Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
a350b52c
Commit
a350b52c
authored
Dec 05, 2012
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rewrite project security model tests
parent
674efd38
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
94 additions
and
11 deletions
+94
-11
app/models/project.rb
app/models/project.rb
+12
-0
spec/models/project_security_spec.rb
spec/models/project_security_spec.rb
+82
-11
No files found.
app/models/project.rb
View file @
a350b52c
...
...
@@ -36,6 +36,10 @@ class Project < ActiveRecord::Base
# Relations
belongs_to
:group
,
foreign_key:
"namespace_id"
,
conditions:
"type = 'Group'"
belongs_to
:namespace
# TODO: replace owner with creator.
# With namespaces a project owner will be a namespace owner
# so this field makes sense only for global projects
belongs_to
:owner
,
class_name:
"User"
has_many
:users
,
through: :users_projects
has_many
:events
,
dependent: :destroy
...
...
@@ -296,4 +300,12 @@ class Project < ActiveRecord::Base
def
namespace_owner
namespace
.
try
(
:owner
)
end
def
chief
if
namespace
namespace_owner
else
owner
end
end
end
spec/models/project_security_spec.rb
View file @
a350b52c
...
...
@@ -4,38 +4,109 @@ describe Project do
describe
:authorization
do
before
do
@p1
=
create
(
:project
)
@u1
=
create
(
:user
)
@u2
=
create
(
:user
)
@u3
=
create
(
:user
)
@u4
=
@p1
.
chief
@abilities
=
Six
.
new
@abilities
<<
Ability
end
describe
"read access"
do
let
(
:guest_actions
)
{
Ability
.
project_guest_rules
}
let
(
:report_actions
)
{
Ability
.
project_report_rules
}
let
(
:dev_actions
)
{
Ability
.
project_dev_rules
}
let
(
:master_actions
)
{
Ability
.
project_master_rules
}
let
(
:admin_actions
)
{
Ability
.
project_admin_rules
}
describe
"Non member rules"
do
it
"should deny for non-project users any actions"
do
admin_actions
.
each
do
|
action
|
@abilities
.
allowed?
(
@u1
,
action
,
@p1
).
should
be_false
end
end
end
describe
"Guest Rules"
do
before
do
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u2
,
project_access:
UsersProject
::
GUEST
)
end
it
"should allow for project user any guest actions"
do
guest_actions
.
each
do
|
action
|
@abilities
.
allowed?
(
@u2
,
action
,
@p1
).
should
be_true
end
end
end
describe
"Report Rules"
do
before
do
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u2
,
project_access:
UsersProject
::
REPORTER
)
end
it
{
@abilities
.
allowed?
(
@u1
,
:read_project
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u2
,
:read_project
,
@p1
).
should
be_true
}
it
"should allow for project user any report actions"
do
report_actions
.
each
do
|
action
|
@abilities
.
allowed?
(
@u2
,
action
,
@p1
).
should
be_true
end
end
end
describe
"write access"
do
describe
"Developer Rules"
do
before
do
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u2
,
project_access:
UsersProject
::
REPORTER
)
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u3
,
project_access:
UsersProject
::
DEVELOPER
)
end
it
"should deny for developer master-specific actions"
do
[
dev_actions
-
report_actions
].
each
do
|
action
|
@abilities
.
allowed?
(
@u2
,
action
,
@p1
).
should
be_false
end
end
it
"should allow for project user any dev actions"
do
dev_actions
.
each
do
|
action
|
@abilities
.
allowed?
(
@u3
,
action
,
@p1
).
should
be_true
end
end
end
describe
"Master Rules"
do
before
do
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u2
,
project_access:
UsersProject
::
DEVELOPER
)
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u3
,
project_access:
UsersProject
::
MASTER
)
end
it
{
@abilities
.
allowed?
(
@u1
,
:write_project
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u2
,
:write_project
,
@p1
).
should
be_true
}
it
"should deny for developer master-specific actions"
do
[
master_actions
-
dev_actions
].
each
do
|
action
|
@abilities
.
allowed?
(
@u2
,
action
,
@p1
).
should
be_false
end
end
it
"should allow for project user any master actions"
do
master_actions
.
each
do
|
action
|
@abilities
.
allowed?
(
@u3
,
action
,
@p1
).
should
be_true
end
end
end
describe
"
admin acces
s"
do
describe
"
Admin Rule
s"
do
before
do
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u
1
,
project_access:
UsersProject
::
DEVELOPER
)
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u
2
,
project_access:
UsersProject
::
MASTER
)
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u
2
,
project_access:
UsersProject
::
DEVELOPER
)
@p1
.
users_projects
.
create
(
project:
@p1
,
user:
@u
3
,
project_access:
UsersProject
::
MASTER
)
end
it
{
@abilities
.
allowed?
(
@u1
,
:admin_project
,
@p1
).
should
be_false
}
it
{
@abilities
.
allowed?
(
@u2
,
:admin_project
,
@p1
).
should
be_true
}
it
"should deny for masters admin-specific actions"
do
[
admin_actions
-
master_actions
].
each
do
|
action
|
@abilities
.
allowed?
(
@u2
,
action
,
@p1
).
should
be_false
end
end
it
"should allow for project owner any admin actions"
do
admin_actions
.
each
do
|
action
|
@abilities
.
allowed?
(
@u4
,
action
,
@p1
).
should
be_true
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment