Skip to content
Snippets Groups Projects
Commit 5525db8b authored by Grzegorz Bizon's avatar Grzegorz Bizon
Browse files

Check branch access when user triggers manual action

parent ee592f0d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/models/ci/build.rb
+ 10
0
View file @ 5525db8b
@@ -115,7 +115,17 @@ module Ci
@@ -115,7 +115,17 @@ module Ci
commands.present? commands.present?
end end
   
def can_play?(current_user)
::Gitlab::UserAccess
.new(current_user, project: project)
.can_push_to_branch?(ref)
end
def play(current_user) def play(current_user)
unless can_play?(current_user)
raise Gitlab::Access::AccessDeniedError
end
# Try to queue a current build # Try to queue a current build
if self.enqueue if self.enqueue
self.update(user: current_user) self.update(user: current_user)
spec/models/ci/build_spec.rb
+ 53
12
View file @ 5525db8b
@@ -925,6 +925,33 @@ describe Ci::Build, :models do
@@ -925,6 +925,33 @@ describe Ci::Build, :models do
end end
end end
   
describe '#can_play?' do
before do
project.add_developer(user)
end
let(:build) do
create(:ci_build, ref: 'some-ref', pipeline: pipeline)
end
context 'when branch build is running for is protected' do
before do
create(:protected_branch, :no_one_can_push,
name: 'some-ref', project: project)
end
it 'indicates that user can not trigger an action' do
expect(build.can_play?(user)).to be_falsey
end
end
context 'when branch build is running for is not protected' do
it 'indicates that user can trigger an action' do
expect(build.can_play?(user)).to be_truthy
end
end
end
describe '#play' do describe '#play' do
let(:build) { create(:ci_build, :manual, pipeline: pipeline) } let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
   
@@ -932,25 +959,39 @@ describe Ci::Build, :models do
@@ -932,25 +959,39 @@ describe Ci::Build, :models do
project.add_developer(user) project.add_developer(user)
end end
   
context 'when build is manual' do context 'when user does not have ability to trigger action' do
it 'enqueues a build' do before do
new_build = build.play(user) create(:protected_branch, :no_one_can_push,
name: build.ref, project: project)
end
   
expect(new_build).to be_pending it 'raises an error' do
expect(new_build).to eq(build) expect { build.play(user) }
.to raise_error Gitlab::Access::AccessDeniedError
end end
end end
   
context 'when build is passed' do context 'when user has ability to trigger manual action' do
before do context 'when build is manual' do
build.update(status: 'success') it 'enqueues a build' do
new_build = build.play(user)
expect(new_build).to be_pending
expect(new_build).to eq(build)
end
end end
   
it 'creates a new build' do context 'when build is not manual' do
new_build = build.play(user) before do
build.update(status: 'success')
end
it 'creates a new build' do
new_build = build.play(user)
   
expect(new_build).to be_pending expect(new_build).to be_pending
expect(new_build).not_to eq(build) expect(new_build).not_to eq(build)
end
end end
end end
end end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment