Merge branch 'git-access-tests' into 'master'

Gitlab::GitAccess tests

Fixes #1616

See merge request !1113

spec/lib/gitlab/git_access_spec.rb

+require 'spec_helper'
+
+describe Gitlab::GitAccess do
+  let(:access) { Gitlab::GitAccess.new }
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  describe 'download_allowed?' do
+    describe 'master permissions' do
+      before { project.team << [user, :master] }
+
+      context 'pull code' do
+        subject { access.download_allowed?(user, project) }
+
+        it { should be_true }
+      end
+    end
+
+    describe 'guest permissions' do
+      before { project.team << [user, :guest] }
+
+      context 'pull code' do
+        subject { access.download_allowed?(user, project) }
+
+        it { should be_false }
+      end
+    end
+
+    describe 'blocked user' do
+      before do
+        project.team << [user, :master]
+        user.block
+      end
+
+      context 'pull code' do
+        subject { access.download_allowed?(user, project) }
+
+        it { should be_false }
+      end
+    end
+
+    describe 'without acccess to project' do
+      context 'pull code' do
+        subject { access.download_allowed?(user, project) }
+
+        it { should be_false }
+      end
+    end
+  end
+
+  describe 'push_allowed?' do
+    def protect_feature_branch
+      create(:protected_branch, name: 'feature', project: project)
+    end
+
+    def changes
+      {
+        push_new_branch: '000000000 570e7b2ab refs/heads/wow',
+        push_master: '6f6d7e7ed 570e7b2ab refs/heads/master',
+        push_protected_branch: '6f6d7e7ed 570e7b2ab refs/heads/feature',
+        push_remove_protected_branch: '570e7b2ab 000000000 refs/heads/feature',
+        push_tag: '6f6d7e7ed 570e7b2ab refs/tags/v1.0.0',
+        push_new_tag: '000000000 570e7b2ab refs/tags/v7.8.9',
+        push_all: ['6f6d7e7ed 570e7b2ab refs/heads/master', '6f6d7e7ed 570e7b2ab refs/heads/feature']
+      }
+    end
+
+    def self.permissions_matrix
+      {
+        master: {
+          push_new_branch: true,
+          push_master: true,
+          push_protected_branch: true,
+          push_remove_protected_branch: false,
+          push_tag: true,
+          push_new_tag: true,
+          push_all: true,
+        },
+
+        developer: {
+          push_new_branch: true,
+          push_master: true,
+          push_protected_branch: false,
+          push_remove_protected_branch: false,
+          push_tag: false,
+          push_new_tag: true,
+          push_all: false,
+        },
+
+        reporter: {
+          push_new_branch: false,
+          push_master: false,
+          push_protected_branch: false,
+          push_remove_protected_branch: false,
+          push_tag: false,
+          push_new_tag: false,
+          push_all: false,
+        },
+
+        guest: {
+          push_new_branch: false,
+          push_master: false,
+          push_protected_branch: false,
+          push_remove_protected_branch: false,
+          push_tag: false,
+          push_new_tag: false,
+          push_all: false,
+        }
+      }
+    end
+
+    permissions_matrix.keys.each do |role|
+      describe "#{role} access" do
+        before { protect_feature_branch }
+        before { project.team << [user, role] }
+
+        permissions_matrix[role].each do |action, allowed|
+          context action do
+            subject { access.push_allowed?(user, project, changes[action]) }
+
+            it { should allowed ? be_true : be_false }
+          end
+        end
+      end
+    end
+  end
+end