diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 17:11:15 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 17:11:34 +0300 |
| commit | 222fda90362a3be9e54323af32234d038b99908d (patch) | |
| tree | 9678d10e85608009dfe340c635f979e1e2bcc3a6 /spec/finders/ci | |
| parent | 4279c892b46b4a9de9f0580cf011173e716ebf6c (diff) | |
Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee
Diffstat (limited to 'spec/finders/ci')
| -rw-r--r-- | spec/finders/ci/runner_jobs_finder_spec.rb | 53 |
1 files changed, 51 insertions, 2 deletions
diff --git a/spec/finders/ci/runner_jobs_finder_spec.rb b/spec/finders/ci/runner_jobs_finder_spec.rb index 3569582d70f..755b21ec08f 100644 --- a/spec/finders/ci/runner_jobs_finder_spec.rb +++ b/spec/finders/ci/runner_jobs_finder_spec.rb @@ -5,12 +5,17 @@ require 'spec_helper' RSpec.describe Ci::RunnerJobsFinder do let(:project) { create(:project) } let(:runner) { create(:ci_runner, :instance) } + let(:user) { create(:user) } + let(:params) { {} } - subject { described_class.new(runner, params).execute } + subject { described_class.new(runner, user, params).execute } + + before do + project.add_developer(user) + end describe '#execute' do context 'when params is empty' do - let(:params) { {} } let!(:job) { create(:ci_build, runner: runner, project: project) } let!(:job1) { create(:ci_build, project: project) } @@ -20,6 +25,50 @@ RSpec.describe Ci::RunnerJobsFinder do end end + context 'when the user has guest access' do + it 'does not returns jobs the user does not have permission to see' do + another_project = create(:project) + job = create(:ci_build, runner: runner, project: another_project) + + another_project.add_guest(user) + + is_expected.not_to match_array(job) + end + end + + context 'when the user has permission to read all resources' do + let(:user) { create(:user, :admin) } + + it 'returns all the jobs assigned to a runner' do + jobs = create_list(:ci_build, 5, runner: runner, project: project) + + is_expected.to match_array(jobs) + end + end + + context 'when the user has different access levels in different projects' do + it 'returns only the jobs the user has permission to see' do + guest_project = create(:project) + reporter_project = create(:project) + + _guest_jobs = create_list(:ci_build, 2, runner: runner, project: guest_project) + reporter_jobs = create_list(:ci_build, 3, runner: runner, project: reporter_project) + + guest_project.add_guest(user) + reporter_project.add_reporter(user) + + is_expected.to match_array(reporter_jobs) + end + end + + context 'when the user has reporter access level or greater' do + it 'returns jobs assigned to the Runner that the user has accesss to' do + jobs = create_list(:ci_build, 3, runner: runner, project: project) + + is_expected.to match_array(jobs) + end + end + context 'when params contains status' do Ci::HasStatus::AVAILABLE_STATUSES.each do |target_status| context "when status is #{target_status}" do |