From d06df33daa0013bfec624ee0ab3ef72e92b0f1cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Mon, 25 Jul 2016 18:35:00 +0200
Subject: [PATCH] Ensure current user can retry a build before showing the
'Retry' button
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Rémy Coutable <remy@rymai.me>
---
CHANGELOG | 1 +
app/views/projects/builds/_sidebar.html.haml | 2 +-
spec/features/builds_spec.rb | 30 +++++++++++++++++---
3 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index ef8c72f4aa21..3a61ce4c0d63 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -20,6 +20,7 @@ v 8.10.2 (unreleased)
- Disable MySQL foreign key checks before dropping all tables. !5472
- Use project ID in repository cache to prevent stale data from persisting across projects. !5460
- Ensure relative paths for video are rewritten as we do for images. !5474
+ - Ensure current user can retry a build before showing the 'Retry' button. !5476
v 8.10.1
- Refactor repository storages documentation. !5428
diff --git a/app/views/projects/builds/_sidebar.html.haml b/app/views/projects/builds/_sidebar.html.haml
index dc57b49f27a7..b89183c40dce 100644
--- a/app/views/projects/builds/_sidebar.html.haml
+++ b/app/views/projects/builds/_sidebar.html.haml
@@ -40,7 +40,7 @@
.block{ class: ("block-first" if !@build.coverage && !(can?(current_user, :read_build, @project) && (@build.artifacts? || @build.artifacts_expired?))) }
.title
Build details
- - if @build.retryable?
+ - if can?(current_user, :update_build, @build) && @build.retryable?
= link_to "Retry", retry_namespace_project_build_path(@project.namespace, @project, @build), class: 'pull-right', method: :post
- if @build.merge_request
%p.build-detail-row
diff --git a/spec/features/builds_spec.rb b/spec/features/builds_spec.rb
index cab3dc1d167c..0cfeb2e57d8e 100644
--- a/spec/features/builds_spec.rb
+++ b/spec/features/builds_spec.rb
@@ -199,9 +199,13 @@
click_link 'Retry'
end
- it { expect(page.status_code).to eq(200) }
- it { expect(page).to have_content 'pending' }
- it { expect(page).to have_content 'Cancel' }
+ it 'shows the right status and buttons' do
+ expect(page).to have_http_status(200)
+ expect(page).to have_content 'pending'
+ page.within('aside.right-sidebar') do
+ expect(page).to have_content 'Cancel'
+ end
+ end
end
context "Build from other project" do
@@ -212,7 +216,25 @@
page.driver.post(retry_namespace_project_build_path(@project.namespace, @project, @build2))
end
- it { expect(page.status_code).to eq(404) }
+ it { expect(page).to have_http_status(404) }
+ end
+
+ context "Build that current user is not allowed to retry" do
+ before do
+ @build.run!
+ @build.cancel!
+ @project.update(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+
+ logout_direct
+ login_with(create(:user))
+ visit namespace_project_build_path(@project.namespace, @project, @build)
+ end
+
+ it 'does not show the Retry button' do
+ page.within('aside.right-sidebar') do
+ expect(page).not_to have_content 'Retry'
+ end
+ end
end
end
--
GitLab