Skip to content
Snippets Groups Projects
Commit b09465f3 authored by Grzegorz Bizon's avatar Grzegorz Bizon
Browse files

Implement new rule for manual actions in policies

parent 7bcca228
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/policies/ci/build_policy.rb
+ 14
0
View file @ b09465f3
@@ -8,6 +8,20 @@ module Ci
@@ -8,6 +8,20 @@ module Ci
%w[read create update admin].each do |rule| %w[read create update admin].each do |rule|
cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build" cannot! :"#{rule}_commit_status" unless can? :"#{rule}_build"
end end
can! :play_build if can_play_action?
end
private
alias_method :build, :subject
def can_play_action?
return false unless build.playable?
::Gitlab::UserAccess
.new(user, project: build.project)
.can_push_to_branch?(build.ref)
end end
end end
end end
spec/policies/ci/build_policy_spec.rb
+ 53
0
View file @ b09465f3
@@ -89,5 +89,58 @@ describe Ci::BuildPolicy, :models do
@@ -89,5 +89,58 @@ describe Ci::BuildPolicy, :models do
end end
end end
end end
describe 'rules for manual actions' do
let(:project) { create(:project) }
before do
project.add_developer(user)
end
context 'when branch build is assigned to is protected' do
before do
create(:protected_branch, :no_one_can_push,
name: 'some-ref', project: project)
end
context 'when build is a manual action' do
let(:build) do
create(:ci_build, :manual, ref: 'some-ref', pipeline: pipeline)
end
it 'does not include ability to play build' do
expect(policies).not_to include :play_build
end
end
context 'when build is not a manual action' do
let(:build) do
create(:ci_build, ref: 'some-ref', pipeline: pipeline)
end
it 'does not include ability to play build' do
expect(policies).not_to include :play_build
end
end
end
context 'when branch build is assigned to is not protected' do
context 'when build is a manual action' do
let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
it 'includes ability to play build' do
expect(policies).to include :play_build
end
end
context 'when build is not a manual action' do
let(:build) { create(:ci_build, pipeline: pipeline) }
it 'does not include ability to play build' do
expect(policies).not_to include :play_build
end
end
end
end
end end
end end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment