Merge branch '38230-locked-files' into 'master'

Prevent renaming a locked file Closes #38230 See merge request gitlab-org/gitlab!27623

Merge branch '38230-locked-files' into 'master'
Prevent renaming a locked file Closes #38230 See merge request gitlab-org/gitlab!27623
9795ea8e · Douglas Barbosa Alexandre · 5df655e0 · 03177975 · 9795ea8e · 9795ea8e
Commit 9795ea8e authored Mar 20, 2020 by Douglas Barbosa Alexandre
3 changed files
--- a/ee/changelogs/unreleased/38230-locked-files.yml
+++ b/ee/changelogs/unreleased/38230-locked-files.yml
+---
+title: Prevent renaming a locked file
+merge_request: 27623
+author:
+type: fixed
--- a/ee/lib/ee/gitlab/checks/diff_check.rb
+++ b/ee/lib/ee/gitlab/checks/diff_check.rb
@@ -65,7 +65,11 @@ module EE

        def path_locks_validation
          lambda do |diff|
-            path = diff.new_path || diff.old_path
+            path = if diff.renamed_file?
+                     diff.old_path
+                   else
+                     diff.new_path || diff.old_path
+                   end

            lock_info = project.find_path_lock(path)


--- a/ee/spec/lib/gitlab/checks/diff_check_spec.rb
+++ b/ee/spec/lib/gitlab/checks/diff_check_spec.rb
@@ -219,13 +219,61 @@ describe Gitlab::Checks::DiffCheck do
    end

    context 'file lock rules' do
-      let(:project) { create(:project, :repository) }
+      let_it_be(:push_rule) { create(:push_rule) }
+      let_it_be(:owner) { create(:user) }
      let(:path_lock) { create(:path_lock, path: 'README', project: project) }

-      it 'returns an error if the changes update a path locked by another user' do
-        path_lock
+      before do
+        project.add_developer(owner)
+      end
+
+      shared_examples 'a locked file' do
+        let!(:path_lock) { create(:path_lock, path: filename, project: project, user: owner) }
+
+        before do
+          allow(project.repository).to receive(:new_commits).and_return(
+            [project.repository.commit(sha)]
+          )
+        end
+
+        context 'and path is locked by another user' do
+          it 'returns an error' do
+            path_lock
+
+            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path '#{filename}' is locked by #{path_lock.user.name}")
+          end
+        end
+
+        context 'and path is locked by current user' do
+          let(:user) { owner }
+
+          it 'is allows changes' do
+            path_lock
+
+            expect { subject.validate! }.not_to raise_error
+          end
+        end
+      end
+
+      context 'when file has changes' do
+        let_it_be(:filename) { 'files/ruby/popen.rb' }
+        let_it_be(:sha) { '570e7b2abdd848b95f2f578043fc23bd6f6fd24d' }
+
+        it_behaves_like 'a locked file'
+      end
+
+      context 'when file is renamed' do
+        let_it_be(:filename) { 'files/js/commit.js.coffee' }
+        let_it_be(:sha) { '6907208d755b60ebeacb2e9dfea74c92c3449a1f' }
+
+        it_behaves_like 'a locked file'
+      end
+
+      context 'when file is deleted' do
+        let_it_be(:filename) { 'files/js/commit.js.coffee' }
+        let_it_be(:sha) { 'd59c60028b053793cecfb4022de34602e1a9218e' }

-        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked by #{path_lock.user.name}")
+        it_behaves_like 'a locked file'
      end

      it 'memoizes the validate_path_locks? call' do