Skip to content
Snippets Groups Projects
Commit 988b28ec authored by GitLab Bot's avatar GitLab Bot
Browse files

Add latest changes from gitlab-org/gitlab@master

parent a325f3a1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 485 additions and 268 deletions
lib/gitlab/graphql/pagination/offset_active_record_relation_connection.rb 0 → 100644
+ 13
0
View file @ 988b28ec
# frozen_string_literal: true
# We use the Keyset / Stable cursor connection by default for ActiveRecord::Relation.
# However, there are times when that may not be powerful enough (yet), and we
# want to use standard offset pagination.
module Gitlab
module Graphql
module Pagination
class OffsetActiveRecordRelationConnection < GraphQL::Relay::RelationConnection
end
end
end
end
lib/gitlab/graphql/pagination/relations/offset_active_record_relation.rb 0 → 100644
+ 12
0
View file @ 988b28ec
# frozen_string_literal: true
module Gitlab
module Graphql
module Pagination
module Relations
class OffsetActiveRecordRelation < ::ActiveRecord::Relation
end
end
end
end
end
package.json
+ 1
1
View file @ 988b28ec
@@ -39,7 +39,7 @@
"@babel/preset-env": "^7.8.4",
"@gitlab/at.js": "^1.5.5",
"@gitlab/svgs": "^1.104.0",
"@gitlab/ui": "^9.18.0",
"@gitlab/ui": "^9.18.2",
"@gitlab/visual-review-tools": "1.5.1",
"@sentry/browser": "^5.10.2",
"@sourcegraph/code-host-integration": "0.0.30",
scripts/review_apps/base-config.yaml
+ 12
12
View file @ 988b28ec
@@ -17,10 +17,10 @@ gitlab:
resources:
requests:
cpu: 1200m
memory: 240M
memory: 245M
limits:
cpu: 1800m
memory: 360M
memory: 367M
persistence:
size: 10G
gitlab-exporter:
@@ -51,11 +51,11 @@ gitlab:
sidekiq:
resources:
requests:
cpu: 650m
memory: 1018M
cpu: 855m
memory: 1071M
limits:
cpu: 975m
memory: 1527M
cpu: 1282m
memory: 1606M
hpa:
targetAverageValue: 650m
task-runner:
@@ -69,11 +69,11 @@ gitlab:
unicorn:
resources:
requests:
cpu: 525m
memory: 1711M
cpu: 746m
memory: 1873M
limits:
cpu: 787m
memory: 2566M
cpu: 1119m
memory: 2809M
deployment:
readinessProbe:
initialDelaySeconds: 5 # Default is 0
@@ -140,10 +140,10 @@ postgresql:
enabled: false
resources:
requests:
cpu: 300m
cpu: 347m
memory: 250M
limits:
cpu: 450m
cpu: 520m
memory: 375M
prometheus:
install: false
spec/controllers/groups_controller_spec.rb
+ 7
0
View file @ 988b28ec
@@ -411,6 +411,13 @@ describe GroupsController do
expect(group.reload.project_creation_level).to eq(::Gitlab::Access::MAINTAINER_PROJECT_ACCESS)
end
 
it 'updates the default_branch_protection successfully' do
post :update, params: { id: group.to_param, group: { default_branch_protection: ::Gitlab::Access::PROTECTION_DEV_CAN_MERGE } }
expect(response).to have_gitlab_http_status(:found)
expect(group.reload.default_branch_protection).to eq(::Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
end
context 'when a project inside the group has container repositories' do
before do
stub_container_registry_config(enabled: true)
spec/fixtures/csv_gitlab_export.csv 0 → 100644
+ 5
0
View file @ 988b28ec
Issue ID,URL,Title,State,Description,Author,Author Username,Assignee,Assignee Username,Confidential,Locked,Due Date,Created At (UTC),Updated At (UTC),Closed At (UTC),Milestone,Weight,Labels,Time Estimate,Time Spent,Epic ID,Epic Title
1,http://localhost:3000/jashkenas/underscore/issues/1,Title,Open,,Elva Jerde,jamel,Tierra Effertz,aurora_hahn,No,No,,2020-01-17 10:36:26,2020-02-19 10:36:26,,v1.0,,"Brene,Cutlass,Escort,GVM",0,0,,
3,http://localhost:3000/jashkenas/underscore/issues/3,Nihil impedit neque quos totam ut aut enim cupiditate doloribus molestiae.,Open,Omnis aliquid sint laudantium quam.,Marybeth Goodwin,rocio.blanda,Annemarie Von,reynalda_howe,No,No,,2020-01-23 10:36:26,2020-02-19 10:36:27,,v1.0,,"Brene,Cutlass,Escort,GVM",0,0,,
34,http://localhost:3000/jashkenas/underscore/issues/34,Dismiss Cipher with no integrity,Open,,Marybeth Goodwin,rocio.blanda,"","",No,No,,2020-02-19 10:38:49,2020-02-19 10:38:49,,,,,0,0,,
35,http://localhost:3000/jashkenas/underscore/issues/35,Test Title,Open,Test Description,Marybeth Goodwin,rocio.blanda,"","",No,No,,2020-02-19 10:38:49,2020-02-19 10:38:49,,,,,0,0,,
spec/graphql/gitlab_schema_spec.rb
+ 21
2
View file @ 988b28ec
@@ -3,6 +3,7 @@
require 'spec_helper'
 
describe GitlabSchema do
let_it_be(:implementations) { GraphQL::Relay::BaseConnection::CONNECTION_IMPLEMENTATIONS }
let(:user) { build :user }
 
it 'uses batch loading' do
@@ -33,12 +34,30 @@ describe GitlabSchema do
expect(described_class.query).to eq(::Types::QueryType.to_graphql)
end
 
it 'paginates active record relations using `Gitlab::Graphql::Connections::KeysetConnection`' do
connection = GraphQL::Relay::BaseConnection::CONNECTION_IMPLEMENTATIONS[ActiveRecord::Relation.name]
it 'paginates active record relations using `Connections::Keyset::Connection`' do
connection = implementations[ActiveRecord::Relation.name]
 
expect(connection).to eq(Gitlab::Graphql::Connections::Keyset::Connection)
end
 
it 'paginates ExternallyPaginatedArray using `Connections::ExternallyPaginatedArrayConnection`' do
connection = implementations[Gitlab::Graphql::ExternallyPaginatedArray.name]
expect(connection).to eq(Gitlab::Graphql::Connections::ExternallyPaginatedArrayConnection)
end
it 'paginates FilterableArray using `Connections::FilterableArrayConnection`' do
connection = implementations[Gitlab::Graphql::FilterableArray.name]
expect(connection).to eq(Gitlab::Graphql::Connections::FilterableArrayConnection)
end
it 'paginates OffsetActiveRecordRelation using `Pagination::OffsetActiveRecordRelationConnection`' do
connection = implementations[Gitlab::Graphql::Pagination::Relations::OffsetActiveRecordRelation.name]
expect(connection).to eq(Gitlab::Graphql::Pagination::OffsetActiveRecordRelationConnection)
end
describe '.execute' do
context 'for different types of users' do
context 'when no context' do
spec/lib/gitlab/access/branch_protection_spec.rb
+ 17
0
View file @ 988b28ec
@@ -51,4 +51,21 @@ describe Gitlab::Access::BranchProtection do
end
end
end
describe '#fully_protected?' do
using RSpec::Parameterized::TableSyntax
where(:level, :result) do
Gitlab::Access::PROTECTION_NONE | false
Gitlab::Access::PROTECTION_DEV_CAN_PUSH | false
Gitlab::Access::PROTECTION_DEV_CAN_MERGE | false
Gitlab::Access::PROTECTION_FULL | true
end
with_them do
it do
expect(described_class.new(level).fully_protected?).to eq(result)
end
end
end
end
spec/lib/gitlab/auth/current_user_mode_spec.rb
+ 220
184
View file @ 988b28ec
@@ -3,294 +3,330 @@
require 'spec_helper'
 
describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store do
include_context 'custom session'
let(:user) { build_stubbed(:user) }
 
subject { described_class.new(user) }
 
before do
allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session])
end
shared_examples 'admin mode cannot be enabled' do
it 'is false by default' do
expect(subject.admin_mode?).to be(false)
end
it 'cannot be enabled with a valid password' do
subject.enable_admin_mode!(password: user.password)
expect(subject.admin_mode?).to be(false)
end
it 'cannot be enabled with an invalid password' do
subject.enable_admin_mode!(password: nil)
expect(subject.admin_mode?).to be(false)
end
it 'cannot be enabled with empty params' do
subject.enable_admin_mode!
context 'when session is available' do
include_context 'custom session'
 
expect(subject.admin_mode?).to be(false)
before do
allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session])
end
 
it 'disable has no effect' do
subject.enable_admin_mode!
subject.disable_admin_mode!
expect(subject.admin_mode?).to be(false)
end
shared_examples 'admin mode cannot be enabled' do
it 'is false by default' do
expect(subject.admin_mode?).to be(false)
end
 
context 'skipping password validation' do
it 'cannot be enabled with a valid password' do
subject.enable_admin_mode!(password: user.password, skip_password_validation: true)
subject.enable_admin_mode!(password: user.password)
 
expect(subject.admin_mode?).to be(false)
end
 
it 'cannot be enabled with an invalid password' do
subject.enable_admin_mode!(skip_password_validation: true)
subject.enable_admin_mode!(password: nil)
 
expect(subject.admin_mode?).to be(false)
end
end
end
 
describe '#admin_mode?' do
context 'when the user is a regular user' do
it_behaves_like 'admin mode cannot be enabled'
it 'cannot be enabled with empty params' do
subject.enable_admin_mode!
 
context 'bypassing session' do
it_behaves_like 'admin mode cannot be enabled' do
around do |example|
described_class.bypass_session!(user.id) { example.run }
end
end
expect(subject.admin_mode?).to be(false)
end
end
context 'when the user is an admin' do
let(:user) { build_stubbed(:user, :admin) }
 
context 'when admin mode not requested' do
it 'is false by default' do
expect(subject.admin_mode?).to be(false)
end
it 'raises exception if we try to enable it' do
expect do
subject.enable_admin_mode!(password: user.password)
end.to raise_error(::Gitlab::Auth::CurrentUserMode::NotRequestedError)
it 'disable has no effect' do
subject.enable_admin_mode!
subject.disable_admin_mode!
 
expect(subject.admin_mode?).to be(false)
end
expect(subject.admin_mode?).to be(false)
end
 
context 'when admin mode requested first' do
before do
subject.request_admin_mode!
end
context 'skipping password validation' do
it 'cannot be enabled with a valid password' do
subject.enable_admin_mode!(password: user.password, skip_password_validation: true)
 
it 'is false by default' do
expect(subject.admin_mode?).to be(false)
end
 
it 'cannot be enabled with an invalid password' do
subject.enable_admin_mode!(password: nil)
subject.enable_admin_mode!(skip_password_validation: true)
 
expect(subject.admin_mode?).to be(false)
end
end
end
 
it 'can be enabled with a valid password' do
subject.enable_admin_mode!(password: user.password)
describe '#admin_mode?' do
context 'when the user is a regular user' do
it_behaves_like 'admin mode cannot be enabled'
 
expect(subject.admin_mode?).to be(true)
context 'bypassing session' do
it_behaves_like 'admin mode cannot be enabled' do
around do |example|
described_class.bypass_session!(user.id) { example.run }
end
end
end
end
 
it 'can be disabled' do
subject.enable_admin_mode!(password: user.password)
subject.disable_admin_mode!
context 'when the user is an admin' do
let(:user) { build_stubbed(:user, :admin) }
 
expect(subject.admin_mode?).to be(false)
context 'when admin mode not requested' do
it 'is false by default' do
expect(subject.admin_mode?).to be(false)
end
it 'raises exception if we try to enable it' do
expect do
subject.enable_admin_mode!(password: user.password)
end.to raise_error(::Gitlab::Auth::CurrentUserMode::NotRequestedError)
expect(subject.admin_mode?).to be(false)
end
end
 
it 'will expire in the future' do
subject.enable_admin_mode!(password: user.password)
expect(subject.admin_mode?).to be(true), 'admin mode is not active in the present'
context 'when admin mode requested first' do
before do
subject.request_admin_mode!
end
 
Timecop.freeze(Gitlab::Auth::CurrentUserMode::MAX_ADMIN_MODE_TIME.from_now) do
# in the future this will be a new request, simulate by clearing the RequestStore
Gitlab::SafeRequestStore.clear!
it 'is false by default' do
expect(subject.admin_mode?).to be(false)
end
it 'cannot be enabled with an invalid password' do
subject.enable_admin_mode!(password: nil)
 
expect(subject.admin_mode?).to be(false), 'admin mode did not expire in the future'
expect(subject.admin_mode?).to be(false)
end
end
 
context 'skipping password validation' do
it 'can be enabled with a valid password' do
subject.enable_admin_mode!(password: user.password, skip_password_validation: true)
subject.enable_admin_mode!(password: user.password)
 
expect(subject.admin_mode?).to be(true)
end
 
it 'can be enabled with an invalid password' do
subject.enable_admin_mode!(skip_password_validation: true)
it 'can be disabled' do
subject.enable_admin_mode!(password: user.password)
subject.disable_admin_mode!
 
expect(subject.admin_mode?).to be(true)
expect(subject.admin_mode?).to be(false)
end
end
 
context 'with two independent sessions' do
let(:another_session) { {} }
let(:another_subject) { described_class.new(user) }
it 'will expire in the future' do
subject.enable_admin_mode!(password: user.password)
expect(subject.admin_mode?).to be(true), 'admin mode is not active in the present'
 
before do
allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session, another_session])
Timecop.freeze(Gitlab::Auth::CurrentUserMode::MAX_ADMIN_MODE_TIME.from_now) do
# in the future this will be a new request, simulate by clearing the RequestStore
Gitlab::SafeRequestStore.clear!
expect(subject.admin_mode?).to be(false), 'admin mode did not expire in the future'
end
end
 
it 'can be enabled in one and seen in the other' do
Gitlab::Session.with_session(another_session) do
another_subject.request_admin_mode!
another_subject.enable_admin_mode!(password: user.password)
context 'skipping password validation' do
it 'can be enabled with a valid password' do
subject.enable_admin_mode!(password: user.password, skip_password_validation: true)
expect(subject.admin_mode?).to be(true)
end
 
expect(subject.admin_mode?).to be(true)
it 'can be enabled with an invalid password' do
subject.enable_admin_mode!(skip_password_validation: true)
expect(subject.admin_mode?).to be(true)
end
end
end
end
 
context 'bypassing session' do
it 'is active by default' do
described_class.bypass_session!(user.id) do
expect(subject.admin_mode?).to be(true)
context 'with two independent sessions' do
let(:another_session) { {} }
let(:another_subject) { described_class.new(user) }
before do
allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session, another_session])
end
it 'can be enabled in one and seen in the other' do
Gitlab::Session.with_session(another_session) do
another_subject.request_admin_mode!
another_subject.enable_admin_mode!(password: user.password)
end
expect(subject.admin_mode?).to be(true)
end
end
end
 
it 'enable has no effect' do
described_class.bypass_session!(user.id) do
subject.request_admin_mode!
subject.enable_admin_mode!(password: user.password)
context 'bypassing session' do
it 'is active by default' do
described_class.bypass_session!(user.id) do
expect(subject.admin_mode?).to be(true)
end
end
 
expect(subject.admin_mode?).to be(true)
it 'enable has no effect' do
described_class.bypass_session!(user.id) do
subject.request_admin_mode!
subject.enable_admin_mode!(password: user.password)
expect(subject.admin_mode?).to be(true)
end
end
end
 
it 'disable has no effect' do
described_class.bypass_session!(user.id) do
subject.disable_admin_mode!
it 'disable has no effect' do
described_class.bypass_session!(user.id) do
subject.disable_admin_mode!
 
expect(subject.admin_mode?).to be(true)
expect(subject.admin_mode?).to be(true)
end
end
end
end
end
end
 
describe '#enable_admin_mode!' do
let(:user) { build_stubbed(:user, :admin) }
describe '#enable_admin_mode!' do
let(:user) { build_stubbed(:user, :admin) }
 
it 'creates a timestamp in the session' do
subject.request_admin_mode!
subject.enable_admin_mode!(password: user.password)
it 'creates a timestamp in the session' do
subject.request_admin_mode!
subject.enable_admin_mode!(password: user.password)
 
expect(session).to include(expected_session_entry(be_within(1.second).of Time.now))
expect(session).to include(expected_session_entry(be_within(1.second).of Time.now))
end
end
end
 
describe '#enable_sessionless_admin_mode!' do
let(:user) { build_stubbed(:user, :admin) }
describe '#disable_admin_mode!' do
let(:user) { build_stubbed(:user, :admin) }
 
it 'enabled admin mode without password' do
subject.enable_sessionless_admin_mode!
it 'sets the session timestamp to nil' do
subject.request_admin_mode!
subject.disable_admin_mode!
 
expect(subject.admin_mode?).to be(true)
expect(session).to include(expected_session_entry(be_nil))
end
end
end
 
describe '#disable_admin_mode!' do
let(:user) { build_stubbed(:user, :admin) }
describe '.with_current_request_admin_mode' do
context 'with a regular user' do
it 'user is not available inside nor outside the yielded block' do
described_class.with_current_admin(user) do
expect(described_class.current_admin).to be_nil
end
 
it 'sets the session timestamp to nil' do
subject.request_admin_mode!
subject.disable_admin_mode!
expect(described_class.bypass_session_admin_id).to be_nil
end
end
 
expect(session).to include(expected_session_entry(be_nil))
end
end
context 'with an admin user' do
let(:user) { build_stubbed(:user, :admin) }
 
describe '.bypass_session!' do
context 'with a regular user' do
it 'admin mode is false' do
described_class.bypass_session!(user.id) do
expect(subject.admin_mode?).to be(false)
expect(described_class.bypass_session_admin_id).to be(user.id)
context 'admin mode is disabled' do
it 'user is not available inside nor outside the yielded block' do
described_class.with_current_admin(user) do
expect(described_class.current_admin).to be_nil
end
expect(described_class.bypass_session_admin_id).to be_nil
end
end
 
expect(described_class.bypass_session_admin_id).to be_nil
end
end
context 'admin mode is enabled' do
before do
subject.request_admin_mode!
subject.enable_admin_mode!(password: user.password)
end
 
context 'with an admin user' do
let(:user) { build_stubbed(:user, :admin) }
it 'user is available only inside the yielded block' do
described_class.with_current_admin(user) do
expect(described_class.current_admin).to be(user)
end
 
it 'admin mode is true' do
described_class.bypass_session!(user.id) do
expect(subject.admin_mode?).to be(true)
expect(described_class.bypass_session_admin_id).to be(user.id)
expect(described_class.current_admin).to be_nil
end
end
expect(described_class.bypass_session_admin_id).to be_nil
end
end
end
 
describe '.with_current_request_admin_mode' do
context 'with a regular user' do
it 'user is not available inside nor outside the yielded block' do
described_class.with_current_admin(user) do
expect(described_class.current_admin).to be_nil
end
def expected_session_entry(value_matcher)
{
Gitlab::Auth::CurrentUserMode::SESSION_STORE_KEY => a_hash_including(
Gitlab::Auth::CurrentUserMode::ADMIN_MODE_START_TIME_KEY => value_matcher)
}
end
end
 
expect(described_class.bypass_session_admin_id).to be_nil
context 'when no session available' do
around do |example|
Gitlab::Session.with_session(nil) do
example.run
end
end
 
context 'with an admin user' do
let(:user) { build_stubbed(:user, :admin) }
describe '.bypass_session!' do
context 'when providing a block' do
context 'with a regular user' do
it 'admin mode is false' do
described_class.bypass_session!(user.id) do
expect(Gitlab::Session.current).to be_nil
expect(subject.admin_mode?).to be(false)
expect(described_class.bypass_session_admin_id).to be(user.id)
end
 
context 'admin mode is disabled' do
it 'user is not available inside nor outside the yielded block' do
described_class.with_current_admin(user) do
expect(described_class.current_admin).to be_nil
expect(described_class.bypass_session_admin_id).to be_nil
end
end
 
expect(described_class.bypass_session_admin_id).to be_nil
context 'with an admin user' do
let(:user) { build_stubbed(:user, :admin) }
it 'admin mode is true' do
described_class.bypass_session!(user.id) do
expect(Gitlab::Session.current).to be_nil
expect(subject.admin_mode?).to be(true)
expect(described_class.bypass_session_admin_id).to be(user.id)
end
expect(described_class.bypass_session_admin_id).to be_nil
end
end
end
 
context 'admin mode is enabled' do
before do
subject.request_admin_mode!
subject.enable_admin_mode!(password: user.password)
end
context 'when not providing a block' do
context 'with a regular user' do
it 'admin mode is false' do
described_class.bypass_session!(user.id)
 
it 'user is available only inside the yielded block' do
described_class.with_current_admin(user) do
expect(described_class.current_admin).to be(user)
expect(Gitlab::Session.current).to be_nil
expect(subject.admin_mode?).to be(false)
expect(described_class.bypass_session_admin_id).to be(user.id)
described_class.reset_bypass_session!
expect(described_class.bypass_session_admin_id).to be_nil
end
end
 
expect(described_class.current_admin).to be_nil
context 'with an admin user' do
let(:user) { build_stubbed(:user, :admin) }
it 'admin mode is true' do
described_class.bypass_session!(user.id)
expect(Gitlab::Session.current).to be_nil
expect(subject.admin_mode?).to be(true)
expect(described_class.bypass_session_admin_id).to be(user.id)
described_class.reset_bypass_session!
expect(described_class.bypass_session_admin_id).to be_nil
end
end
end
end
end
def expected_session_entry(value_matcher)
{
Gitlab::Auth::CurrentUserMode::SESSION_STORE_KEY => a_hash_including(
Gitlab::Auth::CurrentUserMode::ADMIN_MODE_START_TIME_KEY => value_matcher)
}
end
end
spec/lib/gitlab/graphql/pagination/offset_active_record_relation_connection_spec.rb 0 → 100644
+ 9
0
View file @ 988b28ec
# frozen_string_literal: true
require 'spec_helper'
describe Gitlab::Graphql::Pagination::OffsetActiveRecordRelationConnection do
it 'subclasses from GraphQL::Relay::RelationConnection' do
expect(described_class.superclass).to eq GraphQL::Relay::RelationConnection
end
end
spec/lib/gitlab/user_access_spec.rb
+ 21
26
View file @ 988b28ec
@@ -46,32 +46,27 @@ describe Gitlab::UserAccess do
expect(project_access.can_push_to_branch?('master')).to be_truthy
end
 
it 'returns false if user is developer and project is fully protected' do
empty_project.add_developer(user)
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_FULL)
expect(project_access.can_push_to_branch?('master')).to be_falsey
end
it 'returns false if user is developer and it is not allowed to push new commits but can merge into branch' do
empty_project.add_developer(user)
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
expect(project_access.can_push_to_branch?('master')).to be_falsey
end
it 'returns true if user is developer and project is unprotected' do
empty_project.add_developer(user)
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)
expect(project_access.can_push_to_branch?('master')).to be_truthy
end
it 'returns true if user is developer and project grants developers permission' do
empty_project.add_developer(user)
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
expect(project_access.can_push_to_branch?('master')).to be_truthy
context 'when the user is a developer' do
using RSpec::Parameterized::TableSyntax
before do
empty_project.add_developer(user)
end
where(:default_branch_protection_level, :result) do
Gitlab::Access::PROTECTION_NONE | true
Gitlab::Access::PROTECTION_DEV_CAN_PUSH | true
Gitlab::Access::PROTECTION_DEV_CAN_MERGE | false
Gitlab::Access::PROTECTION_FULL | false
end
with_them do
it do
expect(empty_project.namespace).to receive(:default_branch_protection).and_return(default_branch_protection_level).at_least(:once)
expect(project_access.can_push_to_branch?('master')).to eq(result)
end
end
end
end
 
spec/models/deployment_spec.rb
+ 15
0
View file @ 988b28ec
@@ -520,6 +520,21 @@ describe Deployment do
end
end
 
describe '#create_ref' do
let(:deployment) { build(:deployment) }
subject { deployment.create_ref }
it 'creates a ref using the sha' do
expect(deployment.project.repository).to receive(:create_ref).with(
deployment.sha,
"refs/environments/#{deployment.environment.name}/deployments/#{deployment.iid}"
)
subject
end
end
describe '#playable_build' do
subject { deployment.playable_build }
 
spec/models/environment_spec.rb
+ 0
20
View file @ 988b28ec
@@ -325,26 +325,6 @@ describe Environment, :use_clean_rails_memory_store_caching do
end
end
 
describe '#first_deployment_for' do
let(:project) { create(:project, :repository) }
let!(:deployment) { create(:deployment, :succeed, environment: environment, ref: commit.parent.id) }
let!(:deployment1) { create(:deployment, :succeed, environment: environment, ref: commit.id) }
let(:head_commit) { project.commit }
let(:commit) { project.commit.parent }
it 'returns deployment id for the environment', :sidekiq_might_not_need_inline do
expect(environment.first_deployment_for(commit.id)).to eq deployment1
end
it 'return nil when no deployment is found' do
expect(environment.first_deployment_for(head_commit.id)).to eq nil
end
it 'returns a UTF-8 ref', :sidekiq_might_not_need_inline do
expect(environment.first_deployment_for(commit.id).ref).to be_utf8
end
end
describe '#environment_type' do
subject { environment.environment_type }
 
spec/models/namespace_spec.rb
+ 35
0
View file @ 988b28ec
@@ -531,6 +531,41 @@ describe Namespace do
end
end
 
describe "#default_branch_protection" do
let(:namespace) { create(:namespace) }
let(:default_branch_protection) { nil }
let(:group) { create(:group, default_branch_protection: default_branch_protection) }
before do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
end
context 'for a namespace' do
# Unlike a group, the settings of a namespace cannot be altered
# via the UI or the API.
it 'returns the instance level setting' do
expect(namespace.default_branch_protection).to eq(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
end
end
context 'for a group' do
context 'that has not altered the default value' do
it 'returns the instance level setting' do
expect(group.default_branch_protection).to eq(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
end
end
context 'that has altered the default value' do
let(:default_branch_protection) { Gitlab::Access::PROTECTION_FULL }
it 'returns the group level setting' do
expect(group.default_branch_protection).to eq(default_branch_protection)
end
end
end
end
describe '#self_and_hierarchy' do
let!(:group) { create(:group, path: 'git_lab') }
let!(:nested_group) { create(:group, parent: group) }
spec/models/project_spec.rb
+ 26
3
View file @ 988b28ec
@@ -1623,6 +1623,29 @@ describe Project do
end
end
 
describe '#default_branch_protected?' do
using RSpec::Parameterized::TableSyntax
let_it_be(:project) { create(:project) }
subject { project.default_branch_protected? }
where(:default_branch_protection_level, :result) do
Gitlab::Access::PROTECTION_NONE | false
Gitlab::Access::PROTECTION_DEV_CAN_PUSH | false
Gitlab::Access::PROTECTION_DEV_CAN_MERGE | true
Gitlab::Access::PROTECTION_FULL | true
end
with_them do
before do
expect(project.namespace).to receive(:default_branch_protection).and_return(default_branch_protection_level)
end
it { is_expected.to eq(result) }
end
end
describe '#pages_url' do
let(:group) { create(:group, name: group_name) }
let(:project) { create(:project, namespace: group, name: project_name) }
@@ -4576,7 +4599,7 @@ describe Project do
end
 
it 'does not protect when branch protection is disabled' do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)
expect(project.namespace).to receive(:default_branch_protection).and_return(Gitlab::Access::PROTECTION_NONE)
 
project.after_import
 
@@ -4584,7 +4607,7 @@ describe Project do
end
 
it "gives developer access to push when branch protection is set to 'developers can push'" do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
expect(project.namespace).to receive(:default_branch_protection).and_return(Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
 
project.after_import
 
@@ -4594,7 +4617,7 @@ describe Project do
end
 
it "gives developer access to merge when branch protection is set to 'developers can merge'" do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
expect(project.namespace).to receive(:default_branch_protection).and_return(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
 
project.after_import
 
spec/models/protected_branch_spec.rb
+ 31
17
View file @ 988b28ec
@@ -164,31 +164,45 @@ describe ProtectedBranch do
end
end
 
context "new project" do
let(:project) { create(:project) }
context 'new project' do
using RSpec::Parameterized::TableSyntax
 
it 'returns false when default_protected_branch is unprotected' do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)
let(:project) { create(:project) }
 
expect(described_class.protected?(project, 'master')).to be false
end
context 'when the group has set their own default_branch_protection level' do
where(:default_branch_protection_level, :result) do
Gitlab::Access::PROTECTION_NONE | false
Gitlab::Access::PROTECTION_DEV_CAN_PUSH | false
Gitlab::Access::PROTECTION_DEV_CAN_MERGE | true
Gitlab::Access::PROTECTION_FULL | true
end
 
it 'returns false when default_protected_branch lets developers push' do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
with_them do
it 'protects the default branch based on the default branch protection setting of the group' do
expect(project.namespace).to receive(:default_branch_protection).and_return(default_branch_protection_level)
 
expect(described_class.protected?(project, 'master')).to be false
expect(described_class.protected?(project, 'master')).to eq(result)
end
end
end
 
it 'returns true when default_branch_protection does not let developers push but let developer merge branches' do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
expect(described_class.protected?(project, 'master')).to be true
end
context 'when the group has not set their own default_branch_protection level' do
where(:default_branch_protection_level, :result) do
Gitlab::Access::PROTECTION_NONE | false
Gitlab::Access::PROTECTION_DEV_CAN_PUSH | false
Gitlab::Access::PROTECTION_DEV_CAN_MERGE | true
Gitlab::Access::PROTECTION_FULL | true
end
 
it 'returns true when default_branch_protection is in full protection' do
stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_FULL)
with_them do
before do
stub_application_setting(default_branch_protection: default_branch_protection_level)
end
 
expect(described_class.protected?(project, 'master')).to be true
it 'protects the default branch based on the instance level default branch protection setting' do
expect(described_class.protected?(project, 'master')).to eq(result)
end
end
end
end
end
spec/requests/api/api_guard/admin_mode_middleware_spec.rb 0 → 100644
+ 35
0
View file @ 988b28ec
# frozen_string_literal: true
require 'spec_helper'
describe API::APIGuard::AdminModeMiddleware, :do_not_mock_admin_mode, :request_store do
let(:user) { create(:admin) }
it 'is loaded' do
expect(API::API.middleware).to include([:use, described_class])
end
context 'when there is an exception in the api call' do
let(:app) do
Class.new(API::API) do
get 'willfail' do
raise StandardError.new('oh noes!')
end
end
end
it 'resets admin mode' do
Gitlab::Auth::CurrentUserMode.bypass_session!(user.id)
expect(Gitlab::Auth::CurrentUserMode.bypass_session_admin_id).to be(user.id)
expect(Gitlab::Auth::CurrentUserMode).to receive(:reset_bypass_session!).and_call_original
get api('/willfail')
expect(response.status).to eq(500)
expect(response.body).to include('oh noes!')
expect(Gitlab::Auth::CurrentUserMode.bypass_session_admin_id).to be_nil
end
end
end
spec/requests/api/graphql/group_query_spec.rb
+ 1
1
View file @ 988b28ec
@@ -4,7 +4,7 @@ require 'spec_helper'
 
# Based on spec/requests/api/groups_spec.rb
# Should follow closely in order to ensure all situations are covered
describe 'getting group information' do
describe 'getting group information', :do_not_mock_admin_mode do
include GraphqlHelpers
include UploadHelpers
 
spec/requests/api/graphql/mutations/snippets/mark_as_spam_spec.rb
+ 1
1
View file @ 988b28ec
@@ -2,7 +2,7 @@
 
require 'spec_helper'
 
describe 'Mark snippet as spam' do
describe 'Mark snippet as spam', :do_not_mock_admin_mode do
include GraphqlHelpers
 
let_it_be(:admin) { create(:admin) }
spec/requests/api/groups_spec.rb
+ 3
1
View file @ 988b28ec
@@ -545,7 +545,8 @@ describe API::Groups do
name: new_group_name,
request_access_enabled: true,
project_creation_level: "noone",
subgroup_creation_level: "maintainer"
subgroup_creation_level: "maintainer",
default_branch_protection: ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS
}
 
expect(response).to have_gitlab_http_status(:ok)
@@ -566,6 +567,7 @@ describe API::Groups do
expect(json_response['projects'].length).to eq(2)
expect(json_response['shared_projects']).to be_an Array
expect(json_response['shared_projects'].length).to eq(0)
expect(json_response['default_branch_protection']).to eq(::Gitlab::Access::MAINTAINER_PROJECT_ACCESS)
end
 
it 'returns 404 for a non existing group' do
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment