Commit 38199935 authored by Valery Sizov's avatar Valery Sizov

Merge branch 'ce_upstream' of gitlab.com:gitlab-org/gitlab-ee into ce_upstream

parents 56d684b1 474e170d
...@@ -51,7 +51,7 @@ ...@@ -51,7 +51,7 @@
}); });
// Protected branch dropdown // Protected branch dropdown
new gl.ProtectedBranchDropdown({ new window.ProtectedBranchDropdown({
$dropdown: this.$wrap.find('.js-protected-branch-select'), $dropdown: this.$wrap.find('.js-protected-branch-select'),
onSelect: this.onSelectCallback onSelect: this.onSelectCallback
}); });
......
/* eslint-disable */ /* eslint-disable comma-dangle, no-unused-vars */
(global => {
global.gl = global.gl || {};
class ProtectedBranchDropdown { class ProtectedBranchDropdown {
constructor(options) { constructor(options) {
this.onSelect = options.onSelect; this.onSelect = options.onSelect;
this.$dropdown = options.$dropdown; this.$dropdown = options.$dropdown;
this.$dropdownContainer = this.$dropdown.parent(); this.$dropdownContainer = this.$dropdown.parent();
this.$dropdownFooter = this.$dropdownContainer.find('.dropdown-footer'); this.$dropdownFooter = this.$dropdownContainer.find('.dropdown-footer');
this.$protectedBranch = this.$dropdownContainer.find('.create-new-protected-branch'); this.$protectedBranch = this.$dropdownContainer.find('.create-new-protected-branch');
this.buildDropdown(); this.buildDropdown();
this.bindEvents(); this.bindEvents();
// Hide footer // Hide footer
this.$dropdownFooter.addClass('hidden'); this.$dropdownFooter.addClass('hidden');
} }
buildDropdown() { buildDropdown() {
this.$dropdown.glDropdown({ this.$dropdown.glDropdown({
data: this.getProtectedBranches.bind(this), data: this.getProtectedBranches.bind(this),
filterable: true, filterable: true,
remote: false, remote: false,
search: { search: {
fields: ['title'] fields: ['title']
}, },
selectable: true, selectable: true,
toggleLabel(selected) { toggleLabel(selected) {
return (selected && 'id' in selected) ? selected.title : 'Protected Branch'; return (selected && 'id' in selected) ? selected.title : 'Protected Branch';
}, },
fieldName: 'protected_branch[name]', fieldName: 'protected_branch[name]',
text(protectedBranch) { text(protectedBranch) {
return _.escape(protectedBranch.title); return _.escape(protectedBranch.title);
}, },
id(protectedBranch) { id(protectedBranch) {
return _.escape(protectedBranch.id); return _.escape(protectedBranch.id);
}, },
onFilter: this.toggleCreateNewButton.bind(this), onFilter: this.toggleCreateNewButton.bind(this),
clicked: (item, $el, e) => { clicked: (item, $el, e) => {
e.preventDefault(); e.preventDefault();
this.onSelect(); this.onSelect();
} }
}); });
} }
onClickCreateWildcard() { onClickCreateWildcard() {
// Refresh the dropdown's data, which ends up calling `getProtectedBranches` // Refresh the dropdown's data, which ends up calling `getProtectedBranches`
this.$dropdown.data('glDropdown').remote.execute(); this.$dropdown.data('glDropdown').remote.execute();
this.$dropdown.data('glDropdown').selectRowAtIndex(0); this.$dropdown.data('glDropdown').selectRowAtIndex(0);
} }
bindEvents() { bindEvents() {
this.$protectedBranch.on('click', this.onClickCreateWildcard.bind(this)); this.$protectedBranch.on('click', this.onClickCreateWildcard.bind(this));
} }
getProtectedBranches(term, callback) { getProtectedBranches(term, callback) {
if (this.selectedBranch) { if (this.selectedBranch) {
callback(gon.open_branches.concat(this.selectedBranch)); callback(gon.open_branches.concat(this.selectedBranch));
} else { } else {
callback(gon.open_branches); callback(gon.open_branches);
}
} }
}
toggleCreateNewButton(branchName) { toggleCreateNewButton(branchName) {
this.selectedBranch = { this.selectedBranch = {
title: branchName, title: branchName,
id: branchName, id: branchName,
text: branchName text: branchName
}; };
if (branchName) { if (branchName) {
this.$dropdownContainer this.$dropdownContainer
.find('.create-new-protected-branch code') .find('.create-new-protected-branch code')
.text(branchName); .text(branchName);
}
this.$dropdownFooter.toggleClass('hidden', !branchName);
} }
}
<<<<<<< HEAD
global.gl.ProtectedBranchDropdown = ProtectedBranchDropdown; this.$dropdownFooter.toggleClass('hidden', !branchName);
})(window); }
=======
} }
window.ProtectedBranchDropdown = ProtectedBranchDropdown; window.ProtectedBranchDropdown = ProtectedBranchDropdown;
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c
...@@ -42,13 +42,9 @@ module Gitlab ...@@ -42,13 +42,9 @@ module Gitlab
when *DOWNLOAD_COMMANDS when *DOWNLOAD_COMMANDS
check_download_access! check_download_access!
when *PUSH_COMMANDS when *PUSH_COMMANDS
<<<<<<< HEAD check_push_access!(changes)
push_access_check(changes)
when *GIT_ANNEX_COMMANDS when *GIT_ANNEX_COMMANDS
git_annex_access_check(project, changes) git_annex_access_check(project, changes)
=======
check_push_access!(changes)
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c
end end
build_status_object(true) build_status_object(true)
...@@ -56,37 +52,7 @@ module Gitlab ...@@ -56,37 +52,7 @@ module Gitlab
build_status_object(false, ex.message) build_status_object(false, ex.message)
end end
<<<<<<< HEAD
def download_access_check
if user
user_download_access_check
elsif deploy_key.nil? && geo_node_key.nil? && !guest_can_downlod_code?
raise UnauthorizedError, ERROR_MESSAGES[:download]
end
end
def push_access_check(changes)
if project.repository_read_only?
raise UnauthorizedError, 'The repository is temporarily read-only. Please try again later.'
end
if Gitlab::Geo.secondary?
raise UnauthorizedError, "You can't push code on a secondary GitLab Geo node."
end
return if git_annex_branch_sync?(changes)
if user
user_push_access_check(changes)
else
raise UnauthorizedError, ERROR_MESSAGES[deploy_key ? :deploy_key : :upload]
end
end
def guest_can_downlod_code?
=======
def guest_can_download_code? def guest_can_download_code?
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c
Guest.can?(:download_code, project) Guest.can?(:download_code, project)
end end
...@@ -98,57 +64,6 @@ module Gitlab ...@@ -98,57 +64,6 @@ module Gitlab
authentication_abilities.include?(:build_download_code) && user_access.can_do_action?(:build_download_code) authentication_abilities.include?(:build_download_code) && user_access.can_do_action?(:build_download_code)
end end
<<<<<<< HEAD
def user_push_access_check(changes)
unless authentication_abilities.include?(:push_code)
raise UnauthorizedError, ERROR_MESSAGES[:upload]
end
if changes.blank?
return # Allow access.
end
unless project.repository.exists?
raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
end
if project.above_size_limit?
raise UnauthorizedError, Gitlab::RepositorySizeError.new(project).push_error
end
if ::License.block_changes?
message = ::LicenseHelper.license_message(signed_in: true, is_admin: (user && user.is_admin?))
raise UnauthorizedError, message
end
changes_list = Gitlab::ChangesList.new(changes)
push_size_in_bytes = 0
# Iterate over all changes to find if user allowed all of them to be applied
changes_list.each do |change|
status = change_access_check(change)
unless status.allowed?
# If user does not have access to make at least one change - cancel all push
raise UnauthorizedError, status.message
end
if project.size_limit_enabled?
push_size_in_bytes += EE::Gitlab::Deltas.delta_size_check(change, project.repository)
end
end
if project.changes_will_exceed_size_limit?(push_size_in_bytes.to_mb)
raise UnauthorizedError, Gitlab::RepositorySizeError.new(project).new_changes_error
end
end
def change_access_check(change)
Checks::ChangeAccess.new(change, user_access: user_access, project: project, env: @env).exec
end
=======
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c
def protocol_allowed? def protocol_allowed?
Gitlab::ProtocolAccess.allowed?(protocol) Gitlab::ProtocolAccess.allowed?(protocol)
end end
...@@ -162,7 +77,7 @@ module Gitlab ...@@ -162,7 +77,7 @@ module Gitlab
end end
def check_active_user! def check_active_user!
return if deploy_key? return if deploy_key? || geo_node_key?
if user && !user_access.allowed? if user && !user_access.allowed?
raise UnauthorizedError, "Your account has been blocked." raise UnauthorizedError, "Your account has been blocked."
...@@ -181,47 +96,12 @@ module Gitlab ...@@ -181,47 +96,12 @@ module Gitlab
end end
end end
<<<<<<< HEAD
def check_geo_license! def check_geo_license!
if Gitlab::Geo.secondary? && !Gitlab::Geo.license_allows? if Gitlab::Geo.secondary? && !Gitlab::Geo.license_allows?
raise UnauthorizedError, 'Your current license does not have GitLab Geo add-on enabled.' raise UnauthorizedError, 'Your current license does not have GitLab Geo add-on enabled.'
end end
end end
def matching_merge_request?(newrev, branch_name)
Checks::MatchingMergeRequest.new(newrev, branch_name, project).match?
end
def protected_branch_action(oldrev, newrev, branch_name)
# we dont allow force push to protected branch
if forced_push?(oldrev, newrev)
:force_push_code_to_protected_branches
elsif Gitlab::Git.blank_ref?(newrev)
# and we dont allow remove of protected branch
:remove_protected_branches
elsif matching_merge_request?(newrev, branch_name) && project.developers_can_merge_to_protected_branch?(branch_name)
:push_code
elsif project.developers_can_push_to_protected_branch?(branch_name)
:push_code
else
:push_code_to_protected_branches
end
end
def protected_tag?(tag_name)
project.repository.tag_exists?(tag_name)
end
def deploy_key
actor if actor.is_a?(DeployKey)
end
def geo_node_key
actor if actor.is_a?(GeoNodeKey)
end
def deploy_key_can_read_project?
=======
def check_repository_existence! def check_repository_existence!
unless project.repository.exists? unless project.repository.exists?
raise UnauthorizedError, ERROR_MESSAGES[:no_repo] raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
...@@ -229,7 +109,7 @@ module Gitlab ...@@ -229,7 +109,7 @@ module Gitlab
end end
def check_download_access! def check_download_access!
return if deploy_key? return if deploy_key? || geo_node_key?
passed = user_can_download_code? || passed = user_can_download_code? ||
build_can_download_code? || build_can_download_code? ||
...@@ -240,8 +120,18 @@ module Gitlab ...@@ -240,8 +120,18 @@ module Gitlab
end end
end end
# TODO: please clean this up
def check_push_access!(changes) def check_push_access!(changes)
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c if project.repository_read_only?
raise UnauthorizedError, 'The repository is temporarily read-only. Please try again later.'
end
if Gitlab::Geo.secondary?
raise UnauthorizedError, "You can't push code on a secondary GitLab Geo node."
end
return if git_annex_branch_sync?(changes)
if deploy_key if deploy_key
check_deploy_key_push_access! check_deploy_key_push_access!
elsif user elsif user
...@@ -252,24 +142,21 @@ module Gitlab ...@@ -252,24 +142,21 @@ module Gitlab
return if changes.blank? # Allow access. return if changes.blank? # Allow access.
if project.above_size_limit?
raise UnauthorizedError, Gitlab::RepositorySizeError.new(project).push_error
end
if ::License.block_changes?
message = ::LicenseHelper.license_message(signed_in: true, is_admin: (user && user.is_admin?))
raise UnauthorizedError, message
end
check_change_access!(changes) check_change_access!(changes)
end end
<<<<<<< HEAD
def can_read_project?
if user
user_access.can_read_project?
elsif deploy_key
deploy_key_can_read_project?
elsif geo_node_key
true
else
Guest.can?(:read_project, project)
=======
def check_user_push_access! def check_user_push_access!
unless authentication_abilities.include?(:push_code) unless authentication_abilities.include?(:push_code)
raise UnauthorizedError, ERROR_MESSAGES[:upload] raise UnauthorizedError, ERROR_MESSAGES[:upload]
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c
end end
end end
...@@ -282,13 +169,24 @@ module Gitlab ...@@ -282,13 +169,24 @@ module Gitlab
def check_change_access!(changes) def check_change_access!(changes)
changes_list = Gitlab::ChangesList.new(changes) changes_list = Gitlab::ChangesList.new(changes)
push_size_in_bytes = 0
# Iterate over all changes to find if user allowed all of them to be applied # Iterate over all changes to find if user allowed all of them to be applied
changes_list.each do |change| changes_list.each do |change|
status = check_single_change_access(change) status = check_single_change_access(change)
unless status.allowed? unless status.allowed?
# If user does not have access to make at least one change - cancel all push # If user does not have access to make at least one change - cancel all push
raise UnauthorizedError, status.message raise UnauthorizedError, status.message
end end
if project.size_limit_enabled?
push_size_in_bytes += EE::Gitlab::Deltas.delta_size_check(change, project.repository)
end
end
if project.changes_will_exceed_size_limit?(push_size_in_bytes.to_mb)
raise UnauthorizedError, Gitlab::RepositorySizeError.new(project).new_changes_error
end end
end end
...@@ -301,10 +199,6 @@ module Gitlab ...@@ -301,10 +199,6 @@ module Gitlab
skip_authorization: deploy_key?).exec skip_authorization: deploy_key?).exec
end end
def matching_merge_request?(newrev, branch_name)
Checks::MatchingMergeRequest.new(newrev, branch_name, project).match?
end
def deploy_key def deploy_key
actor if deploy_key? actor if deploy_key?
end end
...@@ -313,9 +207,19 @@ module Gitlab ...@@ -313,9 +207,19 @@ module Gitlab
actor.is_a?(DeployKey) actor.is_a?(DeployKey)
end end
def geo_node_key
actor if geo_node_key?
end
def geo_node_key?
actor.is_a?(GeoNodeKey)
end
def can_read_project? def can_read_project?
if deploy_key if deploy_key?
deploy_key.has_access_to?(project) deploy_key.has_access_to?(project)
elsif geo_node_key?
true
elsif user elsif user
user.can?(:read_project, project) user.can?(:read_project, project)
end || Guest.can?(:read_project, project) end || Guest.can?(:read_project, project)
...@@ -350,10 +254,6 @@ module Gitlab ...@@ -350,10 +254,6 @@ module Gitlab
raise UnauthorizedError, "You don't have access" raise UnauthorizedError, "You don't have access"
end end
unless project.repository.exists?
raise UnauthorizedError, "Repository does not exist"
end
if Gitlab::Geo.enabled? && Gitlab::Geo.secondary? if Gitlab::Geo.enabled? && Gitlab::Geo.secondary?
raise UnauthorizedError, "You can't use git-annex with a secondary GitLab Geo node." raise UnauthorizedError, "You can't use git-annex with a secondary GitLab Geo node."
end end
...@@ -380,16 +280,5 @@ module Gitlab ...@@ -380,16 +280,5 @@ module Gitlab
true true
end end
def commit_from_annex_sync?(commit_message)
return false unless Gitlab.config.gitlab_shell.git_annex_enabled
# Commit message starting with <git-annex in > so avoid push rules on this
commit_message.start_with?('git-annex in')
end
def old_commit?(commit)
commit.refs(project.repository).any?
end
end end
end end
...@@ -154,7 +154,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -154,7 +154,7 @@ describe Gitlab::GitAccess, lib: true do
let(:actor) { key } let(:actor) { key }
context 'pull code' do context 'pull code' do
subject { access.download_access_check } subject { access.send(:check_download_access!) }
it { expect { subject }.not_to raise_error } it { expect { subject }.not_to raise_error }
end end
...@@ -247,8 +247,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -247,8 +247,7 @@ describe Gitlab::GitAccess, lib: true do
permissions_matrix[role].each do |action, allowed| permissions_matrix[role].each do |action, allowed|
context action do context action do
<<<<<<< HEAD subject { access.send(:check_push_access!, changes[action]) }
subject { access.push_access_check(changes[action]) }
it do it do
if allowed if allowed
...@@ -276,7 +275,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -276,7 +275,7 @@ describe Gitlab::GitAccess, lib: true do
permissions_matrix[role].each do |action, allowed| permissions_matrix[role].each do |action, allowed|
context action do context action do
subject { access.push_access_check(changes[action]) } subject { access.send(:check_push_access!, changes[action]) }
it do it do
if allowed if allowed
...@@ -284,10 +283,6 @@ describe Gitlab::GitAccess, lib: true do ...@@ -284,10 +283,6 @@ describe Gitlab::GitAccess, lib: true do
else else
expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError) expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError)
end end
=======
subject { access.send(:check_push_access!, changes[action]) }
it { expect(subject.allowed?).to allowed ? be_truthy : be_falsey }
>>>>>>> 714f70a38df10e678bffde6e6081a97e31d8317c
end end
end end
end end
...@@ -543,20 +538,20 @@ describe Gitlab::GitAccess, lib: true do ...@@ -543,20 +538,20 @@ describe Gitlab::GitAccess, lib: true do
allow(Gitlab::Geo).to receive(:secondary?) { true } allow(Gitlab::Geo).to receive(:secondary?) { true }
end end
it { expect { access.push_access_check(git_annex_changes) }.to raise_error(described_class::UnauthorizedError) } it { expect { access.send(:check_push_access!, git_annex_changes) }.to raise_error(described_class::UnauthorizedError) }
end end
describe 'and git hooks unset' do describe 'and git hooks unset' do
describe 'git annex enabled' do describe 'git annex enabled' do
before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) } before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }
it { expect { access.push_access_check(git_annex_changes) }.not_to raise_error } it { expect { access.send(:check_push_access!, git_annex_changes) }.not_to raise_error }
end end
describe 'git annex disabled' do describe 'git annex disabled' do
before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false) } before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false) }
it { expect { access.push_access_check(git_annex_changes) }.not_to raise_error } it { expect { access.send(:check_push_access!, git_annex_changes) }.not_to raise_error }
end end
end end
...@@ -571,7 +566,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -571,7 +566,7 @@ describe Gitlab::GitAccess, lib: true do
describe 'git annex enabled' do describe 'git annex enabled' do
before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) } before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }
it { expect { access.push_access_check(git_annex_changes) }.not_to raise_error } it { expect { access.send(:check_push_access!, git_annex_changes) }.not_to raise_error }
end end
describe 'git annex enabled, push to master branch' do describe 'git annex enabled, push to master branch' do
...@@ -580,7 +575,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -580,7 +575,7 @@ describe Gitlab::GitAccess, lib: true do
allow_any_instance_of(Commit).to receive(:safe_message) { 'git-annex in me@host:~/repo' } allow_any_instance_of(Commit).to receive(:safe_message) { 'git-annex in me@host:~/repo' }
end end
it { expect { access.push_access_check(git_annex_master_changes) }.not_to raise_error } it { expect { access.send(:check_push_access!, git_annex_master_changes) }.not_to raise_error }
end end
describe 'git annex disabled' do describe 'git annex disabled' do
...@@ -588,7 +583,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -588,7 +583,7 @@ describe Gitlab::GitAccess, lib: true do
allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false) allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(false)
end end
it { expect { access.push_access_check(git_annex_changes) }.to raise_error(described_class::UnauthorizedError) } it { expect { access.send(:check_push_access!, git_annex_changes) }.to raise_error(described_class::UnauthorizedError) }
end end
end end
...@@ -602,7 +597,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -602,7 +597,7 @@ describe Gitlab::GitAccess, lib: true do
before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) } before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }
it { expect(access.check('git-annex-shell', git_annex_changes).allowed?).to be_truthy } it { expect(access.check('git-annex-shell', git_annex_changes).allowed?).to be_truthy }
it { expect { access.push_access_check(git_annex_changes) }.not_to raise_error } it { expect { access.send(:check_push_access!, git_annex_changes) }.not_to raise_error }
end end
describe 'git annex disabled' do describe 'git annex disabled' do
...@@ -611,7 +606,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -611,7 +606,7 @@ describe Gitlab::GitAccess, lib: true do
end end
it { expect(access.check('git-annex-shell', git_annex_changes).allowed?).to be_falsey } it { expect(access.check('git-annex-shell', git_annex_changes).allowed?).to be_falsey }
it { expect { access.push_access_check(git_annex_changes) }.to raise_error(described_class::UnauthorizedError) } it { expect { access.send(:check_push_access!, git_annex_changes) }.to raise_error(described_class::UnauthorizedError) }
end end
end end
end end
...@@ -628,21 +623,21 @@ describe Gitlab::GitAccess, lib: true do ...@@ -628,21 +623,21 @@ describe Gitlab::GitAccess, lib: true do
describe "author email check" do describe "author email check" do
it 'returns true' do it 'returns true' do
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.not_to raise_error
end end
it 'returns false' do it 'returns false' do
project.create_push_rule project.create_push_rule
project.push_rule.update(commit_message_regex: "@only.com") project.push_rule.update(commit_message_regex: "@only.com")
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.to raise_error(described_class::UnauthorizedError) expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.to raise_error(described_class::UnauthorizedError)
end end
it 'returns true for tags' do it 'returns true for tags' do
project.create_push_rule project.create_push_rule
project.push_rule.update(commit_message_regex: "@only.com") project.push_rule.update(commit_message_regex: "@only.com")
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/tags/v1') }.not_to raise_error expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/tags/v1') }.not_to raise_error
end end
it 'allows githook for new branch with an old bad commit' do it 'allows githook for new branch with an old bad commit' do
...@@ -655,7 +650,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -655,7 +650,7 @@ describe Gitlab::GitAccess, lib: true do
project.push_rule.update(commit_message_regex: "Change some files") project.push_rule.update(commit_message_regex: "Change some files")
# push to new branch, so use a blank old rev and new ref # push to new branch, so use a blank old rev and new ref
expect { access.push_access_check("#{Gitlab::Git::BLANK_SHA} 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/new-branch") }.not_to raise_error expect { access.send(:check_push_access!, "#{Gitlab::Git::BLANK_SHA} 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/new-branch") }.not_to raise_error
end end
it 'allows githook for any change with an old bad commit' do it 'allows githook for any change with an old bad commit' do
...@@ -668,7 +663,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -668,7 +663,7 @@ describe Gitlab::GitAccess, lib: true do
project.push_rule.update(commit_message_regex: "Change some files") project.push_rule.update(commit_message_regex: "Change some files")
# push to new branch, so use a blank old rev and new ref # push to new branch, so use a blank old rev and new ref
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.not_to raise_error
end end
it 'does not allow any change from Web UI with bad commit' do it 'does not allow any change from Web UI with bad commit' do
...@@ -683,7 +678,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -683,7 +678,7 @@ describe Gitlab::GitAccess, lib: true do
project.push_rule.update(commit_message_regex: "Change some files") project.push_rule.update(commit_message_regex: "Change some files")
# push to new branch, so use a blank old rev and new ref # push to new branch, so use a blank old rev and new ref
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.to raise_error(described_class::UnauthorizedError) expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.to raise_error(described_class::UnauthorizedError)
end end
end end
...@@ -694,13 +689,13 @@ describe Gitlab::GitAccess, lib: true do ...@@ -694,13 +689,13 @@ describe Gitlab::GitAccess, lib: true do
end end
it 'returns false for non-member user' do it 'returns false for non-member user' do
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.to raise_error(described_class::UnauthorizedError) expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.to raise_error(described_class::UnauthorizedError)
end end
it 'returns true if committer is a gitlab member' do it 'returns true if committer is a gitlab member' do
create(:user, email: 'dmitriy.zaporozhets@gmail.com') create(:user, email: 'dmitriy.zaporozhets@gmail.com')
expect { access.push_access_check('6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master') }.not_to raise_error
end end
end end
...@@ -715,14 +710,14 @@ describe Gitlab::GitAccess, lib: true do ...@@ -715,14 +710,14 @@ describe Gitlab::GitAccess, lib: true do
project.create_push_rule project.create_push_rule
project.push_rule.update(file_name_regex: "jpg$") project.push_rule.update(file_name_regex: "jpg$")
expect { access.push_access_check('913c66a37b4a45b9769037c55c2d238bd0942d2e 33f3729a45c02fc67d00adb1b8bca394b0e761d9 refs/heads/master') }.to raise_error(described_class::UnauthorizedError) expect { access.send(:check_push_access!, '913c66a37b4a45b9769037c55c2d238bd0942d2e 33f3729a45c02fc67d00adb1b8bca394b0e761d9 refs/heads/master') }.to raise_error(described_class::UnauthorizedError)
end end
it 'returns true if file name is allowed' do it 'returns true if file name is allowed' do
project.create_push_rule project.create_push_rule
project.push_rule.update(file_name_regex: "exe$") project.push_rule.update(file_name_regex: "exe$")
expect { access.push_access_check('913c66a37b4a45b9769037c55c2d238bd0942d2e 33f3729a45c02fc67d00adb1b8bca394b0e761d9 refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, '913c66a37b4a45b9769037c55c2d238bd0942d2e 33f3729a45c02fc67d00adb1b8bca394b0e761d9 refs/heads/master') }.not_to raise_error
end end
end end
...@@ -735,14 +730,14 @@ describe Gitlab::GitAccess, lib: true do ...@@ -735,14 +730,14 @@ describe Gitlab::GitAccess, lib: true do
project.create_push_rule project.create_push_rule
project.push_rule.update(max_file_size: 1) project.push_rule.update(max_file_size: 1)
expect { access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.to raise_error(described_class::UnauthorizedError) expect { access.send(:check_push_access!, 'cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.to raise_error(described_class::UnauthorizedError)
end end
it "returns true when size is allowed" do it "returns true when size is allowed" do
project.create_push_rule project.create_push_rule
project.push_rule.update(max_file_size: 2) project.push_rule.update(max_file_size: 2)
expect { access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, 'cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.not_to raise_error
end end
it "returns true when size is nil" do it "returns true when size is nil" do
...@@ -750,7 +745,7 @@ describe Gitlab::GitAccess, lib: true do ...@@ -750,7 +745,7 @@ describe Gitlab::GitAccess, lib: true do
project.create_push_rule project.create_push_rule
project.push_rule.update(max_file_size: 2) project.push_rule.update(max_file_size: 2)
expect { access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, 'cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.not_to raise_error
end end
end end
...@@ -762,13 +757,13 @@ describe Gitlab::GitAccess, lib: true do ...@@ -762,13 +757,13 @@ describe Gitlab::GitAccess, lib: true do
it 'returns false when blob is too big' do it 'returns false when blob is too big' do
allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(100.megabytes.to_i) allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(100.megabytes.to_i)
expect { access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.to raise_error(described_class::UnauthorizedError) expect { access.send(:check_push_access!, 'cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.to raise_error(described_class::UnauthorizedError)
end end
it 'returns true when blob is just right' do it 'returns true when blob is just right' do
allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(2.megabytes.to_i) allow_any_instance_of(Gitlab::Git::Blob).to receive(:size).and_return(2.megabytes.to_i)
expect { access.push_access_check('cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.not_to raise_error expect { access.send(:check_push_access!, 'cfe32cf61b73a0d5e9f13e774abde7ff789b1660 913c66a37b4a45b9769037c55c2d238bd0942d2e refs/heads/master') }.not_to raise_error
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment