Commit c2809c54 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'make-gpg-key-push-rule-eep-only' into 'master'

Make push rule to reject unsigned commits EEP only

See merge request gitlab-org/gitlab-ee!3158
parents 717a4db2 ed5a02c9
...@@ -47,6 +47,7 @@ class License < ActiveRecord::Base ...@@ -47,6 +47,7 @@ class License < ActiveRecord::Base
object_storage object_storage
service_desk service_desk
variable_environment_scope variable_environment_scope
reject_unsigned_commits
].freeze ].freeze
EEU_FEATURES = EEP_FEATURES EEU_FEATURES = EEP_FEATURES
......
...@@ -22,6 +22,7 @@ class PushRule < ActiveRecord::Base ...@@ -22,6 +22,7 @@ class PushRule < ActiveRecord::Base
end end
def commit_signature_allowed?(commit) def commit_signature_allowed?(commit)
return true unless available?(:reject_unsigned_commits)
return true unless reject_unsigned_commits return true unless reject_unsigned_commits
commit.has_signature? commit.has_signature?
...@@ -74,6 +75,14 @@ class PushRule < ActiveRecord::Base ...@@ -74,6 +75,14 @@ class PushRule < ActiveRecord::Base
is_sample? is_sample?
end end
def available?(feature_sym)
if global?
License.feature_available?(feature_sym)
else
project&.feature_available?(feature_sym)
end
end
private private
def data_match?(data, regex) def data_match?(data, regex)
......
...@@ -11,4 +11,4 @@ ...@@ -11,4 +11,4 @@
.alert.alert-danger .alert.alert-danger
- @push_rule.errors.full_messages.each do |msg| - @push_rule.errors.full_messages.each do |msg|
%p= msg %p= msg
= render "shared/push_rules_form", f: f = render "shared/push_rules/form", f: f
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
= form_for [@project.namespace.becomes(Namespace), @project, @push_rule] do |f| = form_for [@project.namespace.becomes(Namespace), @project, @push_rule] do |f|
= form_errors(@push_rule) = form_errors(@push_rule)
= render "shared/push_rules_form", f: f = render "shared/push_rules/form", f: f
.form-group = render 'shared/push_rules/reject_unsigned_commits_setting', form: f, push_rule: f.object
= f.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_reject_unsigned_commits?(f.object)
.prepend-left-20
= f.label :reject_unsigned_commits, class: "label-light append-bottom-0" do
Reject unsigned commits
%p.light.append-bottom-0
= reject_unsigned_commits_description(f.object)
.form-group .form-group
= f.check_box :deny_delete_tag, class: "pull-left" = f.check_box :deny_delete_tag, class: "pull-left"
......
- return unless push_rule.available?(:reject_unsigned_commits)
- form = local_assigns.fetch(:form)
- push_rule = local_assigns.fetch(:push_rule)
.form-group
= form.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_reject_unsigned_commits?(push_rule)
.prepend-left-20
= form.label :reject_unsigned_commits, class: "label-light append-bottom-0" do
Reject unsigned commits
%p.light.append-bottom-0
= reject_unsigned_commits_description(push_rule)
require 'spec_helper'
describe "Admin::PushRules" do
let(:current_user) { create(:admin) }
before do
sign_in(current_user)
end
context 'when reject_unsigned_commits is unlicensed' do
before do
stub_licensed_features(reject_unsigned_commits: false)
end
it 'does not render the setting checkbox' do
visit admin_push_rule_path
expect(page).not_to have_content('Reject unsigned commits')
end
end
context 'when reject_unsigned_commits is licensed' do
before do
stub_licensed_features(reject_unsigned_commits: true)
end
it 'renders the setting checkbox' do
visit admin_push_rule_path
expect(page).to have_content('Reject unsigned commits')
end
end
end
require 'spec_helper'
feature 'Projects > Push Rules', :js do
let(:user) { create(:user) }
let(:project) { create(:project, :repository, namespace: user.namespace) }
before do
project.team << [user, :master]
sign_in(user)
end
describe 'Reject unsigned commits rule' do
context 'unlicensed' do
before do
stub_licensed_features(reject_unsigned_commits: false)
end
it 'does not render the setting checkbox' do
visit project_settings_repository_path(project)
expect(page).not_to have_content('Reject unsigned commits')
end
end
context 'licensed' do
let(:bronze_plan) { Plan.find_by!(name: 'bronze') }
let(:gold_plan) { Plan.find_by!(name: 'gold') }
before do
stub_licensed_features(reject_unsigned_commits: true)
end
it 'renders the setting checkbox' do
visit project_settings_repository_path(project)
expect(page).to have_content('Reject unsigned commits')
end
describe 'with GL.com plans' do
before do
stub_application_setting(check_namespace_plan: true)
end
context 'when disabled' do
it 'does not render the setting checkbox' do
project.namespace.update!(plan_id: bronze_plan.id)
visit project_settings_repository_path(project)
expect(page).not_to have_content('Reject unsigned commits')
end
end
context 'when enabled' do
it 'renders the setting checkbox' do
project.namespace.update!(plan_id: gold_plan.id)
visit project_settings_repository_path(project)
expect(page).to have_content('Reject unsigned commits')
end
end
end
end
end
end
...@@ -371,6 +371,10 @@ describe Gitlab::Checks::ChangeAccess do ...@@ -371,6 +371,10 @@ describe Gitlab::Checks::ChangeAccess do
end end
context 'GPG sign rules' do context 'GPG sign rules' do
before do
stub_licensed_features(reject_unsigned_commits: true)
end
let(:push_rule) { create(:push_rule, reject_unsigned_commits: true) } let(:push_rule) { create(:push_rule, reject_unsigned_commits: true) }
it_behaves_like 'check ignored when push rule unlicensed' it_behaves_like 'check ignored when push rule unlicensed'
......
...@@ -49,9 +49,21 @@ describe PushRule do ...@@ -49,9 +49,21 @@ describe PushRule do
end end
describe '#commit_signature_allowed?' do describe '#commit_signature_allowed?' do
let!(:premium_license) { create(:license, plan: License::PREMIUM_PLAN) }
let(:signed_commit) { double(has_signature?: true) } let(:signed_commit) { double(has_signature?: true) }
let(:unsigned_commit) { double(has_signature?: false) } let(:unsigned_commit) { double(has_signature?: false) }
context 'when feature is not licensed and it is enabled' do
before do
stub_licensed_features(reject_unsigned_commits: false)
global_push_rule.update_attribute(:reject_unsigned_commits, true)
end
it 'accepts unsigned commits' do
expect(push_rule.commit_signature_allowed?(unsigned_commit)).to eq(true)
end
end
context 'when enabled at a global level' do context 'when enabled at a global level' do
before do before do
global_push_rule.update_attribute(:reject_unsigned_commits, true) global_push_rule.update_attribute(:reject_unsigned_commits, true)
...@@ -124,4 +136,65 @@ describe PushRule do ...@@ -124,4 +136,65 @@ describe PushRule do
end end
end end
end end
describe '#available?' do
shared_examples 'an unavailable push_rule' do
it 'is not available' do
expect(push_rule.available?(:reject_unsigned_commits)).to eq(false)
end
end
shared_examples 'an available push_rule' do
it 'is available' do
expect(push_rule.available?(:reject_unsigned_commits)).to eq(true)
end
end
describe 'reject_unsigned_commits' do
context 'with the global push_rule' do
let(:push_rule) { create(:push_rule_sample) }
context 'with a EE starter license' do
let!(:license) { create(:license, plan: License::STARTER_PLAN) }
it_behaves_like 'an unavailable push_rule'
end
context 'with a EE premium license' do
let!(:license) { create(:license, plan: License::PREMIUM_PLAN) }
it_behaves_like 'an available push_rule'
end
end
context 'with GL.com plans' do
let(:group) { create(:group, plan: Plan.find_by!(name: gl_plan)) }
let(:project) { create(:project, namespace: group) }
let(:push_rule) { create(:push_rule, project: project) }
before do
create(:license, plan: License::PREMIUM_PLAN)
stub_application_setting(check_namespace_plan: true)
end
context 'with a Bronze plan' do
let(:gl_plan) { ::EE::Namespace::BRONZE_PLAN }
it_behaves_like 'an unavailable push_rule'
end
context 'with a Silver plan' do
let(:gl_plan) { ::EE::Namespace::SILVER_PLAN }
it_behaves_like 'an available push_rule'
end
context 'with a Gold plan' do
let(:gl_plan) { ::EE::Namespace::GOLD_PLAN }
it_behaves_like 'an available push_rule'
end
end
end
end
end end
...@@ -14,11 +14,11 @@ RSpec.configure do |config| ...@@ -14,11 +14,11 @@ RSpec.configure do |config|
end end
config.before(:each, :js) do config.before(:each, :js) do
DatabaseCleaner.strategy = :truncation, { except: ['licenses'] } DatabaseCleaner.strategy = :truncation, { except: %w[licenses plans] }
end end
config.before(:each, :truncate) do config.before(:each, :truncate) do
DatabaseCleaner.strategy = :truncation, { except: ['licenses'] } DatabaseCleaner.strategy = :truncation, { except: %w[licenses plans] }
end end
config.before(:each, :migration) do config.before(:each, :migration) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment