Check if user can create package in pypi create package service
requested to merge gitlab-community/gitlab:323971-protected-packages-pypi-push-protection-check-if-user-can-create-package into master
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA
What does this MR do and why?
- This addition was motivated while working on another MR and noticing that:
- The user variable (used for testing) was not a member of the given project => this means that
user
variable did not reflect the real world as thePypi::CreatePackageService
usually receives a user that is project member - there was no test case for an unauthorized user in the pypi package creation service test.
- The user variable (used for testing) was not a member of the given project => this means that
- This MR intends to add this test case and the handling of unauthorized users in the service itself.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
MR Checklist (@gerardo-navarro)
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides
Screenshots or screen recordings
NA. No UI changes.
How to set up and validate locally
- Run the test cases of the pypi create package service
bundle exec rspec spec/services/packages/pypi/create_package_service_spec.rb
Related to #323971
Edited by Radamanthus Batnag