Commit ba85626b authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch 'sh-require-credit-card-retry-build' into 'master'

Check credit card requirement when retrying a CI build on GitLab.com

See merge request gitlab-org/gitlab!62050
parents f18f99a2 8572a1d4
...@@ -25,9 +25,7 @@ module Ci ...@@ -25,9 +25,7 @@ module Ci
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
def reprocess!(build) def reprocess!(build)
unless can?(current_user, :update_build, build) check_access!(build)
raise Gitlab::Access::AccessDeniedError
end
attributes = self.class.clone_accessors.to_h do |attribute| attributes = self.class.clone_accessors.to_h do |attribute|
[attribute, build.public_send(attribute)] # rubocop:disable GitlabSecurity/PublicSend [attribute, build.public_send(attribute)] # rubocop:disable GitlabSecurity/PublicSend
...@@ -52,6 +50,12 @@ module Ci ...@@ -52,6 +50,12 @@ module Ci
private private
def check_access!(build)
unless can?(current_user, :update_build, build)
raise Gitlab::Access::AccessDeniedError
end
end
def create_build!(attributes) def create_build!(attributes)
build = project.builds.new(attributes) build = project.builds.new(attributes)
build.assign_attributes(::Gitlab::Ci::Pipeline::Seed::Build.environment_attributes_for(build)) build.assign_attributes(::Gitlab::Ci::Pipeline::Seed::Build.environment_attributes_for(build))
......
...@@ -4,6 +4,7 @@ module EE ...@@ -4,6 +4,7 @@ module EE
module Ci module Ci
module RetryBuildService module RetryBuildService
extend ActiveSupport::Concern extend ActiveSupport::Concern
extend ::Gitlab::Utils::Override
class_methods do class_methods do
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
...@@ -13,6 +14,24 @@ module EE ...@@ -13,6 +14,24 @@ module EE
(super + %i[secrets]).freeze (super + %i[secrets]).freeze
end end
end end
private
override :check_access!
def check_access!(build)
super
if current_user && !current_user.has_required_credit_card_to_run_pipelines?(project)
::Gitlab::AppLogger.info(
message: 'Credit card required to be on file in order to retry build',
project_path: project.full_path,
user_id: current_user.id,
plan: project.root_namespace.actual_plan_name
)
raise ::Gitlab::Access::AccessDeniedError, 'Credit card required to be on file in order to retry a build'
end
end
end end
end end
end end
---
title: Check credit card requirement when retrying a CI build on GitLab.com
merge_request: 62050
author:
type: fixed
...@@ -6,9 +6,13 @@ RSpec.describe Ci::RetryBuildService do ...@@ -6,9 +6,13 @@ RSpec.describe Ci::RetryBuildService do
describe '#reprocess' do describe '#reprocess' do
context 'when user has ability to execute build' do context 'when user has ability to execute build' do
let(:user) { create(:user) } let_it_be(:namespace) { create(:namespace) }
let(:build) { create(:ci_build) } let_it_be(:ultimate_plan) { create(:ultimate_plan) }
let(:project) { build.project } let_it_be(:plan_limits) { create(:plan_limits, plan: ultimate_plan) }
let_it_be(:user) { create(:user) }
let(:project) { create(:project, namespace: namespace, creator: user) }
let(:build) { create(:ci_build, project: project) }
subject(:service) { described_class.new(project, user) } subject(:service) { described_class.new(project, user) }
...@@ -45,6 +49,61 @@ RSpec.describe Ci::RetryBuildService do ...@@ -45,6 +49,61 @@ RSpec.describe Ci::RetryBuildService do
expect(new_build.secrets).to eq(secrets) expect(new_build.secrets).to eq(secrets)
end end
end end
describe 'credit card requirement' do
before do
create(:gitlab_subscription, namespace: namespace, hosted_plan: ultimate_plan)
end
shared_examples 'creates a retried build' do
it 'creates a retried build' do
build
expect { new_build }.to change { Ci::Build.count }.by(1)
expect(new_build.name).to eq build.name
expect(new_build).to be_latest
expect(build).to be_retried
expect(build).to be_processed
end
end
context 'when credit card is required' do
context 'when project is on free plan' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
namespace.gitlab_subscription.update!(hosted_plan: create(:free_plan))
user.created_at = ::Users::CreditCardValidation::RELEASE_DAY
end
context 'when user has credit card' do
before do
allow(user).to receive(:credit_card_validated_at).and_return(Time.current)
end
it_behaves_like 'creates a retried build'
end
context 'when user does not have credit card' do
it 'raises an exception', :aggregate_failures do
expect { new_build }.to raise_error Gitlab::Access::AccessDeniedError
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(ci_require_credit_card_on_free_plan: false)
end
it_behaves_like 'creates a retried build'
end
end
end
end
context 'when credit card is not required' do
it_behaves_like 'creates a retried build'
end
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment