1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe DeployTokens::TokensFinder do
include AdminModeHelper
let_it_be(:admin) { create(:admin) }
let_it_be(:user) { create(:user) }
let_it_be(:other_user) { create(:user) }
let_it_be(:project) { create(:project, creator_id: user.id) }
let_it_be(:group) { create(:group) }
let!(:project_deploy_token) { create(:deploy_token, projects: [project]) }
let!(:revoked_project_deploy_token) { create(:deploy_token, projects: [project], revoked: true) }
let!(:expired_project_deploy_token) { create(:deploy_token, projects: [project], expires_at: '1988-01-11T04:33:04-0600') }
let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }
let!(:revoked_group_deploy_token) { create(:deploy_token, :group, groups: [group], revoked: true) }
let!(:expired_group_deploy_token) { create(:deploy_token, :group, groups: [group], expires_at: '1988-01-11T04:33:04-0600') }
describe "#execute" do
let(:params) { {} }
context 'when scope is :all' do
subject { described_class.new(admin, :all, params).execute }
before do
enable_admin_mode!(admin)
end
it 'returns all deploy tokens' do
expect(subject.size).to eq(6)
is_expected.to match_array([
project_deploy_token,
revoked_project_deploy_token,
expired_project_deploy_token,
group_deploy_token,
revoked_group_deploy_token,
expired_group_deploy_token
])
end
context 'and active filter is applied' do
let(:params) { { active: true } }
it 'returns only active tokens' do
is_expected.to match_array([
project_deploy_token,
group_deploy_token
])
end
end
context 'but user is not an admin' do
subject { described_class.new(user, :all, params).execute }
it 'raises Gitlab::Access::AccessDeniedError' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
context 'when scope is a Project' do
subject { described_class.new(user, project, params).execute }
before do
project.add_maintainer(user)
end
it 'returns all deploy tokens for the project' do
is_expected.to match_array([
project_deploy_token,
revoked_project_deploy_token,
expired_project_deploy_token
])
end
context 'and active filter is applied' do
let(:params) { { active: true } }
it 'returns only active tokens for the project' do
is_expected.to match_array([project_deploy_token])
end
end
context 'but user is not a member' do
subject { described_class.new(other_user, :all, params).execute }
it 'raises Gitlab::Access::AccessDeniedError' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
context 'when scope is a Group' do
subject { described_class.new(user, group, params).execute }
before do
group.add_maintainer(user)
end
it 'returns all deploy tokens for the group' do
is_expected.to match_array([
group_deploy_token,
revoked_group_deploy_token,
expired_group_deploy_token
])
end
context 'and active filter is applied' do
let(:params) { { active: true } }
it 'returns only active tokens for the group' do
is_expected.to match_array([group_deploy_token])
end
end
context 'but user is not a member' do
subject { described_class.new(other_user, :all, params).execute }
it 'raises Gitlab::Access::AccessDeniedError' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
context 'when scope is nil' do
subject { described_class.new(user, nil, params).execute }
it 'raises ArgumentError' do
expect { subject }.to raise_error(ArgumentError)
end
end
end
end
|