Skip to content

G
gitlab-ce
Commit cd5f913e authored by Z.J. van de Weg's avatar Z.J. van de Weg
Browse files
Options

Disallow EES users from access with ci_job_token 

There was a bug, as a negation was missing. This has been added now, so
the feature should be good to merge now. 😄

Also includes minor style fixes
parent 7f0ceb87
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 3 deletions
lib/api/jobs.rb
View file @ cd5f913e
...@@ -248,7 +248,7 @@ module API ...@@ -248,7 +248,7 @@ module API
end end
def check_cross_project_pipelines_feature! def check_cross_project_pipelines_feature!
not_found!('Project') if job_token_authentication? && @project.feature_available?(:cross_project_pipelines) not_found!('Project') if job_token_authentication? && !@project.feature_available?(:cross_project_pipelines)
end end
end end
end end
......
spec/requests/api/helpers_spec.rb
View file @ cd5f913e
...@@ -209,7 +209,7 @@ describe API::Helpers do ...@@ -209,7 +209,7 @@ describe API::Helpers do
let(:route_authentication_setting) { { job_token_allowed: true } } let(:route_authentication_setting) { { job_token_allowed: true } }
before do before do
allow_any_instance_of(API::Helpers).to receive(:doorkeeper_guard).and_return(nil) allow_any_instance_of(described_class).to receive(:doorkeeper_guard).and_return(nil)
end end
it "returns nil for an invalid token" do it "returns nil for an invalid token" do
......
spec/requests/api/jobs_spec.rb
View file @ cd5f913e
...@@ -17,8 +17,10 @@ describe API::Jobs do ...@@ -17,8 +17,10 @@ describe API::Jobs do
let(:api_user) { user } let(:api_user) { user }
let(:reporter) { create(:project_member, :reporter, project: project).user } let(:reporter) { create(:project_member, :reporter, project: project).user }
let(:guest) { create(:project_member, :guest, project: project).user } let(:guest) { create(:project_member, :guest, project: project).user }
let(:cross_project_pipeline_enabled) { true }
before do before do
stub_licensed_features(cross_project_pipelines: cross_project_pipeline_enabled)
project.add_developer(user) project.add_developer(user)
end end
...@@ -261,6 +263,15 @@ describe API::Jobs do ...@@ -261,6 +263,15 @@ describe API::Jobs do
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
end end
end end
context 'feature is disabled for EES' do
let(:api_user) { user }
let(:cross_project_pipeline_enabled) { false }
it 'disallows access to the artifacts' do
expect(response).to have_http_status(404)
end
end
end end
end end
...@@ -380,7 +391,7 @@ describe API::Jobs do ...@@ -380,7 +391,7 @@ describe API::Jobs do
get api("/projects/#{project.id}/jobs/artifacts/master/download"), job: job.name, job_token: job.token get api("/projects/#{project.id}/jobs/artifacts/master/download"), job: job.name, job_token: job.token
end end
context 'when user is eporter' do context 'when user is reporter' do
it_behaves_like 'a valid file' it_behaves_like 'a valid file'
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7