public_access_spec.rb 8.53 KB
Newer Older
1 2
require 'spec_helper'

3
describe "Public Project Access", feature: true  do
4 5
  include AccessMatchers

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
6
  let(:project) { create(:project) }
7 8 9 10 11 12 13

  let(:master) { create(:user) }
  let(:guest) { create(:user) }
  let(:reporter) { create(:user) }

  before do
    # public project
14
    project.visibility_level = Gitlab::VisibilityLevel::PUBLIC
15 16 17 18 19 20 21 22 23 24 25 26
    project.save!

    # full access
    project.team << [master, :master]

    # readonly
    project.team << [reporter, :reporter]
  end

  describe "Project should be public" do
    subject { project }

27 28 29 30
    describe '#public?' do
      subject { super().public? }
      it { is_expected.to be_truthy }
    end
31 32 33
  end

  describe "GET /:project_path" do
Vinnie Okada's avatar
Vinnie Okada committed
34
    subject { namespace_project_path(project.namespace, project) }
35

36 37 38 39 40 41
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
42 43 44
  end

  describe "GET /:project_path/tree/master" do
Vinnie Okada's avatar
Vinnie Okada committed
45
    subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
46

47 48 49 50 51 52
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
53 54 55
  end

  describe "GET /:project_path/commits/master" do
Vinnie Okada's avatar
Vinnie Okada committed
56
    subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
57

58 59 60 61 62 63
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
64 65 66
  end

  describe "GET /:project_path/commit/:sha" do
Vinnie Okada's avatar
Vinnie Okada committed
67
    subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
68

69 70 71 72 73 74
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
75 76 77
  end

  describe "GET /:project_path/compare" do
Vinnie Okada's avatar
Vinnie Okada committed
78
    subject { namespace_project_compare_index_path(project.namespace, project) }
79

80 81 82 83 84 85
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
86 87
  end

88 89
  describe "GET /:project_path/project_members" do
    subject { namespace_project_project_members_path(project.namespace, project) }
90

91 92 93 94 95 96
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
97 98 99 100 101
  end

  describe "GET /:project_path/blob" do
    before do
      commit = project.repository.commit
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
102
      path = '.gitignore'
Vinnie Okada's avatar
Vinnie Okada committed
103
      @blob_path = namespace_project_blob_path(project.namespace, project, File.join(commit.id, path))
104 105
    end

106 107 108 109 110 111
    it { expect(@blob_path).to be_allowed_for master }
    it { expect(@blob_path).to be_allowed_for reporter }
    it { expect(@blob_path).to be_allowed_for :admin }
    it { expect(@blob_path).to be_allowed_for guest }
    it { expect(@blob_path).to be_allowed_for :user }
    it { expect(@blob_path).to be_allowed_for :visitor }
112 113 114
  end

  describe "GET /:project_path/edit" do
Vinnie Okada's avatar
Vinnie Okada committed
115
    subject { edit_namespace_project_path(project.namespace, project) }
116

117 118 119 120 121 122
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
123 124 125
  end

  describe "GET /:project_path/deploy_keys" do
Vinnie Okada's avatar
Vinnie Okada committed
126
    subject { namespace_project_deploy_keys_path(project.namespace, project) }
127

128 129 130 131 132 133
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
134 135 136
  end

  describe "GET /:project_path/issues" do
Vinnie Okada's avatar
Vinnie Okada committed
137
    subject { namespace_project_issues_path(project.namespace, project) }
138

139 140 141 142 143 144
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
145 146
  end

147 148 149 150 151 152 153 154 155 156 157 158
  describe "GET /:project_path/issues/:id/edit" do
    let(:issue) { create(:issue, project: project) }
    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }

    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
  end

159
  describe "GET /:project_path/snippets" do
Vinnie Okada's avatar
Vinnie Okada committed
160
    subject { namespace_project_snippets_path(project.namespace, project) }
161

162 163 164 165 166 167
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
168 169 170
  end

  describe "GET /:project_path/snippets/new" do
Vinnie Okada's avatar
Vinnie Okada committed
171
    subject { new_namespace_project_snippet_path(project.namespace, project) }
172

173 174 175 176 177 178
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
179 180 181
  end

  describe "GET /:project_path/merge_requests" do
Vinnie Okada's avatar
Vinnie Okada committed
182
    subject { namespace_project_merge_requests_path(project.namespace, project) }
183

184 185 186 187 188 189
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
190 191 192
  end

  describe "GET /:project_path/merge_requests/new" do
Vinnie Okada's avatar
Vinnie Okada committed
193
    subject { new_namespace_project_merge_request_path(project.namespace, project) }
194

195 196 197 198 199 200
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
201 202 203
  end

  describe "GET /:project_path/branches" do
Vinnie Okada's avatar
Vinnie Okada committed
204
    subject { namespace_project_branches_path(project.namespace, project) }
205 206 207

    before do
      # Speed increase
208
      allow_any_instance_of(Project).to receive(:branches).and_return([])
209 210
    end

211 212 213 214 215 216
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
217 218 219
  end

  describe "GET /:project_path/tags" do
Vinnie Okada's avatar
Vinnie Okada committed
220
    subject { namespace_project_tags_path(project.namespace, project) }
221 222 223

    before do
      # Speed increase
224
      allow_any_instance_of(Project).to receive(:tags).and_return([])
225 226
    end

227 228 229 230 231 232
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
233 234 235
  end

  describe "GET /:project_path/hooks" do
Vinnie Okada's avatar
Vinnie Okada committed
236
    subject { namespace_project_hooks_path(project.namespace, project) }
237

238 239 240 241 242 243
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
244 245
  end
end