Commit 71ae01fe authored by Lin Jen-Shin's avatar Lin Jen-Shin

Add more tests and fix write to project check

parent 38fbcb99
...@@ -20,4 +20,8 @@ class DeployKey < Key ...@@ -20,4 +20,8 @@ class DeployKey < Key
def destroyed_when_orphaned? def destroyed_when_orphaned?
self.private? self.private?
end end
def can_push_to?(project)
can_push? && projects.include?(project)
end
end end
...@@ -89,7 +89,7 @@ module Gitlab ...@@ -89,7 +89,7 @@ module Gitlab
end end
def deploy_key_push_access_check(changes) def deploy_key_push_access_check(changes)
if deploy_key.can_push? if deploy_key.can_push_to?(project)
check_repository_existence! check_repository_existence!
check_change_access!(changes) if user check_change_access!(changes) if user
else else
......
...@@ -353,13 +353,13 @@ describe Gitlab::GitAccess, lib: true do ...@@ -353,13 +353,13 @@ describe Gitlab::GitAccess, lib: true do
end end
end end
shared_examples 'can not push code' do shared_examples 'pushing code' do |can|
subject { access.check('git-receive-pack', '_any') } subject { access.check('git-receive-pack', '_any') }
context 'when project is authorized' do context 'when project is authorized' do
before { authorize } before { authorize }
it { expect(subject).not_to be_allowed } it { expect(subject).public_send(can, be_allowed) }
end end
context 'when unauthorized' do context 'when unauthorized' do
...@@ -383,10 +383,20 @@ describe Gitlab::GitAccess, lib: true do ...@@ -383,10 +383,20 @@ describe Gitlab::GitAccess, lib: true do
end end
end end
describe 'full authentication abilities' do
let(:authentication_abilities) { full_authentication_abilities }
it_behaves_like 'pushing code', :to do
def authorize
project.team << [user, :developer]
end
end
end
describe 'build authentication abilities' do describe 'build authentication abilities' do
let(:authentication_abilities) { build_authentication_abilities } let(:authentication_abilities) { build_authentication_abilities }
it_behaves_like 'can not push code' do it_behaves_like 'pushing code', :not_to do
def authorize def authorize
project.team << [user, :reporter] project.team << [user, :reporter]
end end
...@@ -394,16 +404,30 @@ describe Gitlab::GitAccess, lib: true do ...@@ -394,16 +404,30 @@ describe Gitlab::GitAccess, lib: true do
end end
describe 'deploy key permissions' do describe 'deploy key permissions' do
let(:key) { create(:deploy_key) } let(:key) { create(:deploy_key, can_push: can_push) }
let(:actor) { key } let(:actor) { key }
it_behaves_like 'can not push code' do context 'when deploy_key can push' do
let(:can_push) { true }
it_behaves_like 'pushing code', :to do
def authorize def authorize
key.projects << project key.projects << project
end end
end end
end end
context 'when deploy_key cannot push' do
let(:can_push) { false }
it_behaves_like 'pushing code', :not_to do
def authorize
key.projects << project
end
end
end
end
private private
def build_authentication_abilities def build_authentication_abilities
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment