diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-06 15:10:29 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-06 15:10:29 +0300 |
commit | 5564275a0b378298dc6281599cbfe71a937109ff (patch) | |
tree | a468e1e60046356410219c35c23a8a428c5e2c5e /spec/models/deploy_token_spec.rb | |
parent | d87918510a866a5fcbbc2f899ad65c6938ebf5f5 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/models/deploy_token_spec.rb')
-rw-r--r-- | spec/models/deploy_token_spec.rb | 170 |
1 files changed, 155 insertions, 15 deletions
diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 5c14d57cf18..568699cf3f6 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -7,6 +7,8 @@ describe DeployToken do it { is_expected.to have_many :project_deploy_tokens } it { is_expected.to have_many(:projects).through(:project_deploy_tokens) } + it { is_expected.to have_many :group_deploy_tokens } + it { is_expected.to have_many(:groups).through(:group_deploy_tokens) } it_behaves_like 'having unique enum values' @@ -17,6 +19,29 @@ describe DeployToken do it { is_expected.to allow_value('GitLab+deploy_token-3.14').for(:username) } it { is_expected.not_to allow_value('<script>').for(:username).with_message(username_format_message) } it { is_expected.not_to allow_value('').for(:username).with_message(username_format_message) } + it { is_expected.to validate_presence_of(:deploy_token_type) } + end + + describe 'deploy_token_type validations' do + context 'when a deploy token is associated to a group' do + it 'does not allow setting a project to it' do + group_token = create(:deploy_token, :group) + group_token.projects << build(:project) + + expect(group_token).not_to be_valid + expect(group_token.errors.full_messages).to include('Deploy token cannot have projects assigned') + end + end + + context 'when a deploy token is associated to a project' do + it 'does not allow setting a group to it' do + project_token = create(:deploy_token) + project_token.groups << build(:group) + + expect(project_token).not_to be_valid + expect(project_token.errors.full_messages).to include('Deploy token cannot have groups assigned') + end + end end describe '#ensure_token' do @@ -125,33 +150,148 @@ describe DeployToken do end end + describe '#holder' do + subject { deploy_token.holder } + + context 'when the token is of project type' do + it 'returns the relevant holder token' do + expect(subject).to eq(deploy_token.project_deploy_tokens.first) + end + end + + context 'when the token is of group type' do + let(:group) { create(:group) } + let(:deploy_token) { create(:deploy_token, :group) } + + it 'returns the relevant holder token' do + expect(subject).to eq(deploy_token.group_deploy_tokens.first) + end + end + end + describe '#has_access_to?' do let(:project) { create(:project) } subject { deploy_token.has_access_to?(project) } - context 'when deploy token is active and related to project' do - let(:deploy_token) { create(:deploy_token, projects: [project]) } + context 'when a project is not passed in' do + let(:project) { nil } - it { is_expected.to be_truthy } + it { is_expected.to be_falsy } end - context 'when deploy token is active but not related to project' do - let(:deploy_token) { create(:deploy_token) } + context 'when a project is passed in' do + context 'when deploy token is active and related to project' do + let(:deploy_token) { create(:deploy_token, projects: [project]) } - it { is_expected.to be_falsy } - end + it { is_expected.to be_truthy } + end - context 'when deploy token is revoked and related to project' do - let(:deploy_token) { create(:deploy_token, :revoked, projects: [project]) } + context 'when deploy token is active but not related to project' do + let(:deploy_token) { create(:deploy_token) } - it { is_expected.to be_falsy } - end + it { is_expected.to be_falsy } + end - context 'when deploy token is revoked and not related to the project' do - let(:deploy_token) { create(:deploy_token, :revoked) } + context 'when deploy token is revoked and related to project' do + let(:deploy_token) { create(:deploy_token, :revoked, projects: [project]) } - it { is_expected.to be_falsy } + it { is_expected.to be_falsy } + end + + context 'when deploy token is revoked and not related to the project' do + let(:deploy_token) { create(:deploy_token, :revoked) } + + it { is_expected.to be_falsy } + end + + context 'and when the token is of group type' do + let_it_be(:group) { create(:group) } + let(:deploy_token) { create(:deploy_token, :group) } + + before do + deploy_token.groups << group + end + + context 'and the allow_group_deploy_token feature flag is turned off' do + it 'is false' do + stub_feature_flags(allow_group_deploy_token: false) + + is_expected.to be_falsy + end + end + + context 'and the allow_group_deploy_token feature flag is turned on' do + before do + stub_feature_flags(allow_group_deploy_token: true) + end + + context 'and the passed-in project does not belong to any group' do + it { is_expected.to be_falsy } + end + + context 'and the passed-in project belongs to the token group' do + it 'is true' do + group.projects << project + + is_expected.to be_truthy + end + end + + context 'and the passed-in project belongs to a subgroup' do + let(:child_group) { create(:group, parent_id: group.id) } + let(:grandchild_group) { create(:group, parent_id: child_group.id) } + + before do + grandchild_group.projects << project + end + + context 'and the token group is an ancestor (grand-parent) of this group' do + it { is_expected.to be_truthy } + end + + context 'and the token group is not ancestor of this group' do + let(:child2_group) { create(:group, parent_id: group.id) } + + it 'is false' do + deploy_token.groups = [child2_group] + + is_expected.to be_falsey + end + end + end + + context 'and the passed-in project does not belong to the token group' do + it { is_expected.to be_falsy } + end + + context 'and the project belongs to a group that is parent of the token group' do + let(:super_group) { create(:group) } + let(:deploy_token) { create(:deploy_token, :group) } + let(:group) { create(:group, parent_id: super_group.id) } + + it 'is false' do + super_group.projects << project + + is_expected.to be_falsey + end + end + end + end + + context 'and the token is of project type' do + let(:deploy_token) { create(:deploy_token, projects: [project]) } + + context 'and the passed-in project is the same as the token project' do + it { is_expected.to be_truthy } + end + + context 'and the passed-in project is not the same as the token project' do + subject { deploy_token.has_access_to?(create(:project)) } + + it { is_expected.to be_falsey } + end + end end end @@ -183,7 +323,7 @@ describe DeployToken do end end - context 'when passign a value' do + context 'when passing a value' do let(:expires_at) { Date.today + 5.months } let(:deploy_token) { create(:deploy_token, expires_at: expires_at) } |