Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-26 21:08:03 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-26 21:08:03 +0300
commit: dc003cd08b4cb72fecbb03aa978ea0c53c03aeb4 (patch)
tree: 5e77ce228c33619201ac6706b9789d4a2eed2a3b /spec/controllers/projects/mirrors_controller_spec.rb
parent: e80e0dd64fbb04f60394cb1bb08e17dbcb22b8ce (diff)
1 files changed, 66 insertions, 0 deletions
diff --git a/spec/controllers/projects/mirrors_controller_spec.rb b/spec/controllers/projects/mirrors_controller_spec.rb
index 4362febda5c..3579e4aa2cf 100644
--- a/spec/controllers/projects/mirrors_controller_spec.rb
+++ b/spec/controllers/projects/mirrors_controller_spec.rb
@@ -5,6 +5,72 @@ require 'spec_helper'
 describe Projects::MirrorsController do
   include ReactiveCachingHelpers
 
+  shared_examples 'only admin is allowed when mirroring is disabled' do
+    let(:subject_action) { raise 'subject_action is required' }
+    let(:user) { project.owner }
+    let(:project_settings_path) { project_settings_repository_path(project, anchor: 'js-push-remote-settings') }
+
+    context 'when project mirroring is enabled' do
+      it 'allows requests from a maintainer' do
+        sign_in(user)
+
+        subject_action
+        expect(response).to redirect_to(project_settings_path)
+      end
+
+      it 'allows requests from an admin user' do
+        user.update!(admin: true)
+        sign_in(user)
+
+        subject_action
+        expect(response).to redirect_to(project_settings_path)
+      end
+    end
+
+    context 'when project mirroring is disabled' do
+      before do
+        stub_application_setting(mirror_available: false)
+      end
+
+      it 'disallows requests from a maintainer' do
+        sign_in(user)
+
+        subject_action
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+
+      it 'allows requests from an admin user' do
+        user.update!(admin: true)
+        sign_in(user)
+
+        subject_action
+        expect(response).to redirect_to(project_settings_path)
+      end
+    end
+  end
+
+  describe 'Access control' do
+    let(:project) { create(:project, :repository) }
+
+    describe '#update' do
+      include_examples 'only admin is allowed when mirroring is disabled' do
+        let(:subject_action) do
+          do_put(project, remote_mirrors_attributes: { '0' => { 'enabled' => 1, 'url' => 'http://foo.com' } })
+        end
+      end
+    end
+
+    describe '#update_now' do
+      include_examples 'only admin is allowed when mirroring is disabled' do
+        let(:options) { { namespace_id: project.namespace, project_id: project } }
+
+        let(:subject_action) do
+          get :update_now, params: options.merge(sync_remote: true)
+        end
+      end
+    end
+  end
+
   describe 'setting up a remote mirror' do
     let_it_be(:project) { create(:project, :repository) }
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-26 21:08:03 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-26 21:08:03 +0300
commit	dc003cd08b4cb72fecbb03aa978ea0c53c03aeb4 (patch)
tree	5e77ce228c33619201ac6706b9789d4a2eed2a3b /spec/controllers/projects/mirrors_controller_spec.rb
parent	e80e0dd64fbb04f60394cb1bb08e17dbcb22b8ce (diff)