Commit 6f360232 authored by Thong Kuah's avatar Thong Kuah

Merge branch '30769-fix-call-to-push-check' into 'master'

Added can_push_for_ref? method RUN AS-IF-FOSS

See merge request gitlab-org/gitlab!49723
parents 48a39cc6 e5863fb8
......@@ -14,17 +14,9 @@ module Gitlab
private
def can_push?
user_access_can_push? ||
user_access.can_push_for_ref?(ref) ||
project.branch_allows_collaboration?(user_access.user, branch_name)
end
def user_access_can_push?
if Feature.enabled?(:deploy_keys_on_protected_branches, project)
user_access.can_push_to_branch?(ref)
else
user_access.can_do_action?(:push_code)
end
end
end
end
end
......@@ -8,6 +8,10 @@ module Gitlab
@container = container
end
def can_push_for_ref?(ref)
can_push_to_branch?(ref)
end
private
attr_reader :deploy_key
......
......@@ -81,6 +81,10 @@ module Gitlab
end
end
def can_push_for_ref?(_)
can_do_action?(:push_code)
end
private
def can_push?
......
......@@ -12,11 +12,32 @@ RSpec.describe Gitlab::Checks::PushCheck do
context 'when the user is not allowed to push to the repo' do
it 'raises an error' do
expect(user_access).to receive(:can_push_to_branch?).and_return(false)
expect(user_access).to receive(:can_do_action?).with(:push_code).and_return(false)
expect(project).to receive(:branch_allows_collaboration?).with(user_access.user, 'master').and_return(false)
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to push code to this project.')
end
end
context 'when using a DeployKeyAccess instance' do
let(:deploy_key) { create(:deploy_key) }
let(:user_access) { Gitlab::DeployKeyAccess.new(deploy_key, container: project) }
context 'when the deploy key cannot push to the targetted branch' do
it 'raises an error' do
allow(user_access).to receive(:can_push_to_branch?).and_return(false)
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to push code to this project.')
end
end
context 'when the deploy key can push to the targetted branch' do
it 'is valid' do
allow(user_access).to receive(:can_push_to_branch?).and_return(true)
expect { subject.validate! }.not_to raise_error
end
end
end
end
end
......@@ -25,7 +25,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
end
end
describe '#can_push_to_branch?' do
describe '#can_push_for_ref?' do
context 'push to a protected branch of this project via a deploy key' do
before do
create(:protected_branch_push_access_level, protected_branch: protected_branch, deploy_key: deploy_key)
......@@ -33,7 +33,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
context 'when the project has active deploy key owned by this user' do
it 'returns true' do
expect(access.can_push_to_branch?(protected_branch.name)).to be_truthy
expect(access.can_push_for_ref?(protected_branch.name)).to be_truthy
end
end
......@@ -41,7 +41,7 @@ RSpec.describe Gitlab::DeployKeyAccess do
let(:deploy_key) { create(:deploy_key, user: create(:user)) }
it 'returns false' do
expect(access.can_push_to_branch?(protected_branch.name)).to be_falsey
expect(access.can_push_for_ref?(protected_branch.name)).to be_falsey
end
end
......@@ -49,15 +49,15 @@ RSpec.describe Gitlab::DeployKeyAccess do
let(:another_branch) { create(:protected_branch, :no_one_can_push, name: 'another_branch', project: project) }
it 'returns false when trying to push to that other branch' do
expect(access.can_push_to_branch?(another_branch.name)).to be_falsey
expect(access.can_push_for_ref?(another_branch.name)).to be_falsey
end
context 'and the deploy key added for the first protected branch is also added for this other branch' do
it 'returns true for both protected branches' do
create(:protected_branch_push_access_level, protected_branch: another_branch, deploy_key: deploy_key)
expect(access.can_push_to_branch?(protected_branch.name)).to be_truthy
expect(access.can_push_to_branch?(another_branch.name)).to be_truthy
expect(access.can_push_for_ref?(protected_branch.name)).to be_truthy
expect(access.can_push_for_ref?(another_branch.name)).to be_truthy
end
end
end
......
......@@ -310,4 +310,24 @@ RSpec.describe Gitlab::UserAccess do
end
end
end
describe '#can_push_for_ref?' do
let(:ref) { 'test_ref' }
context 'when user cannot push_code to a project repository (eg. as a guest)' do
it 'is false' do
project.add_user(user, :guest)
expect(access.can_push_for_ref?(ref)).to be_falsey
end
end
context 'when user can push_code to a project repository (eg. as a developer)' do
it 'is true' do
project.add_user(user, :developer)
expect(access.can_push_for_ref?(ref)).to be_truthy
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment