access_matchers_for_controller.rb 2.66 KB
Newer Older
1 2
# AccessMatchersForController
#
3
# For testing authorize_xxx in controller.
4 5 6 7
module AccessMatchersForController
  extend RSpec::Matchers::DSL
  include Warden::Test::Helpers

8
  EXPECTED_STATUS_CODE_ALLOWED = [200, 201, 204, 302].freeze
Shinya Maeda's avatar
Shinya Maeda committed
9
  EXPECTED_STATUS_CODE_DENIED = [401, 404].freeze
10 11 12 13 14 15

  def emulate_user(role, membership = nil)
    case role
    when :admin
      user = create(:admin)
      sign_in(user)
Shinya Maeda's avatar
Shinya Maeda committed
16 17 18 19 20 21
    when :user
      user = create(:user)
      sign_in(user)
    when :external
      user = create(:user, external: true)
      sign_in(user)
Shinya Maeda's avatar
Shinya Maeda committed
22 23 24 25 26
    when :visitor
      user = nil
    when User
      user = role
      sign_in(user)
27
    when *Gitlab::Access.sym_options_with_owner.keys # owner, master, developer, reporter, guest
28 29
      raise ArgumentError, "cannot emulate #{role} without membership parent" unless membership

30
      user = create_user_by_membership(role, membership)
31 32 33 34 35 36 37 38
      sign_in(user)
    else
      raise ArgumentError, "cannot emulate user #{role}"
    end

    user
  end

39
  def create_user_by_membership(role, membership)
Shinya Maeda's avatar
Shinya Maeda committed
40 41 42 43 44 45
    if role == :owner && membership.owner
      user = membership.owner
    else
      user = create(:user)
      membership.public_send(:"add_#{role}", user)
    end
46

Shinya Maeda's avatar
Shinya Maeda committed
47 48 49
    user
  end

50
  def description_for(role, type, expected, result)
Shinya Maeda's avatar
Shinya Maeda committed
51
    "be #{type} for #{role}. Expected: #{expected.join(',')} Got: #{result}"
52 53
  end

54 55 56 57 58 59 60 61 62 63 64 65 66 67
  def update_owner(objects, user)
    return unless objects

    objects.each do |object|
      if object.respond_to?(:owner)
        object.update_attribute(:owner, user)
      elsif object.respond_to?(:user)
        object.update_attribute(:user, user)
      else
        raise ArgumentError, "cannot own this object #{object}"
      end
    end
  end

68
  matcher :be_allowed_for do |role|
Shinya Maeda's avatar
Shinya Maeda committed
69
    match do |action|
70 71
      user = emulate_user(role, @membership)
      update_owner(@objects, user)
Shinya Maeda's avatar
Shinya Maeda committed
72
      action.call
73 74 75 76 77 78 79 80

      EXPECTED_STATUS_CODE_ALLOWED.include?(response.status)
    end

    chain :of do |membership|
      @membership = membership
    end

Shinya Maeda's avatar
Shinya Maeda committed
81
    chain :own do |*objects|
82 83 84
      @objects = objects
    end

85 86 87 88 89 90
    description { description_for(role, 'allowed', EXPECTED_STATUS_CODE_ALLOWED, response.status) }
    supports_block_expectations
  end

  matcher :be_denied_for do |role|
    match do |action|
91 92
      user = emulate_user(role, @membership)
      update_owner(@objects, user)
Shinya Maeda's avatar
Shinya Maeda committed
93
      action.call
94 95 96 97 98 99 100 101

      EXPECTED_STATUS_CODE_DENIED.include?(response.status)
    end

    chain :of do |membership|
      @membership = membership
    end

Shinya Maeda's avatar
Shinya Maeda committed
102 103 104 105
    chain :own do |*objects|
      @objects = objects
    end

106 107 108 109
    description { description_for(role, 'denied', EXPECTED_STATUS_CODE_DENIED, response.status) }
    supports_block_expectations
  end
end