Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-01 10:27:36 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-01 10:27:36 +0300
commit: de222caa576cab3d0894c65531f5822f205877d5 (patch)
tree: e66805f398cfb22196e0181bef90066a0fe1b674 /spec
parent: 8a186dedfc1da12270ea77f2673b59fa08f770c1 (diff)
3 files changed, 82 insertions, 4 deletions
diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb
index 162c36f5069..f0fbbb65fa5 100644
--- a/spec/controllers/projects/jobs_controller_spec.rb
+++ b/spec/controllers/projects/jobs_controller_spec.rb
@@ -183,7 +183,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
         end
 
         context 'with web terminal' do
-          let(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline) }
+          let(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline, user: user) }
 
           it 'exposes the terminal path' do
             expect(response).to have_gitlab_http_status(:ok)
@@ -1285,7 +1285,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
 
     context 'when job exists' do
       context 'and it has a terminal' do
-        let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline) }
+        let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline, user: user) }
 
         it 'has a job' do
           get_terminal(id: job.id)
@@ -1296,7 +1296,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
       end
 
       context 'and does not have a terminal' do
-        let!(:job) { create(:ci_build, :running, pipeline: pipeline) }
+        let!(:job) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
         it 'returns not_found' do
           get_terminal(id: job.id)
@@ -1325,7 +1325,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
   end
 
   describe 'GET #terminal_websocket_authorize' do
-    let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline) }
+    let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline, user: user) }
 
     before do
       project.add_developer(user)
diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 1ec749fb394..fee4d76ca8f 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -405,4 +405,52 @@ RSpec.describe Ci::BuildPolicy do
       end
     end
   end
+
+  describe 'ability :create_build_terminal' do
+    let(:project) { create(:project, :private) }
+
+    subject { described_class.new(user, build) }
+
+    context 'when user can update_build' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      context 'when job has terminal' do
+        before do
+          allow(build).to receive(:has_terminal?).and_return(true)
+        end
+
+        context 'when current user is the job owner' do
+          before do
+            build.update!(user: user)
+          end
+
+          it { expect_allowed(:create_build_terminal) }
+        end
+
+        context 'when current user is not the job owner' do
+          it { expect_disallowed(:create_build_terminal) }
+        end
+      end
+
+      context 'when job does not have terminal' do
+        before do
+          allow(build).to receive(:has_terminal?).and_return(false)
+          build.update!(user: user)
+        end
+
+        it { expect_disallowed(:create_build_terminal) }
+      end
+    end
+
+    context 'when user cannot update build' do
+      before do
+        project.add_guest(user)
+        allow(build).to receive(:has_terminal?).and_return(true)
+      end
+
+      it { expect_disallowed(:create_build_terminal) }
+    end
+  end
 end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index ca4ca2eb7a0..b77ccb83509 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -396,6 +396,36 @@ RSpec.describe ProjectPolicy do
     end
   end
 
+  context 'importing members from another project' do
+    %w(maintainer owner).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_allowed(:import_project_members_from_another_project) }
+      end
+    end
+
+    %w(guest reporter developer anonymous).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_disallowed(:import_project_members_from_another_project) }
+      end
+    end
+
+    context 'with an admin' do
+      let(:current_user) { admin }
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it { expect_allowed(:import_project_members_from_another_project) }
+      end
+
+      context 'when admin mode is disabled' do
+        it { expect_disallowed(:import_project_members_from_another_project) }
+      end
+    end
+  end
+
   context 'reading usage quotas' do
     %w(maintainer owner).each do |role|
       context "with #{role}" do
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-01 10:27:36 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-01 10:27:36 +0300
commit	de222caa576cab3d0894c65531f5822f205877d5 (patch)
tree	e66805f398cfb22196e0181bef90066a0fe1b674 /spec
parent	8a186dedfc1da12270ea77f2673b59fa08f770c1 (diff)