public_access_spec.rb 10.5 KB
Newer Older
1 2
require 'spec_helper'

3
describe "Public Project Access", feature: true  do
4 5
  include AccessMatchers

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
6
  let(:project) { create(:project) }
7 8 9 10 11 12 13

  let(:master) { create(:user) }
  let(:guest) { create(:user) }
  let(:reporter) { create(:user) }

  before do
    # public project
14
    project.visibility_level = Gitlab::VisibilityLevel::PUBLIC
15 16 17 18 19 20 21 22 23 24 25 26
    project.save!

    # full access
    project.team << [master, :master]

    # readonly
    project.team << [reporter, :reporter]
  end

  describe "Project should be public" do
    subject { project }

27 28 29 30
    describe '#public?' do
      subject { super().public? }
      it { is_expected.to be_truthy }
    end
31 32 33
  end

  describe "GET /:project_path" do
Vinnie Okada's avatar
Vinnie Okada committed
34
    subject { namespace_project_path(project.namespace, project) }
35

36 37 38 39 40 41
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
42 43 44
  end

  describe "GET /:project_path/tree/master" do
Vinnie Okada's avatar
Vinnie Okada committed
45
    subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
46

47 48 49 50 51 52
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
53 54 55
  end

  describe "GET /:project_path/commits/master" do
Vinnie Okada's avatar
Vinnie Okada committed
56
    subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
57

58 59 60 61 62 63
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
64 65 66
  end

  describe "GET /:project_path/commit/:sha" do
Vinnie Okada's avatar
Vinnie Okada committed
67
    subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
68

69 70 71 72 73 74
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
75 76 77
  end

  describe "GET /:project_path/compare" do
Vinnie Okada's avatar
Vinnie Okada committed
78
    subject { namespace_project_compare_index_path(project.namespace, project) }
79

80 81 82 83 84 85
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
86 87
  end

88 89
  describe "GET /:project_path/project_members" do
    subject { namespace_project_project_members_path(project.namespace, project) }
90

91 92 93 94 95 96
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
97 98
  end

99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152
  describe "GET /:project_path/builds" do
    subject { namespace_project_builds_path(project.namespace, project) }

    context "when allowed for public" do
      before { project.update(public_builds: true) }

      it { is_expected.to be_allowed_for master }
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for guest }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context "when disallowed for public" do
      before { project.update(public_builds: false) }

      it { is_expected.to be_allowed_for master }
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for guest }
      it { is_expected.to be_denied_for :user }
      it { is_expected.to be_denied_for :visitor }
    end
  end

  describe "GET /:project_path/builds/:id" do
    let(:commit) { create(:ci_commit, project: project) }
    let(:build) { create(:ci_build, commit: commit) }
    subject { namespace_project_build_path(project.namespace, project, build.id) }

    context "when allowed for public" do
      before { project.update(public_builds: true) }

      it { is_expected.to be_allowed_for master }
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for guest }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context "when disallowed for public" do
      before { project.update(public_builds: false) }

      it { is_expected.to be_allowed_for master }
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for guest }
      it { is_expected.to be_denied_for :user }
      it { is_expected.to be_denied_for :visitor }
    end
  end

153 154 155
  describe "GET /:project_path/blob" do
    before do
      commit = project.repository.commit
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
156
      path = '.gitignore'
Vinnie Okada's avatar
Vinnie Okada committed
157
      @blob_path = namespace_project_blob_path(project.namespace, project, File.join(commit.id, path))
158 159
    end

160 161 162 163 164 165
    it { expect(@blob_path).to be_allowed_for master }
    it { expect(@blob_path).to be_allowed_for reporter }
    it { expect(@blob_path).to be_allowed_for :admin }
    it { expect(@blob_path).to be_allowed_for guest }
    it { expect(@blob_path).to be_allowed_for :user }
    it { expect(@blob_path).to be_allowed_for :visitor }
166 167 168
  end

  describe "GET /:project_path/edit" do
Vinnie Okada's avatar
Vinnie Okada committed
169
    subject { edit_namespace_project_path(project.namespace, project) }
170

171 172 173 174 175 176
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
177 178 179
  end

  describe "GET /:project_path/deploy_keys" do
Vinnie Okada's avatar
Vinnie Okada committed
180
    subject { namespace_project_deploy_keys_path(project.namespace, project) }
181

182 183 184 185 186 187
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
188 189 190
  end

  describe "GET /:project_path/issues" do
Vinnie Okada's avatar
Vinnie Okada committed
191
    subject { namespace_project_issues_path(project.namespace, project) }
192

193 194 195 196 197 198
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
199 200
  end

201 202 203 204 205 206 207 208 209 210 211 212
  describe "GET /:project_path/issues/:id/edit" do
    let(:issue) { create(:issue, project: project) }
    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }

    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
  end

213
  describe "GET /:project_path/snippets" do
Vinnie Okada's avatar
Vinnie Okada committed
214
    subject { namespace_project_snippets_path(project.namespace, project) }
215

216 217 218 219 220 221
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
222 223 224
  end

  describe "GET /:project_path/snippets/new" do
Vinnie Okada's avatar
Vinnie Okada committed
225
    subject { new_namespace_project_snippet_path(project.namespace, project) }
226

227 228 229 230 231 232
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
233 234 235
  end

  describe "GET /:project_path/merge_requests" do
Vinnie Okada's avatar
Vinnie Okada committed
236
    subject { namespace_project_merge_requests_path(project.namespace, project) }
237

238 239 240 241 242 243
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
244 245 246
  end

  describe "GET /:project_path/merge_requests/new" do
Vinnie Okada's avatar
Vinnie Okada committed
247
    subject { new_namespace_project_merge_request_path(project.namespace, project) }
248

249 250 251 252 253 254
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
255 256 257
  end

  describe "GET /:project_path/branches" do
Vinnie Okada's avatar
Vinnie Okada committed
258
    subject { namespace_project_branches_path(project.namespace, project) }
259 260 261

    before do
      # Speed increase
262
      allow_any_instance_of(Project).to receive(:branches).and_return([])
263 264
    end

265 266 267 268 269 270
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
271 272 273
  end

  describe "GET /:project_path/tags" do
Vinnie Okada's avatar
Vinnie Okada committed
274
    subject { namespace_project_tags_path(project.namespace, project) }
275 276 277

    before do
      # Speed increase
278
      allow_any_instance_of(Project).to receive(:tags).and_return([])
279 280
    end

281 282 283 284 285 286
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
287 288 289
  end

  describe "GET /:project_path/hooks" do
Vinnie Okada's avatar
Vinnie Okada committed
290
    subject { namespace_project_hooks_path(project.namespace, project) }
291

292 293 294 295 296 297
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
298 299
  end
end