Add latest changes from gitlab-org/gitlab@master

2 files changed, 92 insertions, 12 deletions

diff --git a/spec/finders/ci/runner_jobs_finder_spec.rb b/spec/finders/ci/runner_jobs_finder_spec.rb
index 3569582d70f..755b21ec08f 100644
--- a/spec/finders/ci/runner_jobs_finder_spec.rb
+++ b/spec/finders/ci/runner_jobs_finder_spec.rb
@@ -5,12 +5,17 @@ require 'spec_helper'
 RSpec.describe Ci::RunnerJobsFinder do
   let(:project) { create(:project) }
   let(:runner) { create(:ci_runner, :instance) }
+  let(:user) { create(:user) }
+  let(:params) { {} }
 
-  subject { described_class.new(runner, params).execute }
+  subject { described_class.new(runner, user, params).execute }
+
+  before do
+    project.add_developer(user)
+  end
 
   describe '#execute' do
     context 'when params is empty' do
-      let(:params) { {} }
       let!(:job) { create(:ci_build, runner: runner, project: project) }
       let!(:job1) { create(:ci_build, project: project) }
 
@@ -20,6 +25,50 @@ RSpec.describe Ci::RunnerJobsFinder do
       end
     end
 
+    context 'when the user has guest access' do
+      it 'does not returns jobs the user does not have permission to see' do
+        another_project = create(:project)
+        job = create(:ci_build, runner: runner, project: another_project)
+
+        another_project.add_guest(user)
+
+        is_expected.not_to match_array(job)
+      end
+    end
+
+    context 'when the user has permission to read all resources' do
+      let(:user) { create(:user, :admin) }
+
+      it 'returns all the jobs assigned to a runner' do
+        jobs = create_list(:ci_build, 5, runner: runner, project: project)
+
+        is_expected.to match_array(jobs)
+      end
+    end
+
+    context 'when the user has different access levels in different projects' do
+      it 'returns only the jobs the user has permission to see' do
+        guest_project = create(:project)
+        reporter_project = create(:project)
+
+        _guest_jobs = create_list(:ci_build, 2, runner: runner, project: guest_project)
+        reporter_jobs = create_list(:ci_build, 3, runner: runner, project: reporter_project)
+
+        guest_project.add_guest(user)
+        reporter_project.add_reporter(user)
+
+        is_expected.to match_array(reporter_jobs)
+      end
+    end
+
+    context 'when the user has reporter access level or greater' do
+      it 'returns jobs assigned to the Runner that the user has accesss to' do
+        jobs = create_list(:ci_build, 3, runner: runner, project: project)
+
+        is_expected.to match_array(jobs)
+      end
+    end
+
     context 'when params contains status' do
       Ci::HasStatus::AVAILABLE_STATUSES.each do |target_status|
         context "when status is #{target_status}" do
diff --git a/spec/finders/packages/conan/package_finder_spec.rb b/spec/finders/packages/conan/package_finder_spec.rb
index b26f8900090..6848786818b 100644
--- a/spec/finders/packages/conan/package_finder_spec.rb
+++ b/spec/finders/packages/conan/package_finder_spec.rb
@@ -2,22 +2,53 @@
 require 'spec_helper'
 
 RSpec.describe ::Packages::Conan::PackageFinder do
+  using RSpec::Parameterized::TableSyntax
+
+  let_it_be_with_reload(:project) { create(:project) }
   let_it_be(:user) { create(:user) }
-  let_it_be(:project) { create(:project, :public) }
+  let_it_be(:private_project) { create(:project, :private) }
+
+  let_it_be(:conan_package) { create(:conan_package, project: project) }
+  let_it_be(:conan_package2) { create(:conan_package, project: project) }
+  let_it_be(:errored_package) { create(:conan_package, :error, project: project) }
+  let_it_be(:private_package) { create(:conan_package, project: private_project) }
 
   describe '#execute' do
-    let!(:conan_package) { create(:conan_package, project: project) }
-    let!(:conan_package2) { create(:conan_package, project: project) }
+    let(:query) { "#{conan_package.name.split('/').first[0, 3]}%" }
+    let(:finder) { described_class.new(user, query: query) }
+
+    subject { finder.execute }
+
+    where(:visibility, :role, :packages_visible) do
+      :private  | :maintainer | true
+      :private  | :developer  | true
+      :private  | :reporter   | true
+      :private  | :guest      | false
+      :private  | :anonymous  | false
+
+      :internal | :maintainer | true
+      :internal | :developer  | true
+      :internal | :reporter   | true
+      :internal | :guest      | true
+      :internal | :anonymous  | false
+
+      :public   | :maintainer | true
+      :public   | :developer  | true
+      :public   | :reporter   | true
+      :public   | :guest      | true
+      :public   | :anonymous  | true
+    end
 
-    subject { described_class.new(user, query: query).execute }
+    with_them do
+      let(:expected_packages) { packages_visible ? [conan_package, conan_package2] : [] }
+      let(:user) { role == :anonymous ? nil : super() }
 
-    context 'packages that are not installable' do
-      let!(:conan_package3) { create(:conan_package, :error, project: project) }
-      let!(:non_visible_project) { create(:project, :private) }
-      let!(:non_visible_conan_package) { create(:conan_package, project: non_visible_project) }
-      let(:query) { "#{conan_package.name.split('/').first[0, 3]}%" }
+      before do
+        project.update_column(:visibility_level, Gitlab::VisibilityLevel.string_options[visibility.to_s])
+        project.add_user(user, role) unless role == :anonymous
+      end
 
-      it { is_expected.to eq [conan_package, conan_package2] }
+      it { is_expected.to eq(expected_packages) }
     end
   end
 end