From 6a504c8256fe5281819cc0a6dc916230f4203c7c Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzesiek.bizon@gmail.com>
Date: Fri, 15 Jan 2016 13:56:43 +0100
Subject: [PATCH] Add feature tests for permissions for build artifacts read
 ability

---
 features/project/builds/artifacts.feature    |  4 ++--
 features/project/builds/permissions.feature  | 18 ++++++++++++++++++
 features/project/builds/summary.feature      |  4 ++--
 features/steps/project/builds/artifacts.rb   |  5 -----
 features/steps/project/builds/permissions.rb |  7 +++++++
 features/steps/shared/builds.rb              | 13 +++++++++++--
 features/steps/shared/project.rb             | 18 +++++++++++++++++-
 7 files changed, 57 insertions(+), 12 deletions(-)
 create mode 100644 features/project/builds/permissions.feature
 create mode 100644 features/steps/project/builds/permissions.rb

diff --git a/features/project/builds/artifacts.feature b/features/project/builds/artifacts.feature
index b624a0bdb58..7a7dbb71b18 100644
--- a/features/project/builds/artifacts.feature
+++ b/features/project/builds/artifacts.feature
@@ -2,8 +2,8 @@ Feature: Project Builds Artifacts
   Background:
     Given I sign in as a user
     And I own a project
-    And CI is enabled
-    And I have recent build for my project
+    And project has CI enabled
+    And project has a recent build
 
   Scenario: I download build artifacts
     Given recent build has artifacts available
diff --git a/features/project/builds/permissions.feature b/features/project/builds/permissions.feature
new file mode 100644
index 00000000000..1193bcd74f6
--- /dev/null
+++ b/features/project/builds/permissions.feature
@@ -0,0 +1,18 @@
+Feature: Project Builds Permissions
+  Background:
+    Given I sign in as a user
+    And project exists in some group namespace
+    And project has CI enabled
+    And project has a recent build
+
+  Scenario: I try to download build artifacts as guest
+    Given I am member of a project with a guest role
+    And recent build has artifacts available
+    When I access artifacts download page
+    Then page status code should be 404
+
+  Scenario: I try to download build artifacts as reporter
+    Given I am member of a project with a reporter role
+    And recent build has artifacts available
+    When I access artifacts download page
+    Then download of build artifacts archive starts
diff --git a/features/project/builds/summary.feature b/features/project/builds/summary.feature
index 5e938ea090e..e90ea592aab 100644
--- a/features/project/builds/summary.feature
+++ b/features/project/builds/summary.feature
@@ -2,8 +2,8 @@ Feature: Project Builds Summary
   Background:
     Given I sign in as a user
     And I own a project
-    And CI is enabled
-    And I have recent build for my project
+    And project has CI enabled
+    And project has a recent build
 
   Scenario: I browse build summary page
     When I visit recent build summary page
diff --git a/features/steps/project/builds/artifacts.rb b/features/steps/project/builds/artifacts.rb
index f4f91ad1d8c..f2c87da4717 100644
--- a/features/steps/project/builds/artifacts.rb
+++ b/features/steps/project/builds/artifacts.rb
@@ -8,11 +8,6 @@ class Spinach::Features::ProjectBuildsArtifacts < Spinach::FeatureSteps
     page.within('.artifacts') { click_link 'Download' }
   end
 
-  step 'download of build artifacts archive starts' do
-    expect(page.response_headers['Content-Type']).to eq 'application/zip'
-    expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
-  end
-
   step 'I click artifacts browse button' do
     page.within('.artifacts') { click_link 'Browse' }
   end
diff --git a/features/steps/project/builds/permissions.rb b/features/steps/project/builds/permissions.rb
new file mode 100644
index 00000000000..6e9d6504fd5
--- /dev/null
+++ b/features/steps/project/builds/permissions.rb
@@ -0,0 +1,7 @@
+class Spinach::Features::ProjectBuildsPermissions < Spinach::FeatureSteps
+  include SharedAuthentication
+  include SharedProject
+  include SharedBuilds
+  include SharedPaths
+  include RepoHelpers
+end
diff --git a/features/steps/shared/builds.rb b/features/steps/shared/builds.rb
index a83d74e5946..f88b01af84e 100644
--- a/features/steps/shared/builds.rb
+++ b/features/steps/shared/builds.rb
@@ -1,11 +1,11 @@
 module SharedBuilds
   include Spinach::DSL
 
-  step 'CI is enabled' do
+  step 'project has CI enabled' do
     @project.enable_ci
   end
 
-  step 'I have recent build for my project' do
+  step 'project has a recent build' do
     ci_commit = create :ci_commit, project: @project, sha: sample_commit.id
     @build = create :ci_build, commit: ci_commit
   end
@@ -25,4 +25,13 @@ module SharedBuilds
     gzip = fixture_file_upload(metadata, 'application/x-gzip')
     @build.update_attributes(artifacts_metadata: gzip)
   end
+
+  step 'download of build artifacts archive starts' do
+    expect(page.response_headers['Content-Type']).to eq 'application/zip'
+    expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
+  end
+
+  step 'I access artifacts download page' do
+    visit download_namespace_project_build_artifacts_path(@project.namespace, @project, @build)
+  end
 end
diff --git a/features/steps/shared/project.rb b/features/steps/shared/project.rb
index d3501b5f5cb..d9c75d12238 100644
--- a/features/steps/shared/project.rb
+++ b/features/steps/shared/project.rb
@@ -7,6 +7,11 @@ module SharedProject
     @project.team << [@user, :master]
   end
 
+  step "project exists in some group namespace" do
+    @group = create(:group, name: 'some group')
+    @project = create(:project, namespace: @group)
+  end
+
   # Create a specific project called "Shop"
   step 'I own project "Shop"' do
     @project = Project.find_by(name: "Shop")
@@ -97,6 +102,18 @@ module SharedProject
     @project ||= Project.first
   end
 
+  # ----------------------------------------
+  # Project permissions
+  # ----------------------------------------
+
+  step 'I am member of a project with a guest role' do
+    @project.team << [@user, Gitlab::Access::GUEST]
+  end
+
+  step 'I am member of a project with a reporter role' do
+    @project.team << [@user, Gitlab::Access::REPORTER]
+  end
+
   # ----------------------------------------
   # Visibility of archived project
   # ----------------------------------------
@@ -229,5 +246,4 @@ module SharedProject
     project ||= create(:empty_project, visibility, name: project_name, namespace: user.namespace)
     project.team << [user, :master]
   end
-
 end
-- 
GitLab