Commit c2809c54 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'make-gpg-key-push-rule-eep-only' into 'master'

Make push rule to reject unsigned commits EEP only

See merge request gitlab-org/gitlab-ee!3158
parents 717a4db2 ed5a02c9
......@@ -47,6 +47,7 @@ class License < ActiveRecord::Base
object_storage
service_desk
variable_environment_scope
reject_unsigned_commits
].freeze
EEU_FEATURES = EEP_FEATURES
......
......@@ -22,6 +22,7 @@ class PushRule < ActiveRecord::Base
end
def commit_signature_allowed?(commit)
return true unless available?(:reject_unsigned_commits)
return true unless reject_unsigned_commits
commit.has_signature?
......@@ -74,6 +75,14 @@ class PushRule < ActiveRecord::Base
is_sample?
end
def available?(feature_sym)
if global?
License.feature_available?(feature_sym)
else
project&.feature_available?(feature_sym)
end
end
private
def data_match?(data, regex)
......
......@@ -11,4 +11,4 @@
.alert.alert-danger
- @push_rule.errors.full_messages.each do |msg|
%p= msg
= render "shared/push_rules_form", f: f
= render "shared/push_rules/form", f: f
......@@ -15,4 +15,4 @@
= form_for [@project.namespace.becomes(Namespace), @project, @push_rule] do |f|
= form_errors(@push_rule)
= render "shared/push_rules_form", f: f
= render "shared/push_rules/form", f: f
.form-group
= f.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_reject_unsigned_commits?(f.object)
.prepend-left-20
= f.label :reject_unsigned_commits, class: "label-light append-bottom-0" do
Reject unsigned commits
%p.light.append-bottom-0
= reject_unsigned_commits_description(f.object)
= render 'shared/push_rules/reject_unsigned_commits_setting', form: f, push_rule: f.object
.form-group
= f.check_box :deny_delete_tag, class: "pull-left"
......
- return unless push_rule.available?(:reject_unsigned_commits)
- form = local_assigns.fetch(:form)
- push_rule = local_assigns.fetch(:push_rule)
.form-group
= form.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_reject_unsigned_commits?(push_rule)
.prepend-left-20
= form.label :reject_unsigned_commits, class: "label-light append-bottom-0" do
Reject unsigned commits
%p.light.append-bottom-0
= reject_unsigned_commits_description(push_rule)
require 'spec_helper'
describe "Admin::PushRules" do
let(:current_user) { create(:admin) }
before do
sign_in(current_user)
end
context 'when reject_unsigned_commits is unlicensed' do
before do
stub_licensed_features(reject_unsigned_commits: false)
end
it 'does not render the setting checkbox' do
visit admin_push_rule_path
expect(page).not_to have_content('Reject unsigned commits')
end
end
context 'when reject_unsigned_commits is licensed' do
before do
stub_licensed_features(reject_unsigned_commits: true)
end
it 'renders the setting checkbox' do
visit admin_push_rule_path
expect(page).to have_content('Reject unsigned commits')
end
end
end
require 'spec_helper'
feature 'Projects > Push Rules', :js do
let(:user) { create(:user) }
let(:project) { create(:project, :repository, namespace: user.namespace) }
before do
project.team << [user, :master]
sign_in(user)
end
describe 'Reject unsigned commits rule' do
context 'unlicensed' do
before do
stub_licensed_features(reject_unsigned_commits: false)
end
it 'does not render the setting checkbox' do
visit project_settings_repository_path(project)
expect(page).not_to have_content('Reject unsigned commits')
end
end
context 'licensed' do
let(:bronze_plan) { Plan.find_by!(name: 'bronze') }
let(:gold_plan) { Plan.find_by!(name: 'gold') }
before do
stub_licensed_features(reject_unsigned_commits: true)
end
it 'renders the setting checkbox' do
visit project_settings_repository_path(project)
expect(page).to have_content('Reject unsigned commits')
end
describe 'with GL.com plans' do
before do
stub_application_setting(check_namespace_plan: true)
end
context 'when disabled' do
it 'does not render the setting checkbox' do
project.namespace.update!(plan_id: bronze_plan.id)
visit project_settings_repository_path(project)
expect(page).not_to have_content('Reject unsigned commits')
end
end
context 'when enabled' do
it 'renders the setting checkbox' do
project.namespace.update!(plan_id: gold_plan.id)
visit project_settings_repository_path(project)
expect(page).to have_content('Reject unsigned commits')
end
end
end
end
end
end
......@@ -371,6 +371,10 @@ describe Gitlab::Checks::ChangeAccess do
end
context 'GPG sign rules' do
before do
stub_licensed_features(reject_unsigned_commits: true)
end
let(:push_rule) { create(:push_rule, reject_unsigned_commits: true) }
it_behaves_like 'check ignored when push rule unlicensed'
......
......@@ -49,9 +49,21 @@ describe PushRule do
end
describe '#commit_signature_allowed?' do
let!(:premium_license) { create(:license, plan: License::PREMIUM_PLAN) }
let(:signed_commit) { double(has_signature?: true) }
let(:unsigned_commit) { double(has_signature?: false) }
context 'when feature is not licensed and it is enabled' do
before do
stub_licensed_features(reject_unsigned_commits: false)
global_push_rule.update_attribute(:reject_unsigned_commits, true)
end
it 'accepts unsigned commits' do
expect(push_rule.commit_signature_allowed?(unsigned_commit)).to eq(true)
end
end
context 'when enabled at a global level' do
before do
global_push_rule.update_attribute(:reject_unsigned_commits, true)
......@@ -124,4 +136,65 @@ describe PushRule do
end
end
end
describe '#available?' do
shared_examples 'an unavailable push_rule' do
it 'is not available' do
expect(push_rule.available?(:reject_unsigned_commits)).to eq(false)
end
end
shared_examples 'an available push_rule' do
it 'is available' do
expect(push_rule.available?(:reject_unsigned_commits)).to eq(true)
end
end
describe 'reject_unsigned_commits' do
context 'with the global push_rule' do
let(:push_rule) { create(:push_rule_sample) }
context 'with a EE starter license' do
let!(:license) { create(:license, plan: License::STARTER_PLAN) }
it_behaves_like 'an unavailable push_rule'
end
context 'with a EE premium license' do
let!(:license) { create(:license, plan: License::PREMIUM_PLAN) }
it_behaves_like 'an available push_rule'
end
end
context 'with GL.com plans' do
let(:group) { create(:group, plan: Plan.find_by!(name: gl_plan)) }
let(:project) { create(:project, namespace: group) }
let(:push_rule) { create(:push_rule, project: project) }
before do
create(:license, plan: License::PREMIUM_PLAN)
stub_application_setting(check_namespace_plan: true)
end
context 'with a Bronze plan' do
let(:gl_plan) { ::EE::Namespace::BRONZE_PLAN }
it_behaves_like 'an unavailable push_rule'
end
context 'with a Silver plan' do
let(:gl_plan) { ::EE::Namespace::SILVER_PLAN }
it_behaves_like 'an available push_rule'
end
context 'with a Gold plan' do
let(:gl_plan) { ::EE::Namespace::GOLD_PLAN }
it_behaves_like 'an available push_rule'
end
end
end
end
end
......@@ -14,11 +14,11 @@ RSpec.configure do |config|
end
config.before(:each, :js) do
DatabaseCleaner.strategy = :truncation, { except: ['licenses'] }
DatabaseCleaner.strategy = :truncation, { except: %w[licenses plans] }
end
config.before(:each, :truncate) do
DatabaseCleaner.strategy = :truncation, { except: ['licenses'] }
DatabaseCleaner.strategy = :truncation, { except: %w[licenses plans] }
end
config.before(:each, :migration) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment