Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
dc1149df
Commit
dc1149df
authored
Apr 14, 2020
by
Diego Louzán
Committed by
Imre Farkas
Apr 14, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Migrate CE & EE controller specs to consider admin mode
parent
3cffcea5
Changes
22
Show whitespace changes
Inline
Side-by-side
Showing
22 changed files
with
281 additions
and
89 deletions
+281
-89
ee/spec/controllers/ee/groups_controller_spec.rb
ee/spec/controllers/ee/groups_controller_spec.rb
+9
-1
ee/spec/controllers/ee/projects/jobs_controller_spec.rb
ee/spec/controllers/ee/projects/jobs_controller_spec.rb
+10
-2
ee/spec/controllers/profiles_controller_spec.rb
ee/spec/controllers/profiles_controller_spec.rb
+4
-2
ee/spec/controllers/projects/clusters_controller_spec.rb
ee/spec/controllers/projects/clusters_controller_spec.rb
+6
-1
ee/spec/controllers/projects/deploy_keys_controller_spec.rb
ee/spec/controllers/projects/deploy_keys_controller_spec.rb
+1
-1
ee/spec/controllers/projects/mirrors_controller_spec.rb
ee/spec/controllers/projects/mirrors_controller_spec.rb
+1
-1
ee/spec/controllers/projects/pages_controller_spec.rb
ee/spec/controllers/projects/pages_controller_spec.rb
+13
-3
ee/spec/controllers/projects/push_rules_controller_spec.rb
ee/spec/controllers/projects/push_rules_controller_spec.rb
+1
-1
ee/spec/controllers/projects/web_ide_terminals_controller_spec.rb
...controllers/projects/web_ide_terminals_controller_spec.rb
+13
-5
spec/controllers/application_controller_spec.rb
spec/controllers/application_controller_spec.rb
+1
-1
spec/controllers/concerns/enforces_admin_authentication_spec.rb
...ontrollers/concerns/enforces_admin_authentication_spec.rb
+1
-1
spec/controllers/groups/settings/ci_cd_controller_spec.rb
spec/controllers/groups/settings/ci_cd_controller_spec.rb
+25
-19
spec/controllers/projects/clusters/applications_controller_spec.rb
...rollers/projects/clusters/applications_controller_spec.rb
+6
-1
spec/controllers/projects/clusters_controller_spec.rb
spec/controllers/projects/clusters_controller_spec.rb
+66
-11
spec/controllers/projects/deploy_keys_controller_spec.rb
spec/controllers/projects/deploy_keys_controller_spec.rb
+13
-5
spec/controllers/projects/issues_controller_spec.rb
spec/controllers/projects/issues_controller_spec.rb
+31
-9
spec/controllers/projects/jobs_controller_spec.rb
spec/controllers/projects/jobs_controller_spec.rb
+14
-4
spec/controllers/projects/mirrors_controller_spec.rb
spec/controllers/projects/mirrors_controller_spec.rb
+17
-5
spec/controllers/projects/pipeline_schedules_controller_spec.rb
...ontrollers/projects/pipeline_schedules_controller_spec.rb
+24
-4
spec/controllers/projects/settings/ci_cd_controller_spec.rb
spec/controllers/projects/settings/ci_cd_controller_spec.rb
+15
-4
spec/controllers/projects_controller_spec.rb
spec/controllers/projects_controller_spec.rb
+5
-5
spec/spec_helper.rb
spec/spec_helper.rb
+5
-3
No files found.
ee/spec/controllers/ee/groups_controller_spec.rb
View file @
dc1149df
...
...
@@ -267,7 +267,7 @@ describe GroupsController do
sign_in
(
user
)
end
context
'when user is an admin
'
do
context
'when user is an admin
with admin mode enabled'
,
:enable_admin_mode
do
let
(
:user
)
{
create
(
:admin
)
}
it
'updates max_pages_size'
do
...
...
@@ -277,6 +277,14 @@ describe GroupsController do
end
end
context
'when user is an admin with admin mode disabled'
do
it
'does not update max_pages_size'
do
request
expect
(
group
.
reload
.
max_pages_size
).
to
eq
(
nil
)
end
end
context
'when user is not an admin'
do
it
'does not update max_pages_size'
do
request
...
...
ee/spec/controllers/ee/projects/jobs_controller_spec.rb
View file @
dc1149df
...
...
@@ -38,11 +38,19 @@ describe Projects::JobsController do
context
'with admin'
do
let
(
:user
)
{
admin
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'returns 200'
do
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
end
end
context
'when admin mode is disabled'
do
it
'returns 404'
do
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
context
'with owner'
do
let
(
:user
)
{
owner
}
...
...
ee/spec/controllers/profiles_controller_spec.rb
View file @
dc1149df
...
...
@@ -60,11 +60,13 @@ describe ProfilesController, :request_store do
end
end
context
'as an admin in admin mode'
,
:enable_admin_mode
do
it_behaves_like
'a user can update their name'
do
let
(
:current_user
)
{
admin
}
end
end
end
end
context
'when `disable_name_update_for_users` feature is not available'
do
before
do
...
...
ee/spec/controllers/projects/clusters_controller_spec.rb
View file @
dc1149df
...
...
@@ -61,7 +61,12 @@ describe Projects::ClustersController do
allow
(
controller
).
to
receive
(
:prometheus_adapter
).
and_return
(
prometheus_adapter
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is denied for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
clusterable
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
clusterable
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
clusterable
)
}
...
...
ee/spec/controllers/projects/deploy_keys_controller_spec.rb
View file @
dc1149df
...
...
@@ -64,7 +64,7 @@ describe Projects::DeployKeysController do
let
(
:deploy_key
)
{
create
(
:deploy_key
)
}
let!
(
:deploy_key_project
)
{
create
(
:deploy_keys_project
,
project:
project
,
deploy_key:
deploy_key
)
}
context
'with admin'
do
context
'with admin'
,
:enable_admin_mode
do
before
do
sign_in
(
create
(
:admin
))
end
...
...
ee/spec/controllers/projects/mirrors_controller_spec.rb
View file @
dc1149df
...
...
@@ -71,7 +71,7 @@ describe Projects::MirrorsController do
stub_application_setting
(
mirror_available:
false
)
end
context
'when user is admin'
do
context
'when user is admin'
,
:enable_admin_mode
do
let
(
:admin
)
{
create
(
:user
,
:admin
)
}
it
'creates a new mirror'
do
...
...
ee/spec/controllers/projects/pages_controller_spec.rb
View file @
dc1149df
...
...
@@ -30,6 +30,7 @@ describe Projects::PagesController do
sign_in
(
admin
)
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'updates max_pages_size'
do
request
...
...
@@ -37,6 +38,15 @@ describe Projects::PagesController do
end
end
context
'when admin mode is disabled'
do
it
'does not update max_pages_size'
do
request
expect
(
project
.
reload
.
max_pages_size
).
to
eq
(
nil
)
end
end
end
context
'when user is not an admin'
do
it
'does not update max_pages_size'
do
request
...
...
ee/spec/controllers/projects/push_rules_controller_spec.rb
View file @
dc1149df
...
...
@@ -71,7 +71,7 @@ describe Projects::PushRulesController do
PushRule
::
SETTINGS_WITH_GLOBAL_DEFAULT
.
each
do
|
rule_attr
|
context
"Updating
#{
rule_attr
}
rule"
do
context
'as an admin
'
do
context
'as an admin
in admin mode'
,
:enable_admin_mode
do
let
(
:user
)
{
create
(
:admin
)
}
it_behaves_like
'a setting with global default'
,
rule_attr
,
updates:
true
...
...
ee/spec/controllers/projects/web_ide_terminals_controller_spec.rb
View file @
dc1149df
...
...
@@ -29,11 +29,19 @@ describe Projects::WebIdeTerminalsController do
context
'with admin'
do
let
(
:user
)
{
admin
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'returns 200'
do
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
end
end
context
'when admin mode is disabled'
do
it
'returns 404'
do
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
context
'with owner'
do
let
(
:user
)
{
owner
}
...
...
@@ -124,7 +132,7 @@ describe Projects::WebIdeTerminalsController do
let
(
:user
)
{
admin
}
let
(
:result
)
{
{
status: :error
}
}
it
'returns 422'
do
it
'returns 422'
,
:enable_admin_mode
do
expect
(
response
).
to
have_gitlab_http_status
(
:unprocessable_entity
)
end
end
...
...
@@ -160,7 +168,7 @@ describe Projects::WebIdeTerminalsController do
let
(
:user
)
{
admin
}
let
(
:branch
)
{
'foobar'
}
it
'returns 400'
do
it
'returns 400'
,
:enable_admin_mode
do
subject
expect
(
response
).
to
have_gitlab_http_status
(
:bad_request
)
...
...
@@ -170,7 +178,7 @@ describe Projects::WebIdeTerminalsController do
context
'when there is an error creating the job'
do
let
(
:user
)
{
admin
}
it
'returns 400'
do
it
'returns 400'
,
:enable_admin_mode
do
allow_next_instance_of
(
::
Ci
::
CreateWebIdeTerminalService
)
do
|
instance
|
allow
(
instance
).
to
receive
(
:execute
).
and_return
(
status: :error
,
message:
'foobar'
)
end
...
...
spec/controllers/application_controller_spec.rb
View file @
dc1149df
...
...
@@ -748,7 +748,7 @@ describe ApplicationController do
end
end
describe
'#current_user_mode'
,
:do_not_mock_admin_mode
do
describe
'#current_user_mode'
do
include_context
'custom session'
controller
(
described_class
)
do
...
...
spec/controllers/concerns/enforces_admin_authentication_spec.rb
View file @
dc1149df
...
...
@@ -2,7 +2,7 @@
require
'spec_helper'
describe
EnforcesAdminAuthentication
,
:do_not_mock_admin_mode
do
describe
EnforcesAdminAuthentication
do
include
AdminModeHelper
let
(
:user
)
{
create
(
:user
)
}
...
...
spec/controllers/groups/settings/ci_cd_controller_spec.rb
View file @
dc1149df
...
...
@@ -180,6 +180,11 @@ describe Groups::Settings::CiCdController do
group
.
add_owner
(
user
)
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
have_gitlab_http_status
(
:not_found
)
}
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
redirect_to
(
group_settings_ci_cd_path
)
}
context
'when service execution went wrong'
do
...
...
@@ -210,6 +215,7 @@ describe Groups::Settings::CiCdController do
end
end
end
end
describe
'POST create_deploy_token'
do
context
'when ajax_new_deploy_token feature flag is disabled for the project'
do
...
...
spec/controllers/projects/clusters/applications_controller_spec.rb
View file @
dc1149df
...
...
@@ -10,7 +10,12 @@ describe Projects::Clusters::ApplicationsController do
end
shared_examples
'a secure endpoint'
do
it
{
expect
{
subject
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
subject
}.
to
be_allowed_for
(
:admin
)
end
it
'is denied for admin when admin mode disabled'
do
expect
{
subject
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
subject
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
subject
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
subject
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
spec/controllers/projects/clusters_controller_spec.rb
View file @
dc1149df
...
...
@@ -65,7 +65,12 @@ describe Projects::ClustersController do
describe
'security'
do
let
(
:cluster
)
{
create
(
:cluster
,
:provided_by_gcp
,
projects:
[
project
])
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -151,7 +156,12 @@ describe Projects::ClustersController do
end
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -240,7 +250,12 @@ describe Projects::ClustersController do
allow
(
WaitForClusterCreationWorker
).
to
receive
(
:perform_in
).
and_return
(
nil
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -346,7 +361,12 @@ describe Projects::ClustersController do
stub_kubeclient_get_namespace
(
'https://kubernetes.example.com'
,
namespace:
'my-namespace'
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -414,7 +434,12 @@ describe Projects::ClustersController do
allow
(
WaitForClusterCreationWorker
).
to
receive
(
:perform_in
)
end
it
{
expect
{
post_create_aws
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
post_create_aws
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
post_create_aws
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
post_create_aws
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
post_create_aws
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
post_create_aws
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -469,7 +494,12 @@ describe Projects::ClustersController do
end
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -501,7 +531,12 @@ describe Projects::ClustersController do
end
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -541,7 +576,12 @@ describe Projects::ClustersController do
end
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -574,7 +614,12 @@ describe Projects::ClustersController do
end
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -677,7 +722,12 @@ describe Projects::ClustersController do
describe
'security'
do
let_it_be
(
:cluster
)
{
create
(
:cluster
,
:provided_by_gcp
,
projects:
[
project
])
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
@@ -746,7 +796,12 @@ describe Projects::ClustersController do
describe
'security'
do
let_it_be
(
:cluster
)
{
create
(
:cluster
,
:provided_by_gcp
,
:production_environment
,
projects:
[
project
])
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is disabled for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_denied_for
(
:developer
).
of
(
project
)
}
...
...
spec/controllers/projects/deploy_keys_controller_spec.rb
View file @
dc1149df
...
...
@@ -163,7 +163,7 @@ describe Projects::DeployKeysController do
end
end
context
'with admin'
do
context
'with admin'
,
:enable_admin_mode
do
before
do
sign_in
(
admin
)
end
...
...
@@ -228,7 +228,7 @@ describe Projects::DeployKeysController do
end
end
context
'with admin'
do
context
'with admin'
,
:enable_admin_mode
do
before
do
sign_in
(
admin
)
end
...
...
@@ -284,7 +284,7 @@ describe Projects::DeployKeysController do
end
end
context
'with admin'
do
context
'with admin'
,
:enable_admin_mode
do
before
do
sign_in
(
admin
)
end
...
...
@@ -311,9 +311,17 @@ describe Projects::DeployKeysController do
context
'public deploy key attached to project'
do
let
(
:extra_params
)
{
deploy_key_params
(
'updated title'
,
'1'
)
}
context
'admin mode disabled'
do
it
'does not update the title of the deploy key'
do
expect
{
subject
}.
not_to
change
{
deploy_key
.
reload
.
title
}
end
end
context
'admin mode enabled'
,
:enable_admin_mode
do
it
'updates the title of the deploy key'
do
expect
{
subject
}.
to
change
{
deploy_key
.
reload
.
title
}.
to
(
'updated title'
)
end
end
it
'updates can_push of deploy_keys_project'
do
expect
{
subject
}.
to
change
{
deploy_keys_project
.
reload
.
can_push
}.
from
(
false
).
to
(
true
)
...
...
spec/controllers/projects/issues_controller_spec.rb
View file @
dc1149df
...
...
@@ -586,6 +586,7 @@ describe Projects::IssuesController do
expect
(
assigns
(
:issues
)).
to
include
request_forgery_timing_attack
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'lists confidential issues for admin'
do
sign_in
(
admin
)
get_issues
...
...
@@ -593,6 +594,16 @@ describe Projects::IssuesController do
expect
(
assigns
(
:issues
)).
to
include
unescaped_parameter_value
expect
(
assigns
(
:issues
)).
to
include
request_forgery_timing_attack
end
end
context
'when admin mode is disabled'
do
it
'does not list confidential issues for admin'
do
sign_in
(
admin
)
get_issues
expect
(
assigns
(
:issues
)).
to
eq
[
issue
]
end
end
def
get_issues
get
:index
,
...
...
@@ -648,6 +659,7 @@ describe Projects::IssuesController do
expect
(
response
).
to
have_gitlab_http_status
http_status
[
:success
]
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
"returns
#{
http_status
[
:success
]
}
for admin"
do
sign_in
(
admin
)
go
(
id:
unescaped_parameter_value
.
to_param
)
...
...
@@ -656,6 +668,16 @@ describe Projects::IssuesController do
end
end
context
'when admin mode is disabled'
do
xit
'returns 404 for admin'
do
sign_in
(
admin
)
go
(
id:
unescaped_parameter_value
.
to_param
)
expect
(
response
).
to
have_gitlab_http_status
:not_found
end
end
end
describe
'PUT #update'
do
def
update_issue
(
issue_params:
{},
additional_params:
{},
id:
nil
)
id
||=
issue
.
iid
...
...
spec/controllers/projects/jobs_controller_spec.rb
View file @
dc1149df
...
...
@@ -391,6 +391,15 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
sign_in
(
user
)
end
context
'when admin mode is disabled'
do
it
'settings_path is not available'
do
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
response
).
to
match_response_schema
(
'job/job_details'
)
expect
(
json_response
[
'runners'
]).
not_to
have_key
(
'settings_path'
)
end
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'settings_path is available'
do
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
response
).
to
match_response_schema
(
'job/job_details'
)
...
...
@@ -398,6 +407,7 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
end
end
end
end
context
'when no trace is available'
do
it
'has_trace is false'
do
...
...
spec/controllers/projects/mirrors_controller_spec.rb
View file @
dc1149df
...
...
@@ -39,6 +39,7 @@ describe Projects::MirrorsController do
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'allows requests from an admin user'
do
user
.
update!
(
admin:
true
)
sign_in
(
user
)
...
...
@@ -47,6 +48,17 @@ describe Projects::MirrorsController do
expect
(
response
).
to
redirect_to
(
project_settings_path
)
end
end
context
'when admin mode is disabled'
do
it
'disallows requests from an admin user'
do
user
.
update!
(
admin:
true
)
sign_in
(
user
)
subject_action
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
end
describe
'Access control'
do
...
...
spec/controllers/projects/pipeline_schedules_controller_spec.rb
View file @
dc1149df
...
...
@@ -127,7 +127,12 @@ describe Projects::PipelineSchedulesController do
describe
'security'
do
let
(
:schedule
)
{
attributes_for
(
:ci_pipeline_schedule
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is denied for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:developer
).
of
(
project
)
}
...
...
@@ -279,7 +284,12 @@ describe Projects::PipelineSchedulesController do
describe
'security'
do
let
(
:schedule
)
{
{
description:
'updated_desc'
}
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is denied for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:developer
).
of
(
project
).
own
(
pipeline_schedule
)
}
...
...
@@ -343,7 +353,12 @@ describe Projects::PipelineSchedulesController do
end
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is denied for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:developer
).
of
(
project
).
own
(
pipeline_schedule
)
}
...
...
@@ -361,7 +376,12 @@ describe Projects::PipelineSchedulesController do
describe
'GET #take_ownership'
do
describe
'security'
do
it
{
expect
{
go
}.
to
be_allowed_for
(
:admin
)
}
it
'is allowed for admin when admin mode enabled'
,
:enable_admin_mode
do
expect
{
go
}.
to
be_allowed_for
(
:admin
)
end
it
'is denied for admin when admin mode disabled'
do
expect
{
go
}.
to
be_denied_for
(
:admin
)
end
it
{
expect
{
go
}.
to
be_allowed_for
(
:owner
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:maintainer
).
of
(
project
)
}
it
{
expect
{
go
}.
to
be_allowed_for
(
:developer
).
of
(
project
).
own
(
pipeline_schedule
)
}
...
...
spec/controllers/projects/settings/ci_cd_controller_spec.rb
View file @
dc1149df
...
...
@@ -245,6 +245,16 @@ describe Projects::Settings::CiCdController do
context
'and user is an admin'
do
let
(
:user
)
{
create
(
:admin
)
}
context
'with admin mode disabled'
do
it
'does not set max_artifacts_size'
do
subject
project
.
reload
expect
(
project
.
max_artifacts_size
).
to
be_nil
end
end
context
'with admin mode enabled'
,
:enable_admin_mode
do
it
'sets max_artifacts_size'
do
subject
...
...
@@ -255,6 +265,7 @@ describe Projects::Settings::CiCdController do
end
end
end
end
describe
'POST create_deploy_token'
do
context
'when ajax_new_deploy_token feature flag is disabled for the project'
do
...
...
spec/controllers/projects_controller_spec.rb
View file @
dc1149df
...
...
@@ -362,7 +362,7 @@ describe ProjectsController do
end
describe
'GET edit'
do
it
'allows an admin user to access the page'
do
it
'allows an admin user to access the page'
,
:enable_admin_mode
do
sign_in
(
create
(
:user
,
:admin
))
get
:edit
,
...
...
@@ -531,7 +531,7 @@ describe ProjectsController do
end
end
describe
"#update"
do
describe
"#update"
,
:enable_admin_mode
do
render_views
let
(
:admin
)
{
create
(
:admin
)
}
...
...
@@ -672,7 +672,7 @@ describe ProjectsController do
end
end
describe
'#transfer'
do
describe
'#transfer'
,
:enable_admin_mode
do
render_views
let
(
:project
)
{
create
(
:project
,
:repository
)
}
...
...
@@ -720,7 +720,7 @@ describe ProjectsController do
end
end
describe
"#destroy"
do
describe
"#destroy"
,
:enable_admin_mode
do
let
(
:admin
)
{
create
(
:admin
)
}
it
"redirects to the dashboard"
,
:sidekiq_might_not_need_inline
do
...
...
@@ -1094,7 +1094,7 @@ describe ProjectsController do
end
end
context
'for a DELETE request'
do
context
'for a DELETE request'
,
:enable_admin_mode
do
before
do
sign_in
(
create
(
:admin
))
end
...
...
spec/spec_helper.rb
View file @
dc1149df
...
...
@@ -91,6 +91,10 @@ RSpec.configure do |config|
match
=
location
.
match
(
%r{/spec/([^/]+)/}
)
metadata
[
:type
]
=
match
[
1
].
singularize
.
to_sym
if
match
end
# Admin controller specs get auto admin mode enabled since they are
# protected by the 'EnforcesAdminAuthentication' concern
metadata
[
:enable_admin_mode
]
=
true
if
location
=~
%r{(ee)?/spec/controllers/admin/}
end
config
.
include
LicenseHelpers
...
...
@@ -226,7 +230,6 @@ RSpec.configure do |config|
#
# context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
admin_mode_mock_dirs
=
%w(
./ee/spec/controllers
./ee/spec/elastic_integration
./ee/spec/features
./ee/spec/finders
...
...
@@ -238,7 +241,6 @@ RSpec.configure do |config|
./ee/spec/services
./ee/spec/support/protected_tags
./ee/spec/support/shared_examples
./spec/controllers
./spec/features
./spec/finders
./spec/frontend
...
...
@@ -270,7 +272,7 @@ RSpec.configure do |config|
# context 'some test that requires admin mode', :enable_admin_mode do ... end
#
# See also spec/support/helpers/admin_mode_helpers.rb
if
example
.
metadata
[
:enable_admin_mode
]
if
example
.
metadata
[
:enable_admin_mode
]
&&
!
example
.
metadata
[
:do_not_mock_admin_mode
]
allow_any_instance_of
(
Gitlab
::
Auth
::
CurrentUserMode
).
to
receive
(
:admin_mode?
)
do
|
current_user_mode
|
current_user_mode
.
send
(
:user
)
&
.
admin?
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment