Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-17 14:59:07 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-17 14:59:07 +0300
commit: 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch)
tree: 544930fb309b30317ae9797a9683768705d664c4 /spec/lib/gitlab/checks
parent: 4b1de649d0168371549608993deac953eb692019 (diff)
3 files changed, 69 insertions, 13 deletions
diff --git a/spec/lib/gitlab/checks/diff_check_spec.rb b/spec/lib/gitlab/checks/diff_check_spec.rb
index 2cca0aed9c6..f4daafb1d0e 100644
--- a/spec/lib/gitlab/checks/diff_check_spec.rb
+++ b/spec/lib/gitlab/checks/diff_check_spec.rb
@@ -7,7 +7,6 @@ RSpec.describe Gitlab::Checks::DiffCheck do
 
   describe '#validate!' do
     let(:owner) { create(:user) }
-    let!(:lock) { create(:lfs_file_lock, user: owner, project: project, path: 'README') }
 
     before do
       allow(project.repository).to receive(:new_commits).and_return(
@@ -28,13 +27,27 @@ RSpec.describe Gitlab::Checks::DiffCheck do
     end
 
     context 'with LFS enabled' do
+      let!(:lock) { create(:lfs_file_lock, user: owner, project: project, path: 'README') }
+
       before do
         allow(project).to receive(:lfs_enabled?).and_return(true)
       end
 
       context 'when change is sent by a different user' do
-        it 'raises an error if the user is not allowed to update the file' do
-          expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.name}")
+        context 'when diff check with paths rpc feature flag is true' do
+          it 'raises an error if the user is not allowed to update the file' do
+            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.name}")
+          end
+        end
+
+        context 'when diff check with paths rpc feature flag is false' do
+          before do
+            stub_feature_flags(diff_check_with_paths_changed_rpc: false)
+          end
+
+          it 'raises an error if the user is not allowed to update the file' do
+            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.name}")
+          end
         end
       end
 
@@ -53,6 +66,8 @@ RSpec.describe Gitlab::Checks::DiffCheck do
 
         expect_any_instance_of(Commit).to receive(:raw_deltas).and_call_original
 
+        stub_feature_flags(diff_check_with_paths_changed_rpc: false)
+
         subject.validate!
       end
 
diff --git a/spec/lib/gitlab/checks/push_check_spec.rb b/spec/lib/gitlab/checks/push_check_spec.rb
index 45ab13cf0cf..262438256b4 100644
--- a/spec/lib/gitlab/checks/push_check_spec.rb
+++ b/spec/lib/gitlab/checks/push_check_spec.rb
@@ -18,5 +18,26 @@ RSpec.describe Gitlab::Checks::PushCheck do
         expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to push code to this project.')
       end
     end
+
+    context 'when using a DeployKeyAccess instance' do
+      let(:deploy_key) { create(:deploy_key) }
+      let(:user_access) { Gitlab::DeployKeyAccess.new(deploy_key, container: project) }
+
+      context 'when the deploy key cannot push to the targetted branch' do
+        it 'raises an error' do
+          allow(user_access).to receive(:can_push_to_branch?).and_return(false)
+
+          expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You are not allowed to push code to this project.')
+        end
+      end
+
+      context 'when the deploy key can push to the targetted branch' do
+        it 'is valid' do
+          allow(user_access).to receive(:can_push_to_branch?).and_return(true)
+
+          expect { subject.validate! }.not_to raise_error
+        end
+      end
+    end
   end
 end
diff --git a/spec/lib/gitlab/checks/snippet_check_spec.rb b/spec/lib/gitlab/checks/snippet_check_spec.rb
index 037de8e9369..89417aaca4d 100644
--- a/spec/lib/gitlab/checks/snippet_check_spec.rb
+++ b/spec/lib/gitlab/checks/snippet_check_spec.rb
@@ -9,19 +9,30 @@ RSpec.describe Gitlab::Checks::SnippetCheck do
 
   let(:user_access) { Gitlab::UserAccessSnippet.new(user, snippet: snippet) }
   let(:default_branch) { snippet.default_branch }
+  let(:branch_name) { default_branch }
+  let(:creation) { false }
+  let(:deletion) { false }
 
-  subject { Gitlab::Checks::SnippetCheck.new(changes, default_branch: default_branch, logger: logger) }
+  subject { Gitlab::Checks::SnippetCheck.new(changes, default_branch: default_branch, root_ref: snippet.repository.root_ref, logger: logger) }
 
   describe '#validate!' do
     it 'does not raise any error' do
       expect { subject.validate! }.not_to raise_error
     end
 
+    shared_examples 'raises and logs error' do
+      specify do
+        expect(Gitlab::ErrorTracking).to receive(:log_exception).with(instance_of(Gitlab::GitAccess::ForbiddenError), default_branch: default_branch, branch_name: branch_name, creation: creation, deletion: deletion)
+
+        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can not create or delete branches.')
+      end
+    end
+
     context 'trying to delete the branch' do
       let(:newrev) { '0000000000000000000000000000000000000000' }
 
-      it 'raises an error' do
-        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can not create or delete branches.')
+      it_behaves_like 'raises and logs error' do
+        let(:deletion) { true }
       end
     end
 
@@ -29,14 +40,23 @@ RSpec.describe Gitlab::Checks::SnippetCheck do
       let(:oldrev) { '0000000000000000000000000000000000000000' }
       let(:ref) { 'refs/heads/feature' }
 
-      it 'raises an error' do
-        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can not create or delete branches.')
+      it_behaves_like 'raises and logs error' do
+        let(:creation) { true }
+        let(:branch_name) { 'feature' }
       end
 
-      context "when branch is 'master'" do
-        let(:ref) { 'refs/heads/master' }
+      context 'when branch is the same as the default branch' do
+        let(:ref) { "refs/heads/#{default_branch}" }
 
-        it "allows the operation" do
+        it 'allows the operation' do
+          expect { subject.validate! }.not_to raise_error
+        end
+      end
+
+      context 'when snippet has an empty repo' do
+        let_it_be(:snippet) { create(:personal_snippet, :empty_repo) }
+
+        it 'allows the operation' do
           expect { subject.validate! }.not_to raise_error
         end
       end
@@ -45,8 +65,8 @@ RSpec.describe Gitlab::Checks::SnippetCheck do
     context 'when default_branch is nil' do
       let(:default_branch) { nil }
 
-      it 'raises an error' do
-        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You can not create or delete branches.')
+      it_behaves_like 'raises and logs error' do
+        let(:branch_name) { 'master' }
       end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-17 14:59:07 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-17 14:59:07 +0300
commit	8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch)
tree	544930fb309b30317ae9797a9683768705d664c4 /spec/lib/gitlab/checks
parent	4b1de649d0168371549608993deac953eb692019 (diff)