context 'when user is admin' do
it 'returns right set of milestones' do context 'when admin mode enabled', :enable_admin_mode do
user.update(admin: true) it 'returns right set of milestones' do
public_project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE) user.update(admin: true)
public_project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE) public_project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
internal_project.project_feature.update!(issues_access_level: ProjectFeature::DISABLED) public_project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
internal_project.project_feature.update!(merge_requests_access_level: ProjectFeature::DISABLED) internal_project.project_feature.update!(issues_access_level: ProjectFeature::DISABLED)
ensure_elasticsearch_index! internal_project.project_feature.update!(merge_requests_access_level: ProjectFeature::DISABLED)
ensure_elasticsearch_index!
results = described_class.new(user, 'project', :any)
milestones = results.objects('milestones') results = described_class.new(user, 'project', :any)
milestones = results.objects('milestones')
expect(milestones).to match_array([milestone_2, milestone_3, milestone_4])
expect(milestones).to match_array([milestone_2, milestone_3, milestone_4])
end
end end
end end
......
...@@ -71,7 +71,7 @@ RSpec.describe Gitlab::Elastic::SnippetSearchResults, :elastic, :sidekiq_might_n ...@@ -71,7 +71,7 @@ RSpec.describe Gitlab::Elastic::SnippetSearchResults, :elastic, :sidekiq_might_n
end end
end end
context 'when user has read_all_resources', :do_not_mock_admin_mode do context 'when user has read_all_resources' do
include_context 'custom session' include_context 'custom session'
let(:user) { create(:admin) } let(:user) { create(:admin) }
......
...@@ -5,6 +5,7 @@ require 'spec_helper' ...@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe Gitlab::GitAccess do RSpec.describe Gitlab::GitAccess do
include GitHelpers include GitHelpers
include EE::GeoHelpers include EE::GeoHelpers
include AdminModeHelper
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
...@@ -456,8 +457,9 @@ RSpec.describe Gitlab::GitAccess do ...@@ -456,8 +457,9 @@ RSpec.describe Gitlab::GitAccess do
# Expectations are given a custom failure message proc so that it's # Expectations are given a custom failure message proc so that it's
# easier to identify which check(s) failed. # easier to identify which check(s) failed.
it "has the correct permissions for #{role}s" do it "has the correct permissions for #{role}s" do
if role == :admin if [:admin_with_admin_mode, :admin_without_admin_mode].include?(role)
user.update_attribute(:admin, true) user.update_attribute(:admin, true)
enable_admin_mode!(user) if role == :admin_with_admin_mode
project.add_guest(user) project.add_guest(user)
else else
project.add_role(user, role) project.add_role(user, role)
...@@ -509,7 +511,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -509,7 +511,7 @@ RSpec.describe Gitlab::GitAccess do
end end
permissions_matrix = { permissions_matrix = {
admin: { admin_with_admin_mode: {
any: true, any: true,
push_new_branch: true, push_new_branch: true,
push_master: true, push_master: true,
...@@ -521,6 +523,18 @@ RSpec.describe Gitlab::GitAccess do ...@@ -521,6 +523,18 @@ RSpec.describe Gitlab::GitAccess do
merge_into_protected_branch: true merge_into_protected_branch: true
}, },
admin_without_admin_mode: {
any: false,
push_new_branch: false,
push_master: false,
push_protected_branch: false,
push_remove_protected_branch: false,
push_tag: false,
push_new_tag: false,
push_all: false,
merge_into_protected_branch: false
},
maintainer: { maintainer: {
any: true, any: true,
push_new_branch: true, push_new_branch: true,
...@@ -589,7 +603,8 @@ RSpec.describe Gitlab::GitAccess do ...@@ -589,7 +603,8 @@ RSpec.describe Gitlab::GitAccess do
create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature', state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch) create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature', state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch)
end end
run_permission_checks(permissions_matrix.deep_merge(admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true }, run_permission_checks(permissions_matrix.deep_merge(admin_with_admin_mode: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true },
admin_without_admin_mode: { push_protected_branch: false, merge_into_protected_branch: false },
maintainer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true }, maintainer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true },
developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true }, developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true },
guest: { push_protected_branch: false, merge_into_protected_branch: false }, guest: { push_protected_branch: false, merge_into_protected_branch: false },
...@@ -613,6 +628,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -613,6 +628,7 @@ RSpec.describe Gitlab::GitAccess do
before do before do
create_current_license(starts_at: 1.month.ago.to_date, block_changes_at: Date.current, notify_admins_at: Date.current) create_current_license(starts_at: 1.month.ago.to_date, block_changes_at: Date.current, notify_admins_at: Date.current)
user.update_attribute(:admin, true) user.update_attribute(:admin, true)
enable_admin_mode!(user)
project.add_role(user, :developer) project.add_role(user, :developer)
end end
...@@ -632,9 +648,10 @@ RSpec.describe Gitlab::GitAccess do ...@@ -632,9 +648,10 @@ RSpec.describe Gitlab::GitAccess do
context "when a specific group is allowed to push into the #{protected_branch_type} protected branch" do context "when a specific group is allowed to push into the #{protected_branch_type} protected branch" do
let(:protected_branch) { build(:protected_branch, authorize_group_to_push: group, name: protected_branch_name, project: project) } let(:protected_branch) { build(:protected_branch, authorize_group_to_push: group, name: protected_branch_name, project: project) }
permissions = permissions_matrix.except(:admin).deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }, permissions = permissions_matrix.except(:admin_with_admin_mode, :admin_without_admin_mode)
guest: { push_protected_branch: false, merge_into_protected_branch: false }, .deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true },
reporter: { push_protected_branch: false, merge_into_protected_branch: false }) guest: { push_protected_branch: false, merge_into_protected_branch: false },
reporter: { push_protected_branch: false, merge_into_protected_branch: false })
run_group_permission_checks(permissions) run_group_permission_checks(permissions)
end end
...@@ -646,10 +663,11 @@ RSpec.describe Gitlab::GitAccess do ...@@ -646,10 +663,11 @@ RSpec.describe Gitlab::GitAccess do
create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature', state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch) create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature', state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch)
end end
permissions = permissions_matrix.except(:admin).deep_merge(maintainer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true }, permissions = permissions_matrix.except(:admin_with_admin_mode, :admin_without_admin_mode)
developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true }, .deep_merge(maintainer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true },
guest: { push_protected_branch: false, merge_into_protected_branch: false }, developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: true },
reporter: { push_protected_branch: false, merge_into_protected_branch: false }) guest: { push_protected_branch: false, merge_into_protected_branch: false },
reporter: { push_protected_branch: false, merge_into_protected_branch: false })
run_group_permission_checks(permissions) run_group_permission_checks(permissions)
end end
...@@ -661,9 +679,10 @@ RSpec.describe Gitlab::GitAccess do ...@@ -661,9 +679,10 @@ RSpec.describe Gitlab::GitAccess do
create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature', state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch) create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature', state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch)
end end
permissions = permissions_matrix.except(:admin).deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }, permissions = permissions_matrix.except(:admin_with_admin_mode, :admin_without_admin_mode)
guest: { push_protected_branch: false, merge_into_protected_branch: false }, .deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true },
reporter: { push_protected_branch: false, merge_into_protected_branch: false }) guest: { push_protected_branch: false, merge_into_protected_branch: false },
reporter: { push_protected_branch: false, merge_into_protected_branch: false })
run_group_permission_checks(permissions) run_group_permission_checks(permissions)
end end
......
...@@ -143,15 +143,32 @@ RSpec.describe Banzai::Filter::ReferenceRedactorFilter do ...@@ -143,15 +143,32 @@ RSpec.describe Banzai::Filter::ReferenceRedactorFilter do
expect(doc.css('a').length).to eq 1 expect(doc.css('a').length).to eq 1
end end
it 'allows references for admin' do context 'for admin' do
admin = create(:admin) context 'when admin mode is enabled', :enable_admin_mode do
project = create(:project, :public) it 'allows references' do
issue = create(:issue, :confidential, project: project) admin = create(:admin)
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue') project = create(:project, :public)
issue = create(:issue, :confidential, project: project)
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
doc = filter(link, current_user: admin)
expect(doc.css('a').length).to eq 1
end
end
doc = filter(link, current_user: admin) context 'when admin mode is disabled' do
it 'removes references' do
admin = create(:admin)
project = create(:project, :public)
issue = create(:issue, :confidential, project: project)
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
expect(doc.css('a').length).to eq 1 doc = filter(link, current_user: admin)
expect(doc.css('a').length).to eq 0
end
end
end end
context "when a confidential issue is moved from a public project to a private one" do context "when a confidential issue is moved from a public project to a private one" do
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# #
require 'spec_helper' require 'spec_helper'
RSpec.describe Constraints::AdminConstrainer, :do_not_mock_admin_mode do RSpec.describe Constraints::AdminConstrainer do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:session) { {} } let(:session) { {} }
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store do RSpec.describe Gitlab::Auth::CurrentUserMode, :request_store do
let(:user) { build_stubbed(:user) } let(:user) { build_stubbed(:user) }
subject { described_class.new(user) } subject { described_class.new(user) }
......
...@@ -6,10 +6,10 @@ RSpec.describe 'Deploy-ECS.gitlab-ci.yml' do ...@@ -6,10 +6,10 @@ RSpec.describe 'Deploy-ECS.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('AWS/Deploy-ECS') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('AWS/Deploy-ECS') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_branch) { default_branch } let(:pipeline_branch) { default_branch }
let(:project) { create(:project, :auto_devops, :custom_repo, files: { 'README.md' => '' }) } let(:project) { create(:project, :auto_devops, :custom_repo, files: { 'README.md' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,8 +6,8 @@ RSpec.describe 'Jobs/Build.gitlab-ci.yml' do ...@@ -6,8 +6,8 @@ RSpec.describe 'Jobs/Build.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Jobs/Build') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Jobs/Build') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -6,8 +6,8 @@ RSpec.describe 'Jobs/Code-Quality.gitlab-ci.yml' do ...@@ -6,8 +6,8 @@ RSpec.describe 'Jobs/Code-Quality.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Jobs/Code-Quality') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Jobs/Code-Quality') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -27,8 +27,8 @@ RSpec.describe 'Jobs/Deploy.gitlab-ci.yml' do ...@@ -27,8 +27,8 @@ RSpec.describe 'Jobs/Deploy.gitlab-ci.yml' do
end end
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -6,8 +6,8 @@ RSpec.describe 'Jobs/Test.gitlab-ci.yml' do ...@@ -6,8 +6,8 @@ RSpec.describe 'Jobs/Test.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Jobs/Test') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Jobs/Test') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -6,10 +6,10 @@ RSpec.describe 'Terraform/Base.latest.gitlab-ci.yml' do ...@@ -6,10 +6,10 @@ RSpec.describe 'Terraform/Base.latest.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Terraform/Base.latest') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Terraform/Base.latest') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_branch) { default_branch } let(:pipeline_branch) { default_branch }
let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -19,8 +19,8 @@ RSpec.describe 'Verify/Load-Performance-Testing.gitlab-ci.yml' do ...@@ -19,8 +19,8 @@ RSpec.describe 'Verify/Load-Performance-Testing.gitlab-ci.yml' do
end end
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:user) { project.owner }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch } let(:pipeline_ref) { default_branch }
......
...@@ -6,10 +6,10 @@ RSpec.describe 'Auto-DevOps.gitlab-ci.yml' do ...@@ -6,10 +6,10 @@ RSpec.describe 'Auto-DevOps.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Auto-DevOps') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Auto-DevOps') }
describe 'the created pipeline' do describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_branch) { default_branch } let(:pipeline_branch) { default_branch }
let(:project) { create(:project, :auto_devops, :custom_repo, files: { 'README.md' => '' }) } let(:project) { create(:project, :auto_devops, :custom_repo, files: { 'README.md' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
...@@ -232,8 +232,8 @@ RSpec.describe 'Auto-DevOps.gitlab-ci.yml' do ...@@ -232,8 +232,8 @@ RSpec.describe 'Auto-DevOps.gitlab-ci.yml' do
end end
with_them do with_them do
let(:user) { create(:admin) }
let(:project) { create(:project, :custom_repo, files: files) } let(:project) { create(:project, :custom_repo, files: files) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: 'master' ) }
let(:pipeline) { service.execute(:push) } let(:pipeline) { service.execute(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,10 +6,9 @@ RSpec.describe 'Flutter.gitlab-ci.yml' do ...@@ -6,10 +6,9 @@ RSpec.describe 'Flutter.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Flutter') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Flutter') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let(:pipeline_branch) { 'master' } let(:pipeline_branch) { 'master' }
let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -6,11 +6,10 @@ RSpec.describe 'npm.latest.gitlab-ci.yml' do ...@@ -6,11 +6,10 @@ RSpec.describe 'npm.latest.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('npm.latest') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('npm.latest') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let(:repo_files) { { 'package.json' => '{}', 'README.md' => '' } } let(:repo_files) { { 'package.json' => '{}', 'README.md' => '' } }
let(:modified_files) { %w[package.json] } let(:modified_files) { %w[package.json] }
let(:project) { create(:project, :custom_repo, files: repo_files) } let(:project) { create(:project, :custom_repo, files: repo_files) }
let(:user) { project.owner }
let(:pipeline_branch) { project.default_branch } let(:pipeline_branch) { project.default_branch }
let(:pipeline_tag) { 'v1.2.1' } let(:pipeline_tag) { 'v1.2.1' }
let(:pipeline_ref) { pipeline_branch } let(:pipeline_ref) { pipeline_branch }
......
...@@ -10,11 +10,10 @@ RSpec.describe 'Terraform.latest.gitlab-ci.yml' do ...@@ -10,11 +10,10 @@ RSpec.describe 'Terraform.latest.gitlab-ci.yml' do
subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Terraform.latest') } subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Terraform.latest') }
describe 'the created pipeline' do describe 'the created pipeline' do
let_it_be(:user) { create(:admin) }
let(:default_branch) { 'master' } let(:default_branch) { 'master' }
let(:pipeline_branch) { default_branch } let(:pipeline_branch) { default_branch }
let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) } let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) }
let(:user) { project.owner }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec.describe Gitlab::CycleAnalytics::BaseEventFetcher do RSpec.describe Gitlab::CycleAnalytics::BaseEventFetcher do
let(:max_events) { 2 } let(:max_events) { 2 }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:user) { create(:user, :admin) } let(:user) { project.owner }
let(:start_time_attrs) { Issue.arel_table[:created_at] } let(:start_time_attrs) { Issue.arel_table[:created_at] }
let(:end_time_attrs) { [Issue::Metrics.arel_table[:first_associated_with_milestone_at]] } let(:end_time_attrs) { [Issue::Metrics.arel_table[:first_associated_with_milestone_at]] }
let(:options) do let(:options) do
......
...@@ -4,7 +4,7 @@ require 'spec_helper' ...@@ -4,7 +4,7 @@ require 'spec_helper'
RSpec.describe 'value stream analytics events', :aggregate_failures do RSpec.describe 'value stream analytics events', :aggregate_failures do
let_it_be(:project) { create(:project, :repository) } let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { create(:user, :admin) } let_it_be(:user) { project.owner }
let(:from_date) { 10.days.ago } let(:from_date) { 10.days.ago }
let!(:context) { create(:issue, project: project, created_at: 2.days.ago) } let!(:context) { create(:issue, project: project, created_at: 2.days.ago) }
......
...@@ -172,7 +172,7 @@ RSpec.describe Gitlab::GitAccessSnippet do ...@@ -172,7 +172,7 @@ RSpec.describe Gitlab::GitAccessSnippet do
end end
end end
[:guest, :reporter, :maintainer, :author, :admin].each do |membership| [:guest, :reporter, :maintainer, :author].each do |membership|
context membership.to_s do context membership.to_s do
let(:membership) { membership } let(:membership) { membership }
...@@ -183,6 +183,24 @@ RSpec.describe Gitlab::GitAccessSnippet do ...@@ -183,6 +183,24 @@ RSpec.describe Gitlab::GitAccessSnippet do
end end
end end
context 'admin' do
let(:membership) { :admin }
context 'when admin mode is enabled', :enable_admin_mode do
it 'cannot perform git pushes' do
expect { push_access_check }.to raise_error(described_class::ForbiddenError)
expect { pull_access_check }.not_to raise_error
end
end
context 'when admin mode is disabled' do
it 'cannot perform git operations' do
expect { push_access_check }.to raise_error(described_class::ForbiddenError)
expect { pull_access_check }.to raise_error(described_class::ForbiddenError)
end
end
end
it_behaves_like 'actor is migration bot' it_behaves_like 'actor is migration bot'
end end
......
...@@ -5,6 +5,7 @@ require 'spec_helper' ...@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe Gitlab::GitAccess do RSpec.describe Gitlab::GitAccess do
include TermsHelper include TermsHelper
include GitHelpers include GitHelpers
include AdminModeHelper
let(:user) { create(:user) } let(:user) { create(:user) }
...@@ -769,19 +770,39 @@ RSpec.describe Gitlab::GitAccess do ...@@ -769,19 +770,39 @@ RSpec.describe Gitlab::GitAccess do
describe 'admin user' do describe 'admin user' do
let(:user) { create(:admin) } let(:user) { create(:admin) }
context 'when member of the project' do context 'when admin mode enabled', :enable_admin_mode do
before do context 'when member of the project' do
project.add_reporter(user) before do
project.add_reporter(user)
end
context 'pull code' do
it { expect { pull_access_check }.not_to raise_error }
end
end end
context 'pull code' do context 'when is not member of the project' do
it { expect { pull_access_check }.not_to raise_error } context 'pull code' do
it { expect { pull_access_check }.to raise_forbidden(described_class::ERROR_MESSAGES[:download]) }
end
end end
end end
context 'when is not member of the project' do context 'when admin mode disabled' do
context 'pull code' do context 'when member of the project' do
it { expect { pull_access_check }.to raise_forbidden(described_class::ERROR_MESSAGES[:download]) } before do
project.add_reporter(user)
end
context 'pull code' do
it { expect { pull_access_check }.not_to raise_error }
end
end
context 'when is not member of the project' do
context 'pull code' do
it { expect { pull_access_check }.to raise_not_found }
end
end end
end end
end end
...@@ -870,8 +891,9 @@ RSpec.describe Gitlab::GitAccess do ...@@ -870,8 +891,9 @@ RSpec.describe Gitlab::GitAccess do
# Expectations are given a custom failure message proc so that it's # Expectations are given a custom failure message proc so that it's
# easier to identify which check(s) failed. # easier to identify which check(s) failed.
it "has the correct permissions for #{role}s" do it "has the correct permissions for #{role}s" do
if role == :admin if [:admin_with_admin_mode, :admin_without_admin_mode].include?(role)
user.update_attribute(:admin, true) user.update_attribute(:admin, true)
enable_admin_mode!(user) if role == :admin_with_admin_mode
project.add_guest(user) project.add_guest(user)
else else
project.add_role(user, role) project.add_role(user, role)
...@@ -897,7 +919,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -897,7 +919,7 @@ RSpec.describe Gitlab::GitAccess do
end end
permissions_matrix = { permissions_matrix = {
admin: { admin_with_admin_mode: {
any: true, any: true,
push_new_branch: true, push_new_branch: true,
push_master: true, push_master: true,
...@@ -909,6 +931,18 @@ RSpec.describe Gitlab::GitAccess do ...@@ -909,6 +931,18 @@ RSpec.describe Gitlab::GitAccess do
merge_into_protected_branch: true merge_into_protected_branch: true
}, },
admin_without_admin_mode: {
any: false,
push_new_branch: false,
push_master: false,
push_protected_branch: false,
push_remove_protected_branch: false,
push_tag: false,
push_new_tag: false,
push_all: false,
merge_into_protected_branch: false
},
maintainer: { maintainer: {
any: true, any: true,
push_new_branch: true, push_new_branch: true,
...@@ -1009,7 +1043,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -1009,7 +1043,7 @@ RSpec.describe Gitlab::GitAccess do
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }, run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
maintainer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }, maintainer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false })) admin_with_admin_mode: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end end
end end
......
...@@ -342,17 +342,36 @@ RSpec.describe Gitlab::SearchResults do ...@@ -342,17 +342,36 @@ RSpec.describe Gitlab::SearchResults do
expect(results.limited_issues_count).to eq 4 expect(results.limited_issues_count).to eq 4
end end
it 'lists all issues for admin' do context 'with admin user' do
results = described_class.new(admin, query, limit_projects) context 'when admin mode enabled', :enable_admin_mode do
issues = results.objects('issues') it 'lists all issues' do
results = described_class.new(admin, query, limit_projects)
issues = results.objects('issues')
expect(issues).to include issue
expect(issues).to include security_issue_1
expect(issues).to include security_issue_2
expect(issues).to include security_issue_3
expect(issues).to include security_issue_4
expect(issues).not_to include security_issue_5
expect(results.limited_issues_count).to eq 5
end
end
expect(issues).to include issue context 'when admin mode disabled' do
expect(issues).to include security_issue_1 it 'does not list confidential issues' do
expect(issues).to include security_issue_2 results = described_class.new(admin, query, limit_projects)
expect(issues).to include security_issue_3 issues = results.objects('issues')
expect(issues).to include security_issue_4
expect(issues).not_to include security_issue_5 expect(issues).to include issue
expect(results.limited_issues_count).to eq 5 expect(issues).not_to include security_issue_1
expect(issues).not_to include security_issue_2
expect(issues).not_to include security_issue_3
expect(issues).not_to include security_issue_4
expect(issues).not_to include security_issue_5
expect(results.limited_issues_count).to eq 1
end
end
end end
end end
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe Gitlab::SidekiqMiddleware::AdminMode::Client, :do_not_mock_admin_mode, :request_store do RSpec.describe Gitlab::SidekiqMiddleware::AdminMode::Client, :request_store do
include AdminModeHelper include AdminModeHelper
let(:worker) do let(:worker) do
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe Gitlab::SidekiqMiddleware::AdminMode::Server, :do_not_mock_admin_mode, :request_store do RSpec.describe Gitlab::SidekiqMiddleware::AdminMode::Server, :request_store do
include AdminModeHelper include AdminModeHelper
let(:worker) do let(:worker) do
......
...@@ -3,15 +3,20 @@ ...@@ -3,15 +3,20 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe Gitlab::SlashCommands::Presenters::IssueMove do RSpec.describe Gitlab::SlashCommands::Presenters::IssueMove do
let_it_be(:admin) { create(:admin) } let_it_be(:user) { create(:user) }
let_it_be(:project, reload: true) { create(:project) } let_it_be(:project, reload: true) { create(:project) }
let_it_be(:other_project) { create(:project) } let_it_be(:other_project) { create(:project) }
let_it_be(:old_issue, reload: true) { create(:issue, project: project) } let_it_be(:old_issue, reload: true) { create(:issue, project: project) }
let(:new_issue) { Issues::MoveService.new(project, admin).execute(old_issue, other_project) } let(:new_issue) { Issues::MoveService.new(project, user).execute(old_issue, other_project) }
let(:attachment) { subject[:attachments].first } let(:attachment) { subject[:attachments].first }
subject { described_class.new(new_issue).present(old_issue) } subject { described_class.new(new_issue).present(old_issue) }
before do
project.add_developer(user)
other_project.add_developer(user)
end
it { is_expected.to be_a(Hash) } it { is_expected.to be_a(Hash) }
it 'shows the new issue' do it 'shows the new issue' do
......
...@@ -45,10 +45,20 @@ RSpec.describe Gitlab::UserAccess do ...@@ -45,10 +45,20 @@ RSpec.describe Gitlab::UserAccess do
let(:empty_project) { create(:project_empty_repo) } let(:empty_project) { create(:project_empty_repo) }
let(:project_access) { described_class.new(user, container: empty_project) } let(:project_access) { described_class.new(user, container: empty_project) }
it 'returns true for admins' do context 'when admin mode is enabled', :enable_admin_mode do
user.update!(admin: true) it 'returns true for admins' do
user.update!(admin: true)
expect(access.can_push_to_branch?('master')).to be_truthy expect(access.can_push_to_branch?('master')).to be_truthy
end
end
context 'when admin mode is disabled' do
it 'returns false for admins' do
user.update!(admin: true)
expect(access.can_push_to_branch?('master')).to be_falsey
end
end end
it 'returns true if user is maintainer' do it 'returns true if user is maintainer' do
...@@ -85,10 +95,20 @@ RSpec.describe Gitlab::UserAccess do ...@@ -85,10 +95,20 @@ RSpec.describe Gitlab::UserAccess do
let(:branch) { create :protected_branch, project: project, name: "test" } let(:branch) { create :protected_branch, project: project, name: "test" }
let(:not_existing_branch) { create :protected_branch, :developers_can_merge, project: project } let(:not_existing_branch) { create :protected_branch, :developers_can_merge, project: project }
it 'returns true for admins' do context 'when admin mode is enabled', :enable_admin_mode do
user.update!(admin: true) it 'returns true for admins' do
user.update!(admin: true)
expect(access.can_push_to_branch?(branch.name)).to be_truthy expect(access.can_push_to_branch?(branch.name)).to be_truthy
end
end
context 'when admin mode is disabled' do
it 'returns false for admins' do
user.update!(admin: true)
expect(access.can_push_to_branch?(branch.name)).to be_falsey
end
end end
it 'returns true if user is a maintainer' do it 'returns true if user is a maintainer' do
......
...@@ -22,13 +22,25 @@ RSpec.describe Gitlab::VisibilityLevel do ...@@ -22,13 +22,25 @@ RSpec.describe Gitlab::VisibilityLevel do
end end
describe '.levels_for_user' do describe '.levels_for_user' do
it 'returns all levels for an admin' do context 'when admin mode is enabled', :enable_admin_mode do
user = build(:user, :admin) it 'returns all levels for an admin' do
user = build(:user, :admin)
expect(described_class.levels_for_user(user))
.to eq([Gitlab::VisibilityLevel::PRIVATE,
Gitlab::VisibilityLevel::INTERNAL,
Gitlab::VisibilityLevel::PUBLIC])
end
end
expect(described_class.levels_for_user(user)) context 'when admin mode is disabled' do
.to eq([Gitlab::VisibilityLevel::PRIVATE, it 'returns INTERNAL and PUBLIC for an admin' do
Gitlab::VisibilityLevel::INTERNAL, user = build(:user, :admin)
Gitlab::VisibilityLevel::PUBLIC])
expect(described_class.levels_for_user(user))
.to eq([Gitlab::VisibilityLevel::INTERNAL,
Gitlab::VisibilityLevel::PUBLIC])
end
end end
it 'returns INTERNAL and PUBLIC for internal users' do it 'returns INTERNAL and PUBLIC for internal users' do
......
...@@ -290,14 +290,11 @@ RSpec.configure do |config| ...@@ -290,14 +290,11 @@ RSpec.configure do |config|
admin_mode_mock_dirs = %w( admin_mode_mock_dirs = %w(
./ee/spec/elastic_integration ./ee/spec/elastic_integration
./ee/spec/finders ./ee/spec/finders
./ee/spec/lib
./ee/spec/serializers ./ee/spec/serializers
./ee/spec/support/shared_examples/finders/geo ./ee/spec/support/shared_examples/finders/geo
./ee/spec/support/shared_examples/graphql/geo ./ee/spec/support/shared_examples/graphql/geo
./spec/finders ./spec/finders
./spec/lib
./spec/serializers ./spec/serializers
./spec/support/shared_examples/lib/gitlab
./spec/workers ./spec/workers
) )
......
...@@ -54,7 +54,7 @@ RSpec.shared_examples 'access restricted confidential issues' do ...@@ -54,7 +54,7 @@ RSpec.shared_examples 'access restricted confidential issues' do
end end
end end
context 'when the user is a developper' do context 'when the user is a developer' do
let(:user) do let(:user) do
create(:user) { |user| project.add_developer(user) } create(:user) { |user| project.add_developer(user) }
end end
...@@ -70,10 +70,19 @@ RSpec.shared_examples 'access restricted confidential issues' do ...@@ -70,10 +70,19 @@ RSpec.shared_examples 'access restricted confidential issues' do
context 'when the user is admin', :request_store do context 'when the user is admin', :request_store do
let(:user) { create(:user, admin: true) } let(:user) { create(:user, admin: true) }
it 'lists all project issues' do context 'when admin mode is enabled', :enable_admin_mode do
expect(objects).to contain_exactly(issue, it 'lists all project issues' do
security_issue_1, expect(objects).to contain_exactly(issue,
security_issue_2) security_issue_1,
security_issue_2)
end
end
context 'when admin mode is disabled' do
it 'does not list project confidential issues' do
expect(objects).to contain_exactly(issue)
expect(results.limited_issues_count).to eq 1
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment