Check permissions before stopping CI environments

d945300b · Grzegorz Bizon · ec0daedb · d945300b · d945300b
Commit d945300b authored Nov 14, 2016 by Grzegorz Bizon
Showing with 50 additions and 23 deletions

app/services/ci/stop_environment_service.rb app/services/ci/stop_environment_service.rb +1 -0

spec/services/ci/stop_environment_service_spec.rb spec/services/ci/stop_environment_service_spec.rb +49 -23

No files found.
--- a/app/services/ci/stop_environment_service.rb
+++ b/app/services/ci/stop_environment_service.rb
@@ -10,6 +10,7 @@ module Ci
      environments.each do |environment|
        next unless environment.stoppable?
+        next unless can?(current_user, :create_deployment, project)
        environment.stop!(current_user)
      end

--- a/spec/services/ci/stop_environment_service_spec.rb
+++ b/spec/services/ci/stop_environment_service_spec.rb
 require 'spec_helper'
 describe Ci::StopEnvironmentService, services: true do
-  let(:project) { create(:project) }
+  let(:project) { create(:project, :private) }
  let(:user) { create(:user) }
  let(:service) { described_class.new(project, user) }
@@ -12,25 +12,24 @@ describe Ci::StopEnvironmentService, services: true do
        create(:environment, :with_review_app, project: project)
      end
-      it 'stops environment' do
+      context 'when user has permission to stop environment' do
-        expect_any_instance_of(Environment).to receive(:stop!)
+        before do
+          project.team << [user, :developer]
+        end
-        service.execute('master')
+        it 'stops environment' do
+          expect_environment_stopped_on('master')
        end
        context 'when specified branch does not exist' do
          it 'does not stop environment' do
-          expect_any_instance_of(Environment).not_to receive(:stop!)
+            expect_environment_not_stopped_on('non/existent/branch')
-          service.execute('non/existent/branch')
          end
        end
        context 'when no branch not specified' do
          it 'does not stop environment' do
-          expect_any_instance_of(Environment).not_to receive(:stop!)
+            expect_environment_not_stopped_on(nil)
-          service.execute(nil)
          end
        end
@@ -41,9 +40,18 @@ describe Ci::StopEnvironmentService, services: true do
          end
          it 'does not stop environment' do
-          expect_any_instance_of(Environment).not_to receive(:stop!)
+            expect_environment_not_stopped_on('master')
+          end
+        end
+      end
+      context 'when user does not have permission to stop environment' do
+        before do
+          project.team << [user, :guest]
+        end
-          service.execute('master')
+        it 'does not stop environment' do
+          expect_environment_not_stopped_on('master')
        end
      end
    end
@@ -53,10 +61,14 @@ describe Ci::StopEnvironmentService, services: true do
        create(:environment, project: project)
      end
-      it 'does not stop environment' do
+      context 'when user has permission to stop environments' do
-        expect_any_instance_of(Environment).not_to receive(:stop!)
+        before do
+          project.team << [user, :master]
+        end
-        service.execute('master')
+        it 'does not stop environment' do
+          expect_environment_not_stopped_on('master')
+        end
      end
    end
@@ -67,4 +79,18 @@ describe Ci::StopEnvironmentService, services: true do
      end
    end
  end
+  def expect_environment_stopped_on(branch)
+    expect_any_instance_of(Environment)
+      .to receive(:stop!)
+    service.execute(branch)
+  end
+  def expect_environment_not_stopped_on(branch)
+    expect_any_instance_of(Environment)
+      .not_to receive(:stop!)
+    service.execute(branch)
+  end
 end