Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
GitLab
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
projects.thm.de
GitLab
Commits
1e56b3f4
Commit
1e56b3f4
authored
Feb 02, 2018
by
Tiago Botelho
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Moves project creationg to git access check for git push
parent
839829a7
Changes
15
Hide whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
273 additions
and
234 deletions
+273
-234
GITLAB_SHELL_VERSION
GITLAB_SHELL_VERSION
+1
-1
app/controllers/projects/git_http_controller.rb
app/controllers/projects/git_http_controller.rb
+7
-12
app/services/projects/create_from_push_service.rb
app/services/projects/create_from_push_service.rb
+0
-37
doc/gitlab-basics/create-project.md
doc/gitlab-basics/create-project.md
+7
-10
lib/api/helpers/internal_helpers.rb
lib/api/helpers/internal_helpers.rb
+8
-12
lib/api/internal.rb
lib/api/internal.rb
+5
-10
lib/gitlab/checks/post_push_message.rb
lib/gitlab/checks/post_push_message.rb
+1
-1
lib/gitlab/checks/project_created.rb
lib/gitlab/checks/project_created.rb
+3
-3
lib/gitlab/checks/project_moved.rb
lib/gitlab/checks/project_moved.rb
+2
-2
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+56
-36
lib/gitlab/path_regex.rb
lib/gitlab/path_regex.rb
+1
-1
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+2
-1
spec/lib/gitlab/git_access_spec.rb
spec/lib/gitlab/git_access_spec.rb
+180
-48
spec/requests/api/internal_spec.rb
spec/requests/api/internal_spec.rb
+0
-26
spec/services/projects/create_from_push_service_spec.rb
spec/services/projects/create_from_push_service_spec.rb
+0
-34
No files found.
GITLAB_SHELL_VERSION
View file @
1e56b3f4
6.0.
2
6.0.
3
app/controllers/projects/git_http_controller.rb
View file @
1e56b3f4
...
...
@@ -11,7 +11,6 @@ class Projects::GitHttpController < Projects::GitHttpClientController
# GET /foo/bar.git/info/refs?service=git-receive-pack (git push)
def
info_refs
log_user_activity
if
upload_pack?
create_new_project
if
receive_pack?
&&
project
.
blank?
render_ok
end
...
...
@@ -36,10 +35,6 @@ def upload_pack?
git_command
==
'git-upload-pack'
end
def
receive_pack?
git_command
==
'git-receive-pack'
end
def
git_command
if
action_name
==
'info_refs'
params
[
:service
]
...
...
@@ -48,10 +43,6 @@ def git_command
end
end
def
create_new_project
@project
=
::
Projects
::
CreateFromPushService
.
new
(
user
,
params
[
:project_id
],
namespace
,
'http'
).
execute
end
def
render_ok
set_workhorse_internal_api_content_type
render
json:
Gitlab
::
Workhorse
.
git_http_ok
(
repository
,
wiki?
,
user
,
action_name
)
...
...
@@ -70,7 +61,10 @@ def render_422(exception)
end
def
access
@access
||=
access_klass
.
new
(
access_actor
,
project
,
'http'
,
authentication_abilities:
authentication_abilities
,
redirected_path:
redirected_path
,
target_namespace:
namespace
)
@access
||=
access_klass
.
new
(
access_actor
,
project
,
'http'
,
authentication_abilities:
authentication_abilities
,
namespace_path:
params
[
:namespace_id
],
project_path:
project_path
,
redirected_path:
redirected_path
)
end
def
access_actor
...
...
@@ -82,14 +76,15 @@ def access_check
# Use the magic string '_any' to indicate we do not know what the
# changes are. This is also what gitlab-shell does.
access
.
check
(
git_command
,
'_any'
)
@project
||=
access
.
project
end
def
access_klass
@access_klass
||=
wiki?
?
Gitlab
::
GitAccessWiki
:
Gitlab
::
GitAccess
end
def
namespace
@
namespace
||=
Namespace
.
find_by_full_path
(
params
[
:namespace_id
]
)
def
project_path
@
project_path
||=
params
[
:project_id
].
sub
(
/\.git$/
,
''
)
end
def
log_user_activity
...
...
app/services/projects/create_from_push_service.rb
deleted
100644 → 0
View file @
839829a7
module
Projects
class
CreateFromPushService
<
BaseService
attr_reader
:user
,
:project_path
,
:namespace
,
:protocol
def
initialize
(
user
,
project_path
,
namespace
,
protocol
)
@user
=
user
@project_path
=
project_path
@namespace
=
namespace
@protocol
=
protocol
end
def
execute
return
unless
user
project
=
Projects
::
CreateService
.
new
(
user
,
project_params
).
execute
if
project
.
saved?
Gitlab
::
Checks
::
ProjectCreated
.
new
(
project
,
user
,
protocol
).
add_message
else
raise
Gitlab
::
GitAccess
::
ProjectCreationError
,
"Could not create project:
#{
project
.
errors
.
full_messages
.
join
(
', '
)
}
"
end
project
end
private
def
project_params
{
description:
""
,
path:
project_path
.
gsub
(
/\.git$/
,
''
),
namespace_id:
namespace
&
.
id
,
visibility_level:
Gitlab
::
VisibilityLevel
::
PRIVATE
.
to_s
}
end
end
end
doc/gitlab-basics/create-project.md
View file @
1e56b3f4
...
...
@@ -39,18 +39,18 @@
When you create a new repo locally, instead of going to GitLab to manually
create a new project and then push the repo, you can directly push it to
GitLab to create the new project, all without leaving your terminal.
T
hat
will automatically create a new project under a GitLab namespace that you have access to
with its visibility set to private by default (you can later change it
).
GitLab to create the new project, all without leaving your terminal.
If you have access to t
hat
namespace, we will automatically create a new project under that GitLab namespace with its
visibility set to private by default (you can later change it in the UI
).
This can be done by using either SSH or HTTP:
```
## Git push using SSH
git push git@gitlab.
com:namespace/nonexistent-project.git branch_name
git push git@gitlab.
example.com:namespace/nonexistent-project.git
## Git push using HTTP
git push https://gitlab.
com/namespace/nonexistent-project.git branch_name
git push https://gitlab.
example.com/namespace/nonexistent-project.git
```
Once the push finishes successfully, a remote message will indicate
...
...
@@ -61,15 +61,12 @@ remote:
remote: The private project namespace/nonexistent-project was created.
remote:
remote: To configure the remote, run:
remote: git remote add origin https://gitlab.com/namespace/nonexistent-project.git
remote: git remote add origin https://gitlab.
example.
com/namespace/nonexistent-project.git
remote:
remote: To view the project, visit:
remote: https://gitlab.com/namespace/nonexistent-project
remote: https://gitlab.
example.
com/namespace/nonexistent-project
remote:
```
If the project name is already in use, your push will be rejected
to prevent accidental overwriting the existing project.
[
import it
]:
../workflow/importing/README.md
[
reserved
]:
../user/reserved_names.md
lib/api/helpers/internal_helpers.rb
View file @
1e56b3f4
module
API
module
Helpers
module
InternalHelpers
include
Gitlab
::
Utils
::
StrongMemoize
attr_reader
:redirected_path
def
wiki?
...
...
@@ -49,10 +47,6 @@ def log_user_activity(actor)
::
Users
::
ActivityService
.
new
(
actor
,
'Git SSH'
).
execute
if
commands
.
include?
(
params
[
:action
])
end
def
receive_pack?
params
[
:action
]
==
'git-receive-pack'
end
def
merge_request_urls
::
MergeRequests
::
GetUrlsService
.
new
(
project
).
execute
(
params
[
:changes
])
end
...
...
@@ -66,16 +60,18 @@ def redis_ping
false
end
def
project_namespace
strong_memoize
(
:project_namespace
)
do
project
&
.
namespace
||
Namespace
.
find_by_full_path
(
project_match
[
:namespace_path
])
end
def
project_path
project
&
.
path
||
project_path_match
[
:project_path
]
end
def
namespace_path
project
&
.
namespace
&
.
full_path
||
project_path_match
[
:namespace_path
]
end
private
def
project_match
@project_match
||=
params
[
:project
].
match
(
Gitlab
::
PathRegex
.
full_project_git_path_regex
)
||
{}
def
project_
path_
match
@project_
path_
match
||=
params
[
:project
].
match
(
Gitlab
::
PathRegex
.
full_project_git_path_regex
)
||
{}
end
# rubocop:disable Gitlab/ModuleWithInstanceVariables
...
...
lib/api/internal.rb
View file @
1e56b3f4
...
...
@@ -42,23 +42,18 @@ class Internal < Grape::API
end
access_checker_klass
=
wiki?
?
Gitlab
::
GitAccessWiki
:
Gitlab
::
GitAccess
access_checker
=
access_checker_klass
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
ssh_authentication_abilities
,
redirected_path:
redirected_path
,
target_namespace:
project_namespace
)
access_checker
=
access_checker_klass
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
ssh_authentication_abilities
,
namespace_path:
namespace_path
,
project_path:
project_path
,
redirected_path:
redirected_path
)
begin
access_checker
.
check
(
params
[
:action
],
params
[
:changes
])
@project
||=
access_checker
.
project
rescue
Gitlab
::
GitAccess
::
UnauthorizedError
,
Gitlab
::
GitAccess
::
NotFoundError
=>
e
return
{
status:
false
,
message:
e
.
message
}
end
if
receive_pack?
&&
project
.
blank?
begin
@project
=
::
Projects
::
CreateFromPushService
.
new
(
user
,
project_match
[
:project_path
],
project_namespace
,
protocol
).
execute
rescue
Gitlab
::
GitAccess
::
ProjectCreationError
=>
e
return
{
status:
false
,
message:
e
.
message
}
end
end
log_user_activity
(
actor
)
{
...
...
lib/gitlab/checks/
base_project
.rb
→
lib/gitlab/checks/
post_push_message
.rb
View file @
1e56b3f4
module
Gitlab
module
Checks
class
BaseProject
class
PostPushMessage
def
initialize
(
project
,
user
,
protocol
)
@project
=
project
@user
=
user
...
...
lib/gitlab/checks/project_created.rb
View file @
1e56b3f4
module
Gitlab
module
Checks
class
ProjectCreated
<
BaseProject
class
ProjectCreated
<
PostPushMessage
PROJECT_CREATED
=
"project_created"
.
freeze
def
message
<<~
MESSAGE
.
strip_heredoc
<<~
MESSAGE
The private project
#{
project
.
full_path
}
was created.
The private project
#{
project
.
full_path
}
was
successfully
created.
To configure the remote, run:
git remote add origin
#{
url_to_repo
}
...
...
lib/gitlab/checks/project_moved.rb
View file @
1e56b3f4
module
Gitlab
module
Checks
class
ProjectMoved
<
BaseProject
class
ProjectMoved
<
PostPushMessage
REDIRECT_NAMESPACE
=
"redirect_namespace"
.
freeze
def
initialize
(
project
,
user
,
protocol
,
redirected_path
)
...
...
@@ -10,7 +10,7 @@ def initialize(project, user, protocol, redirected_path)
end
def
message
(
rejected:
false
)
<<~
MESSAGE
.
strip_heredoc
<<~
MESSAGE
Project '
#{
redirected_path
}
' was moved to '
#{
project
.
full_path
}
'.
Please update your Git remote:
...
...
lib/gitlab/git_access.rb
View file @
1e56b3f4
...
...
@@ -28,32 +28,37 @@ class GitAccess
PUSH_COMMANDS
=
%w{ git-receive-pack }
.
freeze
ALL_COMMANDS
=
DOWNLOAD_COMMANDS
+
PUSH_COMMANDS
attr_reader
:actor
,
:project
,
:protocol
,
:authentication_abilities
,
:
redirected_path
,
:target_namespace
attr_reader
:actor
,
:project
,
:protocol
,
:authentication_abilities
,
:
namespace_path
,
:project_path
,
:redirected_path
def
initialize
(
actor
,
project
,
protocol
,
authentication_abilities
:,
redirected_path:
nil
,
target_namespace
:
nil
)
def
initialize
(
actor
,
project
,
protocol
,
authentication_abilities
:,
namespace_path:
nil
,
project_path:
nil
,
redirected_path
:
nil
)
@actor
=
actor
@project
=
project
@protocol
=
protocol
@redirected_path
=
redirected_path
@authentication_abilities
=
authentication_abilities
@target_namespace
=
target_namespace
@namespace_path
=
namespace_path
@project_path
=
project_path
@redirected_path
=
redirected_path
end
def
check
(
cmd
,
changes
)
check_protocol!
check_valid_actor!
check_active_user!
check_project_accessibility!
(
cmd
)
check_project_moved!
check_command_disabled!
(
cmd
)
check_command_existence!
(
cmd
)
check_repository_existence!
(
cmd
)
check_db_accessibility!
(
cmd
)
ensure_project_on_push!
(
cmd
,
changes
)
check_project_accessibility!
check_project_moved!
check_repository_existence!
case
cmd
when
*
DOWNLOAD_COMMANDS
check_download_access!
when
*
PUSH_COMMANDS
check_push_access!
(
c
md
,
c
hanges
)
check_push_access!
(
changes
)
end
true
...
...
@@ -99,8 +104,8 @@ def check_active_user!
end
end
def
check_project_accessibility!
(
cmd
)
unless
can_create_project_in_namespace?
(
cmd
)
||
can_read_project?
def
check_project_accessibility!
if
project
.
blank?
||
!
can_read_project?
raise
NotFoundError
,
ERROR_MESSAGES
[
:project_not_found
]
end
end
...
...
@@ -143,16 +148,49 @@ def check_command_existence!(cmd)
end
end
def
check_repository_existence!
(
cmd
)
unless
can_create_project_in_namespace?
(
cmd
)
||
project
.
repository
.
exists?
def
check_db_accessibility!
(
cmd
)
return
unless
receive_pack?
(
cmd
)
if
Gitlab
::
Database
.
read_only?
raise
UnauthorizedError
,
push_to_read_only_message
end
end
def
ensure_project_on_push!
(
cmd
,
changes
)
return
if
project
||
deploy_key?
return
unless
receive_pack?
(
cmd
)
&&
changes
==
'_any'
&&
authentication_abilities
.
include?
(
:push_code
)
namespace
=
Namespace
.
find_by_full_path
(
namespace_path
)
return
unless
user
&
.
can?
(
:create_projects
,
namespace
)
project_params
=
{
path:
project_path
,
namespace_id:
namespace
.
id
,
visibility_level:
Gitlab
::
VisibilityLevel
::
PRIVATE
}
project
=
Projects
::
CreateService
.
new
(
user
,
project_params
).
execute
unless
project
.
saved?
raise
ProjectCreationError
,
"Could not create project:
#{
project
.
errors
.
full_messages
.
join
(
', '
)
}
"
end
@project
=
project
user_access
.
project
=
@project
Checks
::
ProjectCreated
.
new
(
project
,
user
,
protocol
).
add_message
end
def
check_repository_existence!
unless
project
.
repository
.
exists?
raise
UnauthorizedError
,
ERROR_MESSAGES
[
:no_repo
]
end
end
def
check_download_access!
return
if
deploy_key?
passed
=
user_can_download_code?
||
passed
=
deploy_key?
||
user_can_download_code?
||
build_can_download_code?
||
guest_can_download_code?
...
...
@@ -161,13 +199,7 @@ def check_download_access!
end
end
def
check_push_access!
(
cmd
,
changes
)
if
Gitlab
::
Database
.
read_only?
raise
UnauthorizedError
,
push_to_read_only_message
end
return
if
can_create_project_in_namespace?
(
cmd
)
def
check_push_access!
(
changes
)
if
project
.
repository_read_only?
raise
UnauthorizedError
,
ERROR_MESSAGES
[
:read_only
]
end
...
...
@@ -180,8 +212,6 @@ def check_push_access!(cmd, changes)
raise
UnauthorizedError
,
ERROR_MESSAGES
[
:upload
]
end
return
if
changes
.
blank?
# Allow access.
check_change_access!
(
changes
)
end
...
...
@@ -198,6 +228,8 @@ def check_deploy_key_push_access!
end
def
check_change_access!
(
changes
)
return
if
changes
.
blank?
# Allow access.
changes_list
=
Gitlab
::
ChangesList
.
new
(
changes
)
# Iterate over all changes to find if user allowed all of them to be applied
...
...
@@ -240,14 +272,6 @@ def can_read_project?
end
||
Guest
.
can?
(
:read_project
,
project
)
end
def
can_create_project_in_namespace?
(
cmd
)
strong_memoize
(
:can_create_project_in_namespace
)
do
return
false
unless
push?
(
cmd
)
&&
target_namespace
&&
project
.
blank?
user
.
can?
(
:create_projects
,
target_namespace
)
end
end
def
http?
protocol
==
'http'
end
...
...
@@ -260,10 +284,6 @@ def receive_pack?(command)
command
==
'git-receive-pack'
end
def
push?
(
cmd
)
PUSH_COMMANDS
.
include?
(
cmd
)
end
def
upload_pack_disabled_over_http?
!
Gitlab
.
config
.
gitlab_shell
.
upload_pack
end
...
...
lib/gitlab/path_regex.rb
View file @
1e56b3f4
...
...
@@ -188,7 +188,7 @@ def full_project_path_regex
end
def
full_project_git_path_regex
@full_project_git_path_regex
||=
/\A\/?(?<namespace_path>
#{
full_namespace_route_regex
}
)\/(?<project_path>
#{
project_git_route_regex
}
)\z/
.
freeze
@full_project_git_path_regex
||=
%r{
\A\/
?(?<namespace_path>
#{
full_namespace_route_regex
}
)
\/
(?<project_path>
#{
project_route_regex
}
)
\.
git
\z
}
end
def
full_namespace_format_regex
...
...
lib/gitlab/user_access.rb
View file @
1e56b3f4
...
...
@@ -6,7 +6,8 @@ class UserAccess
[
user
&
.
id
,
project
&
.
id
]
end
attr_reader
:user
,
:project
attr_reader
:user
attr_accessor
:project
def
initialize
(
user
,
project:
nil
)
@user
=
user
...
...
spec/lib/gitlab/git_access_spec.rb
View file @
1e56b3f4
...
...
@@ -5,11 +5,19 @@
let
(
:actor
)
{
user
}
let
(
:project
)
{
create
(
:project
,
:repository
)
}
let
(
:project_path
)
{
project
.
path
}
let
(
:namespace_path
)
{
project
&
.
namespace
&
.
path
}
let
(
:protocol
)
{
'ssh'
}
let
(
:authentication_abilities
)
{
%i[read_project download_code push_code]
}
let
(
:redirected_path
)
{
nil
}
let
(
:access
)
{
described_class
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
authentication_abilities
,
redirected_path:
redirected_path
)
}
let
(
:access
)
do
described_class
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
authentication_abilities
,
namespace_path:
namespace_path
,
project_path:
project_path
,
redirected_path:
redirected_path
)
end
let
(
:push_access_check
)
{
access
.
check
(
'git-receive-pack'
,
'_any'
)
}
let
(
:pull_access_check
)
{
access
.
check
(
'git-upload-pack'
,
'_any'
)
}
...
...
@@ -145,6 +153,7 @@ def disable_protocol(protocol)
context
'when the project is nil'
do
let
(
:project
)
{
nil
}
let
(
:project_path
)
{
"new-project"
}
it
'blocks push and pull with "not found"'
do
aggregate_failures
do
...
...
@@ -154,7 +163,13 @@ def disable_protocol(protocol)
end
context
'when user is allowed to create project in namespace'
do
let
(
:access
)
{
described_class
.
new
(
actor
,
nil
,
protocol
,
authentication_abilities:
authentication_abilities
,
redirected_path:
redirected_path
,
target_namespace:
user
.
namespace
)
}
let
(
:namespace_path
)
{
user
.
namespace
.
path
}
let
(
:access
)
do
described_class
.
new
(
actor
,
nil
,
protocol
,
authentication_abilities:
authentication_abilities
,
project_path:
project_path
,
namespace_path:
namespace_path
,
redirected_path:
redirected_path
)
end
it
'blocks pull access with "not found"'
do
expect
{
pull_access_check
}.
to
raise_not_found
...
...
@@ -167,7 +182,13 @@ def disable_protocol(protocol)
context
'when user is not allowed to create project in namespace'
do
let
(
:user2
)
{
create
(
:user
)
}
let
(
:access
)
{
described_class
.
new
(
actor
,
nil
,
protocol
,
authentication_abilities:
authentication_abilities
,
redirected_path:
redirected_path
,
target_namespace:
user2
.
namespace
)
}
let
(
:namespace_path
)
{
user2
.
namespace
.
path
}
let
(
:access
)
do
described_class
.
new
(
actor
,
nil
,
protocol
,
authentication_abilities:
authentication_abilities
,
project_path:
project_path
,
namespace_path:
namespace_path
,
redirected_path:
redirected_path
)
end
it
'blocks push and pull with "not found"'
do
aggregate_failures
do
...
...
@@ -297,6 +318,52 @@ def disable_protocol(protocol)
end
end
describe
'#check_authentication_abilities!'
do
before
do
project
.
add_master
(
user
)
end
context
'when download'
do
let
(
:authentication_abilities
)
{
[]
}
it
'raises unauthorized with download error'
do
expect
{
pull_access_check
}.
to
raise_unauthorized
(
described_class
::
ERROR_MESSAGES
[
:download
])
end
context
'when authentication abilities include download code'
do
let
(
:authentication_abilities
)
{
[
:download_code
]
}
it
'does not raise any errors'
do
expect
{
pull_access_check
}.
not_to
raise_error
end
end
context
'when authentication abilities include build download code'
do
let
(
:authentication_abilities
)
{
[
:build_download_code
]
}
it
'does not raise any errors'
do
expect
{
pull_access_check
}.
not_to
raise_error
end
end
end
context
'when upload'
do
let
(
:authentication_abilities
)
{
[]
}
it
'raises unauthorized with push error'
do
expect
{
push_access_check
}.
to
raise_unauthorized
(
described_class
::
ERROR_MESSAGES
[
:upload
])
end
context
'when authentication abilities include push code'
do
let
(
:authentication_abilities
)
{
[
:push_code
]
}
it
'does not raise any errors'
do
expect
{
push_access_check
}.
not_to
raise_error
end
end
end
end
describe
'#check_command_disabled!'
do
before
do
project
.
add_master
(
user
)
...
...
@@ -335,34 +402,112 @@ def disable_protocol(protocol)
end
end
describe
'#check_namespace_accessibility!'
do
context
'when project exists'
do
context
'when user can pull or push'
do
before
do
project
.
add_master
(
user
)
describe
'#check_db_accessibility!'
do
context
'when in a read-only GitLab instance'
do
before
do
create
(
:protected_branch
,
name:
'feature'
,
project:
project
)
allow
(
Gitlab
::
Database
).
to
receive
(
:read_only?
)
{
true
}
end
it
{
expect
{
push_access_check
}.
to
raise_unauthorized
(
described_class
::
ERROR_MESSAGES
[
:cannot_push_to_read_only
])
}
end
end
describe
'#ensure_project_on_push!'
do
let
(
:access
)
do
described_class
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
authentication_abilities
,
project_path:
project_path
,
namespace_path:
namespace_path
,
redirected_path:
redirected_path
)
end
context
'when push'
do
let
(
:cmd
)
{
'git-receive-pack'
}
context
'when project does not exist'
do
let
(
:project_path
)
{
"nonexistent"
}
let
(
:project
)
{
nil
}
context
'when changes is _any'
do
let
(
:changes
)
{
'_any'
}
context
'when authentication abilities include push code'
do
let
(
:authentication_abilities
)
{
[
:push_code
]
}
context
'when user can create project in namespace'
do
let
(
:namespace_path
)
{
user
.
namespace
.
path
}
it
'creates a new project'
do
expect
{
access
.
send
(
:ensure_project_on_push!
,
cmd
,
changes
)
}.
to
change
{
Project
.
count
}.
by
(
1
)
end
end
context
'when user cannot create project in namespace'
do
let
(
:user2
)
{
create
(
:user
)
}
let
(
:namespace_path
)
{
user2
.
namespace
.
path
}
it
'does not create a new project'
do
expect
{
access
.
send
(
:ensure_project_on_push!
,
cmd
,
changes
)
}.
not_to
change
{
Project
.
count
}
end
end
end
context
'when authentication abilities do not include push code'
do
let
(
:authentication_abilities
)
{
[]
}
context
'when user can create project in namespace'
do
let
(
:namespace_path
)
{
user
.
namespace
.
path
}
it
'does not create a new project'
do
expect
{
access
.
send
(
:ensure_project_on_push!
,
cmd
,
changes
)
}.
not_to
change
{
Project
.
count
}
end
end
end
end
it
'does not block pull or push'
do
aggregate_failures
do
expect
{
push_access_check
}.
not_to
raise_error
expect
{
pull_access_check
}.
not_to
raise_error
context
'when check contains actual changes'
do
let
(
:changes
)
{
"
#{
Gitlab
::
Git
::
BLANK_SHA
}
570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/new_branch"
}
it
'does not create a new project'
do
expect
{
access
.
send
(
:ensure_project_on_push!
,
cmd
,
changes
)
}.
not_to
change
{
Project
.
count
}
end
end
end