diff options
Diffstat (limited to 'javatests/com/google/gerrit/acceptance/rest/project/CreateBranchIT.java')
| -rw-r--r-- | javatests/com/google/gerrit/acceptance/rest/project/CreateBranchIT.java | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/javatests/com/google/gerrit/acceptance/rest/project/CreateBranchIT.java b/javatests/com/google/gerrit/acceptance/rest/project/CreateBranchIT.java index 93ce255f62..33a7dc51cd 100644 --- a/javatests/com/google/gerrit/acceptance/rest/project/CreateBranchIT.java +++ b/javatests/com/google/gerrit/acceptance/rest/project/CreateBranchIT.java @@ -26,7 +26,10 @@ import static com.google.gerrit.testing.GerritJUnit.assertThrows; import com.google.common.collect.ImmutableList; import com.google.gerrit.acceptance.AbstractDaemonTest; import com.google.gerrit.acceptance.ExtensionRegistry; +import com.google.gerrit.acceptance.PushOneCommit; import com.google.gerrit.acceptance.RestResponse; +import com.google.gerrit.acceptance.TestAccount; +import com.google.gerrit.acceptance.testsuite.group.GroupOperations; import com.google.gerrit.acceptance.testsuite.project.ProjectOperations; import com.google.gerrit.acceptance.testsuite.request.RequestScopeOperations; import com.google.gerrit.entities.Account; @@ -61,6 +64,7 @@ import org.junit.Test; public class CreateBranchIT extends AbstractDaemonTest { @Inject private ProjectOperations projectOperations; @Inject private RequestScopeOperations requestScopeOperations; + @Inject private GroupOperations groupOperations; @Inject private ExtensionRegistry extensionRegistry; private BranchNameKey testBranch; @@ -410,6 +414,50 @@ public class CreateBranchIT extends AbstractDaemonTest { assertThat(ex).hasMessageThat().isEqualTo("ref must match URL"); } + @Test + public void createBranchRevisionVisibility() throws Exception { + AccountGroup.UUID privilegedGroupUuid = + groupOperations.newGroup().name(name("privilegedGroup")).create(); + TestAccount privilegedUser = + accountCreator.create( + "privilegedUser", "privilegedUser@example.com", "privilegedUser", null); + groupOperations.group(privilegedGroupUuid).forUpdate().addMember(privilegedUser.id()).update(); + projectOperations + .project(project) + .forUpdate() + .add(block(Permission.READ).ref("refs/heads/secret/*").group(REGISTERED_USERS)) + .add(allow(Permission.READ).ref("refs/heads/secret/*").group(privilegedGroupUuid)) + .add(allow(Permission.READ).ref("refs/heads/*").group(REGISTERED_USERS)) + .add(allow(Permission.CREATE).ref("refs/heads/*").group(REGISTERED_USERS)) + .add(allow(Permission.PUSH).ref("refs/heads/*").group(REGISTERED_USERS)) + .update(); + PushOneCommit push = + pushFactory.create(admin.newIdent(), testRepo, "Configure", "file.txt", "contents"); + PushOneCommit.Result result = push.to("refs/heads/secret/main"); + result.assertOkStatus(); + RevCommit secretCommit = result.getCommit(); + requestScopeOperations.setApiUser(privilegedUser.id()); + BranchInfo info = gApi.projects().name(project.get()).branch("refs/heads/secret/main").get(); + assertThat(info.revision).isEqualTo(secretCommit.name()); + TestAccount unprivileged = + accountCreator.create("unprivileged", "unprivileged@example.com", "unprivileged", null); + requestScopeOperations.setApiUser(unprivileged.id()); + assertThrows( + ResourceNotFoundException.class, + () -> gApi.projects().name(project.get()).branch("refs/heads/secret/main").get()); + BranchInput branchInput = new BranchInput(); + branchInput.ref = "public"; + branchInput.revision = secretCommit.name(); + assertThrows( + AuthException.class, + () -> gApi.projects().name(project.get()).branch(branchInput.ref).create(branchInput)); + + branchInput.revision = "refs/heads/secret/main"; + assertThrows( + AuthException.class, + () -> gApi.projects().name(project.get()).branch(branchInput.ref).create(branchInput)); + } + private void blockCreateReference() throws Exception { projectOperations .project(project) |