Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
963b374d
Commit
963b374d
authored
Apr 06, 2017
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update the specs to not require a set to be returned
parent
80d6e5bb
Changes
12
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
303 additions
and
275 deletions
+303
-275
spec/models/ability_spec.rb
spec/models/ability_spec.rb
+7
-4
spec/policies/base_policy_spec.rb
spec/policies/base_policy_spec.rb
+3
-3
spec/policies/ci/build_policy_spec.rb
spec/policies/ci/build_policy_spec.rb
+14
-14
spec/policies/ci/trigger_policy_spec.rb
spec/policies/ci/trigger_policy_spec.rb
+7
-7
spec/policies/deploy_key_policy_spec.rb
spec/policies/deploy_key_policy_spec.rb
+6
-6
spec/policies/environment_policy_spec.rb
spec/policies/environment_policy_spec.rb
+6
-6
spec/policies/group_policy_spec.rb
spec/policies/group_policy_spec.rb
+62
-54
spec/policies/issue_policy_spec.rb
spec/policies/issue_policy_spec.rb
+61
-61
spec/policies/personal_snippet_policy_spec.rb
spec/policies/personal_snippet_policy_spec.rb
+34
-34
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+61
-52
spec/policies/project_snippet_policy_spec.rb
spec/policies/project_snippet_policy_spec.rb
+36
-28
spec/policies/user_policy_spec.rb
spec/policies/user_policy_spec.rb
+6
-6
No files found.
spec/models/ability_spec.rb
View file @
963b374d
...
...
@@ -2,8 +2,8 @@ require 'spec_helper'
describe
Ability
,
lib:
true
do
context
'using a nil subject'
do
it
'
is always empty
'
do
expect
(
Ability
.
allowed
(
nil
,
nil
).
to_set
).
to
be_empty
it
'
has no permissions
'
do
expect
(
Ability
.
policy_for
(
nil
,
nil
)).
to
be_banned
end
end
...
...
@@ -255,12 +255,15 @@ describe Ability, lib: true do
describe
'.project_disabled_features_rules'
do
let
(
:project
)
{
create
(
:empty_project
,
:wiki_disabled
)
}
subject
{
described_class
.
allowed
(
project
.
owner
,
project
)
}
subject
{
described_class
.
policy_for
(
project
.
owner
,
project
)
}
context
'wiki named abilities'
do
it
'disables wiki abilities if the project has no wiki'
do
expect
(
project
).
to
receive
(
:has_external_wiki?
).
and_return
(
false
)
expect
(
subject
).
not_to
include
(
:read_wiki
,
:create_wiki
,
:update_wiki
,
:admin_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:read_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:create_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:update_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:admin_wiki
)
end
end
end
...
...
spec/policies/base_policy_spec.rb
View file @
963b374d
...
...
@@ -3,17 +3,17 @@ require 'spec_helper'
describe
BasePolicy
,
models:
true
do
describe
'.class_for'
do
it
'detects policy class based on the subject ancestors'
do
expect
(
described_class
.
class_for
(
GenericCommitStatus
.
new
)).
to
eq
(
CommitStatusPolicy
)
expect
(
DeclarativePolicy
.
class_for
(
GenericCommitStatus
.
new
)).
to
eq
(
CommitStatusPolicy
)
end
it
'detects policy class for a presented subject'
do
presentee
=
Ci
::
BuildPresenter
.
new
(
Ci
::
Build
.
new
)
expect
(
described_class
.
class_for
(
presentee
)).
to
eq
(
Ci
::
BuildPolicy
)
expect
(
DeclarativePolicy
.
class_for
(
presentee
)).
to
eq
(
Ci
::
BuildPolicy
)
end
it
'uses GlobalPolicy when :global is given'
do
expect
(
described_class
.
class_for
(
:global
)).
to
eq
(
GlobalPolicy
)
expect
(
DeclarativePolicy
.
class_for
(
:global
)).
to
eq
(
GlobalPolicy
)
end
end
end
spec/policies/ci/build_policy_spec.rb
View file @
963b374d
...
...
@@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
)
}
let
(
:polic
ies
)
do
described_class
.
abilities
(
user
,
build
).
to_set
let
(
:polic
y
)
do
described_class
.
new
(
user
,
build
)
end
shared_context
'public pipelines disabled'
do
...
...
@@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
...
...
@@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
...
...
@@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
...
...
@@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
...
...
@@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
...
...
@@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
...
...
@@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
...
...
@@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
end
...
...
@@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do
end
it
'does not include ability to update build'
do
expect
(
polic
ies
).
not_to
include
:update_build
expect
(
polic
y
).
to
be_disallowed
:update_build
end
end
...
...
@@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do
end
it
'includes ability to update build'
do
expect
(
polic
ies
).
to
include
:update_build
expect
(
polic
y
).
to
be_allowed
:update_build
end
end
end
...
...
@@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do
let
(
:build
)
{
create
(
:ci_build
,
:manual
,
pipeline:
pipeline
)
}
it
'includes ability to update build'
do
expect
(
polic
ies
).
to
include
:update_build
expect
(
polic
y
).
to
be_allowed
:update_build
end
end
...
...
@@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
it
'includes ability to update build'
do
expect
(
polic
ies
).
to
include
:update_build
expect
(
polic
y
).
to
be_allowed
:update_build
end
end
end
...
...
spec/policies/ci/trigger_policy_spec.rb
View file @
963b374d
...
...
@@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do
let
(
:trigger
)
{
create
(
:ci_trigger
,
project:
project
,
owner:
owner
)
}
let
(
:policies
)
do
described_class
.
abilities
(
user
,
trigger
).
to_set
described_class
.
new
(
user
,
trigger
)
end
shared_examples
'allows to admin and manage trigger'
do
it
'does include ability to admin trigger'
do
expect
(
policies
).
to
include
:admin_trigger
expect
(
policies
).
to
be_allowed
:admin_trigger
end
it
'does include ability to manage trigger'
do
expect
(
policies
).
to
include
:manage_trigger
expect
(
policies
).
to
be_allowed
:manage_trigger
end
end
shared_examples
'allows to manage trigger'
do
it
'does not include ability to admin trigger'
do
expect
(
policies
).
not_to
include
:admin_trigger
expect
(
policies
).
not_to
be_allowed
:admin_trigger
end
it
'does include ability to manage trigger'
do
expect
(
policies
).
to
include
:manage_trigger
expect
(
policies
).
to
be_allowed
:manage_trigger
end
end
shared_examples
'disallows to admin and manage trigger'
do
it
'does not include ability to admin trigger'
do
expect
(
policies
).
not_to
include
:admin_trigger
expect
(
policies
).
not_to
be_allowed
:admin_trigger
end
it
'does not include ability to manage trigger'
do
expect
(
policies
).
not_to
include
:manage_trigger
expect
(
policies
).
not_to
be_allowed
:manage_trigger
end
end
...
...
spec/policies/deploy_key_policy_spec.rb
View file @
963b374d
require
'spec_helper'
describe
DeployKeyPolicy
,
models:
true
do
subject
{
described_class
.
abilities
(
current_user
,
deploy_key
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
deploy_key
)
}
describe
'updating a deploy_key'
do
context
'when a regular user'
do
...
...
@@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do
project
.
deploy_keys
<<
deploy_key
end
it
{
is_expected
.
to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
context
'tries to update private deploy key attached to other project'
do
...
...
@@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do
other_project
.
deploy_keys
<<
deploy_key
end
it
{
is_expected
.
not_to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_deploy_key
)
}
end
context
'tries to update public deploy key'
do
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
it
{
is_expected
.
not_to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_deploy_key
)
}
end
end
...
...
@@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do
context
' tries to update private deploy key'
do
let
(
:deploy_key
)
{
create
(
:deploy_key
,
public:
false
)
}
it
{
is_expected
.
to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
context
'when an admin user tries to update public deploy key'
do
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
it
{
is_expected
.
to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
end
end
...
...
spec/policies/environment_policy_spec.rb
View file @
963b374d
...
...
@@ -8,8 +8,8 @@ describe EnvironmentPolicy do
create
(
:environment
,
:with_review_app
,
project:
project
)
end
let
(
:polic
ies
)
do
described_class
.
abilities
(
user
,
environment
).
to_set
let
(
:polic
y
)
do
described_class
.
new
(
user
,
environment
)
end
describe
'#rules'
do
...
...
@@ -17,7 +17,7 @@ describe EnvironmentPolicy do
let
(
:project
)
{
create
(
:project
,
:private
)
}
it
'does not include ability to stop environment'
do
expect
(
polic
ies
).
not_to
include
:stop_environment
expect
(
polic
y
).
to
be_disallowed
:stop_environment
end
end
...
...
@@ -25,7 +25,7 @@ describe EnvironmentPolicy do
let
(
:project
)
{
create
(
:project
,
:public
)
}
it
'does not include ability to stop environment'
do
expect
(
polic
ies
).
not_to
include
:stop_environment
expect
(
polic
y
).
to
be_disallowed
:stop_environment
end
end
...
...
@@ -38,7 +38,7 @@ describe EnvironmentPolicy do
context
'when team member has ability to stop environment'
do
it
'does includes ability to stop environment'
do
expect
(
polic
ies
).
to
include
:stop_environment
expect
(
polic
y
).
to
be_allowed
:stop_environment
end
end
...
...
@@ -49,7 +49,7 @@ describe EnvironmentPolicy do
end
it
'does not include ability to stop environment'
do
expect
(
polic
ies
).
not_to
include
:stop_environment
expect
(
polic
y
).
to
be_disallowed
:stop_environment
end
end
end
...
...
spec/policies/group_policy_spec.rb
View file @
963b374d
...
...
@@ -36,16 +36,24 @@ describe GroupPolicy, models: true do
group
.
add_owner
(
owner
)
end
subject
{
described_class
.
abilities
(
current_user
,
group
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
group
)
}
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
context
'with no user'
do
let
(
:current_user
)
{
nil
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_disallowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -53,10 +61,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
guest
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_disallowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -64,10 +72,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
reporter
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -75,10 +83,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
developer
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -86,10 +94,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
master
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -97,10 +105,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
owner
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
master_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
...
...
@@ -108,10 +116,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
admin
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
master_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
...
...
@@ -130,16 +138,16 @@ describe GroupPolicy, models: true do
nested_group
.
add_owner
(
owner
)
end
subject
{
described_class
.
abilities
(
current_user
,
nested_group
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
nested_group
)
}
context
'with no user'
do
let
(
:current_user
)
{
nil
}
it
do
is_expected
.
not_to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
:read_group
)
expect_disallowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -147,10 +155,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
guest
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_disallowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -158,10 +166,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
reporter
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -169,10 +177,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
developer
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -180,10 +188,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
master
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -191,10 +199,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
owner
}
it
do
is_expected
.
to
include
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
:read_group
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
master_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
...
...
spec/policies/issue_policy_spec.rb
View file @
963b374d
...
...
@@ -9,7 +9,7 @@ describe IssuePolicy, models: true do
let
(
:reporter_from_group_link
)
{
create
(
:user
)
}
def
permissions
(
user
,
issue
)
described_class
.
abilities
(
user
,
issue
).
to_set
described_class
.
new
(
user
,
issue
)
end
context
'a private project'
do
...
...
@@ -30,42 +30,42 @@ describe IssuePolicy, models: true do
end
it
'does not allow non-members to read issues'
do
expect
(
permissions
(
non_member
,
issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows guests to read issues'
do
expect
(
permissions
(
guest
,
issue
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
it
'allows reporters to read, update, and admin issues'
do
expect
(
permissions
(
reporter
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows reporters from group links to read, update, and admin issues'
do
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows issue authors to read and update their issues'
do
expect
(
permissions
(
author
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
it
'allows issue assignees to read and update their issues'
do
expect
(
permissions
(
assignee
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
context
'with confidential issues'
do
...
...
@@ -73,37 +73,37 @@ describe IssuePolicy, models: true do
let
(
:confidential_issue_no_assignee
)
{
create
(
:issue
,
:confidential
,
project:
project
)
}
it
'does not allow non-members to read confidential issues'
do
expect
(
permissions
(
non_member
,
confidential_issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
confidential_issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'does not allow guests to read confidential issues'
do
expect
(
permissions
(
guest
,
confidential_issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows reporters to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows reporters from group links to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows issue authors to read and update their confidential issues'
do
expect
(
permissions
(
author
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows issue assignees to read and update their confidential issues'
do
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
end
...
...
@@ -123,37 +123,37 @@ describe IssuePolicy, models: true do
end
it
'allows guests to read issues'
do
expect
(
permissions
(
guest
,
issue
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
it
'allows reporters to read, update, and admin issues'
do
expect
(
permissions
(
reporter
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows reporters from group links to read, update, and admin issues'
do
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows issue authors to read and update their issues'
do
expect
(
permissions
(
author
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
it
'allows issue assignees to read and update their issues'
do
expect
(
permissions
(
assignee
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
context
'with confidential issues'
do
...
...
@@ -161,32 +161,32 @@ describe IssuePolicy, models: true do
let
(
:confidential_issue_no_assignee
)
{
create
(
:issue
,
:confidential
,
project:
project
)
}
it
'does not allow guests to read confidential issues'
do
expect
(
permissions
(
guest
,
confidential_issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows reporters to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows reporter from group links to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows issue authors to read and update their confidential issues'
do
expect
(
permissions
(
author
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
it
'allows issue assignees to read and update their confidential issues'
do
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
end
...
...
spec/policies/personal_snippet_policy_spec.rb
View file @
963b374d
...
...
@@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do
end
def
permissions
(
user
)
described_class
.
abilities
(
user
,
snippet
).
to_set
described_class
.
new
(
user
,
snippet
)
end
context
'public snippet'
do
...
...
@@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
nil
)
}
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
regular_user
)
}
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
snippet
.
author
)
}
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
*
author_permissions
)
end
end
end
...
...
@@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
nil
)
}
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
regular_user
)
}
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
external_user
)
}
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
snippet
.
author
)
}
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
*
author_permissions
)
end
end
end
...
...
@@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
nil
)
}
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
regular_user
)
}
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
external_user
)
}
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
snippet
.
author
)
}
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
*
author_permissions
)
end
end
end
...
...
spec/policies/project_policy_spec.rb
View file @
963b374d
...
...
@@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do
project
.
team
<<
[
reporter
,
:reporter
]
end
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
project
=
create
(
:empty_project
,
:private
)
issue
=
create
(
:issue
,
project:
project
)
user
=
issue
.
author
expect
(
project
.
team
.
member?
(
issue
.
author
)).
to
eq
(
false
)
expect
(
BasePolicy
.
class_for
(
project
).
abilities
(
user
,
project
).
can_set
)
.
not_to
include
(
:read_issue
)
expect
(
project
.
team
.
member?
(
issue
.
author
)).
to
be
false
expect
(
Ability
.
allowed?
(
user
,
:read_issue
,
project
)).
to
be_falsy
expect
(
Ability
).
not_to
be_allowed
(
user
,
:read_issue
,
project
)
end
it
'does not include the wiki permissions when the feature is disabled'
do
project
.
project_feature
.
update_attribute
(
:wiki_access_level
,
ProjectFeature
::
DISABLED
)
wiki_permissions
=
[
:read_wiki
,
:create_wiki
,
:update_wiki
,
:admin_wiki
,
:download_wiki_code
]
context
'when the feature is disabled'
do
subject
{
described_class
.
new
(
owner
,
project
)
}
permissions
=
described_class
.
abilities
(
owner
,
project
).
to_set
before
do
project
.
project_feature
.
update_attribute
(
:wiki_access_level
,
ProjectFeature
::
DISABLED
)
end
expect
(
permissions
).
not_to
include
(
*
wiki_permissions
)
it
'does not include the wiki permissions'
do
expect_disallowed
:read_wiki
,
:create_wiki
,
:update_wiki
,
:admin_wiki
,
:download_wiki_code
end
end
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:empty_project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
abilities
(
current_user
,
project
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
project
)
}
context
'with no user'
do
let
(
:current_user
)
{
nil
}
it
{
is_expected
.
to
be_
empty
}
it
{
is_expected
.
to
be_
banned
}
end
context
'guests'
do
...
...
@@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do
end
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
*
reporter_public_build_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
*
guest_permissions
)
expect_disallowed
(
*
reporter_public_build_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
context
'public builds enabled'
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
:read_build
,
:read_pipeline
)
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
:read_build
,
:read_pipeline
)
end
end
...
...
@@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do
end
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
not_to
include
(
:read_build
,
:read_pipeline
)
expect_allowed
(
*
guest_permissions
)
expect_disallowed
(
:read_build
,
:read_pipeline
)
end
end
...
...
@@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
reporter
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
dev
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
master
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
...
...
@@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
owner
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
master_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
...
...
@@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
admin
}
it
do
is_expected
.
to
include
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
master_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
...
...
spec/policies/project_snippet_policy_spec.rb
View file @
963b374d
...
...
@@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do
def
abilities
(
user
,
snippet_visibility
)
snippet
=
create
(
:project_snippet
,
snippet_visibility
,
project:
project
)
described_class
.
abilities
(
user
,
snippet
).
to_set
described_class
.
new
(
user
,
snippet
)
end
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
context
'public snippet'
do
...
...
@@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
nil
,
:public
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
regular_user
,
:public
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
external_user
,
:public
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
end
...
...
@@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
nil
,
:internal
)
}
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
regular_user
,
:internal
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
external_user
,
:internal
)
}
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do
end
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
end
...
...
@@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
nil
,
:private
)
}
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
regular_user
,
:private
)
}
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
context
'snippet author'
do
let
(
:snippet
)
{
create
(
:project_snippet
,
:private
,
author:
regular_user
,
project:
project
)
}
subject
{
described_class
.
abilities
(
regular_user
,
snippet
).
to_set
}
subject
{
described_class
(
regular_user
,
snippet
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_allowed
(
*
author_permissions
)
end
end
...
...
@@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do
end
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do
end
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_disallowed
(
*
author_permissions
)
end
end
...
...
@@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
create
(
:admin
),
:private
)
}
it
do
is_expected
.
to
include
(
:read_project_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
expect_allowed
(
:read_project_snippet
)
expect_allowed
(
*
author_permissions
)
end
end
end
...
...
spec/policies/user_policy_spec.rb
View file @
963b374d
...
...
@@ -4,34 +4,34 @@ describe UserPolicy, models: true do
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
subject
{
described_class
.
abilities
(
current_user
,
user
).
to_set
}
subject
{
UserPolicy
.
new
(
current_user
,
user
)
}
describe
"reading a user's information"
do
it
{
is_expected
.
to
include
(
:read_user
)
}
it
{
is_expected
.
to
be_allowed
(
:read_user
)
}
end
describe
"destroying a user"
do
context
"when a regular user tries to destroy another regular user"
do
it
{
is_expected
.
not_to
include
(
:destroy_user
)
}
it
{
is_expected
.
not_to
be_allowed
(
:destroy_user
)
}
end
context
"when a regular user tries to destroy themselves"
do
let
(
:current_user
)
{
user
}
it
{
is_expected
.
to
include
(
:destroy_user
)
}
it
{
is_expected
.
to
be_allowed
(
:destroy_user
)
}
end
context
"when an admin user tries to destroy a regular user"
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
{
is_expected
.
to
include
(
:destroy_user
)
}
it
{
is_expected
.
to
be_allowed
(
:destroy_user
)
}
end
context
"when an admin user tries to destroy a ghost user"
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:user
)
{
create
(
:user
,
:ghost
)
}
it
{
is_expected
.
not_to
include
(
:destroy_user
)
}
it
{
is_expected
.
not_to
be_allowed
(
:destroy_user
)
}
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment