Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
1983d05c
Commit
1983d05c
authored
Mar 26, 2019
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[CE] Reduce the diff with EE in spec/policies/project_policy_spec.rb
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
9aca2ccf
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
379 additions
and
373 deletions
+379
-373
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+2
-322
spec/policies/project_snippet_policy_spec.rb
spec/policies/project_snippet_policy_spec.rb
+50
-51
spec/support/shared_context/policies/project_policy_shared_context.rb
.../shared_context/policies/project_policy_shared_context.rb
+96
-0
spec/support/shared_examples/policies/project_policy_shared_examples.rb
...hared_examples/policies/project_policy_shared_examples.rb
+231
-0
No files found.
spec/policies/project_policy_spec.rb
View file @
1983d05c
require
'spec_helper'
require
'spec_helper'
describe
ProjectPolicy
do
describe
ProjectPolicy
do
set
(
:guest
)
{
create
(
:user
)
}
include_context
'ProjectPolicy context'
set
(
:reporter
)
{
create
(
:user
)
}
set
(
:developer
)
{
create
(
:user
)
}
set
(
:maintainer
)
{
create
(
:user
)
}
set
(
:owner
)
{
create
(
:user
)
}
set
(
:admin
)
{
create
(
:admin
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
namespace:
owner
.
namespace
)
}
let
(
:base_guest_permissions
)
do
%i[
read_project read_board read_list read_wiki read_issue
read_project_for_iids read_issue_iid read_label
read_milestone read_project_snippet read_project_member read_note
create_project create_issue create_note upload_file create_merge_request_in
award_emoji read_release
]
end
let
(
:base_reporter_permissions
)
do
%i[
download_code fork_project create_project_snippet update_issue
admin_issue admin_label admin_list read_commit_status read_build
read_container_image read_pipeline read_environment read_deployment
read_merge_request download_wiki_code read_sentry_issue
]
end
let
(
:team_member_reporter_permissions
)
do
%i[build_download_code build_read_container_image]
end
let
(
:developer_permissions
)
do
%i[
admin_milestone admin_merge_request update_merge_request create_commit_status
update_commit_status create_build update_build create_pipeline
update_pipeline create_merge_request_from create_wiki push_code
resolve_note create_container_image update_container_image
create_environment create_deployment create_release update_release
]
end
let
(
:base_maintainer_permissions
)
do
%i[
push_to_delete_protected_branch update_project_snippet update_environment
update_deployment admin_project_snippet admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment admin_deployment destroy_release add_cluster
daily_statistics
]
end
let
(
:public_permissions
)
do
%i[
download_code fork_project read_commit_status read_pipeline
read_container_image build_download_code build_read_container_image
download_wiki_code read_release
]
end
let
(
:owner_permissions
)
do
%i[
change_namespace change_visibility_level rename_project remove_project
archive_project remove_fork_project destroy_merge_request destroy_issue
set_issue_iid set_issue_created_at set_note_created_at
]
end
# Used in EE specs
let
(
:additional_guest_permissions
)
{
[]
}
let
(
:additional_reporter_permissions
)
{
[]
}
let
(
:additional_maintainer_permissions
)
{
[]
}
let
(
:guest_permissions
)
{
base_guest_permissions
+
additional_guest_permissions
}
let
(
:reporter_permissions
)
{
base_reporter_permissions
+
additional_reporter_permissions
}
let
(
:maintainer_permissions
)
{
base_maintainer_permissions
+
additional_maintainer_permissions
}
before
do
project
.
add_guest
(
guest
)
project
.
add_maintainer
(
maintainer
)
project
.
add_developer
(
developer
)
project
.
add_reporter
(
reporter
)
end
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
project
=
create
(
:project
,
:private
)
project
=
create
(
:project
,
:private
)
...
@@ -140,7 +51,7 @@ describe ProjectPolicy do
...
@@ -140,7 +51,7 @@ describe ProjectPolicy do
end
end
it
'disables boards and lists permissions'
do
it
'disables boards and lists permissions'
do
expect_disallowed
:read_board
,
:create_board
,
:update_board
,
:admin_board
expect_disallowed
:read_board
,
:create_board
,
:update_board
expect_disallowed
:read_list
,
:create_list
,
:update_list
,
:admin_list
expect_disallowed
:read_list
,
:create_list
,
:update_list
,
:admin_list
end
end
...
@@ -237,237 +148,6 @@ describe ProjectPolicy do
...
@@ -237,237 +148,6 @@ describe ProjectPolicy do
end
end
end
end
shared_examples
'archived project policies'
do
let
(
:feature_write_abilities
)
do
described_class
::
READONLY_FEATURES_WHEN_ARCHIVED
.
flat_map
do
|
feature
|
described_class
.
create_update_admin_destroy
(
feature
)
end
end
let
(
:other_write_abilities
)
do
%i[
create_merge_request_in
create_merge_request_from
push_to_delete_protected_branch
push_code
request_access
upload_file
resolve_note
award_emoji
]
end
context
'when the project is archived'
do
before
do
project
.
archived
=
true
end
it
'disables write actions on all relevant project features'
do
expect_disallowed
(
*
feature_write_abilities
)
end
it
'disables some other important write actions'
do
expect_disallowed
(
*
other_write_abilities
)
end
it
'does not disable other abilities'
do
expect_allowed
(
*
(
regular_abilities
-
feature_write_abilities
-
other_write_abilities
))
end
end
end
shared_examples
'project policies as anonymous'
do
context
'abilities for public projects'
do
context
'when a project has pending invites'
do
let
(
:group
)
{
create
(
:group
,
:public
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
namespace:
group
)
}
let
(
:user_permissions
)
{
[
:create_merge_request_in
,
:create_project
,
:create_issue
,
:create_note
,
:upload_file
,
:award_emoji
]
}
let
(
:anonymous_permissions
)
{
guest_permissions
-
user_permissions
}
subject
{
described_class
.
new
(
nil
,
project
)
}
before
do
create
(
:group_member
,
:invited
,
group:
group
)
end
it
'does not grant owner access'
do
expect_allowed
(
*
anonymous_permissions
)
expect_disallowed
(
*
user_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
anonymous_permissions
}
end
end
end
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
nil
,
project
)
}
it
{
is_expected
.
to
be_banned
}
end
end
shared_examples
'project policies as guest'
do
subject
{
described_class
.
new
(
guest
,
project
)
}
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
let
(
:reporter_public_build_permissions
)
do
reporter_permissions
-
[
:read_build
,
:read_pipeline
]
end
it
do
expect_allowed
(
*
guest_permissions
)
expect_disallowed
(
*
reporter_public_build_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
guest_permissions
}
end
context
'public builds enabled'
do
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
:read_build
,
:read_pipeline
)
end
end
context
'when public builds disabled'
do
before
do
project
.
update
(
public_builds:
false
)
end
it
do
expect_allowed
(
*
guest_permissions
)
expect_disallowed
(
:read_build
,
:read_pipeline
)
end
end
context
'when builds are disabled'
do
before
do
project
.
project_feature
.
update
(
builds_access_level:
ProjectFeature
::
DISABLED
)
end
it
do
expect_disallowed
(
:read_build
)
expect_allowed
(
:read_pipeline
)
end
end
end
end
shared_examples
'project policies as reporter'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
reporter
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
reporter_permissions
}
end
end
end
shared_examples
'project policies as developer'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
developer
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
developer_permissions
}
end
end
end
shared_examples
'project policies as maintainer'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
maintainer
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
maintainer_permissions
}
end
end
end
shared_examples
'project policies as owner'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
owner
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
maintainer_permissions
)
expect_allowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
owner_permissions
}
end
end
end
shared_examples
'project policies as admin'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
admin
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
maintainer_permissions
)
expect_allowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
owner_permissions
}
end
end
end
it_behaves_like
'project policies as anonymous'
it_behaves_like
'project policies as anonymous'
it_behaves_like
'project policies as guest'
it_behaves_like
'project policies as guest'
it_behaves_like
'project policies as reporter'
it_behaves_like
'project policies as reporter'
...
...
spec/policies/project_snippet_policy_spec.rb
View file @
1983d05c
...
@@ -5,7 +5,7 @@ describe ProjectSnippetPolicy do
...
@@ -5,7 +5,7 @@ describe ProjectSnippetPolicy do
let
(
:regular_user
)
{
create
(
:user
)
}
let
(
:regular_user
)
{
create
(
:user
)
}
let
(
:external_user
)
{
create
(
:user
,
:external
)
}
let
(
:external_user
)
{
create
(
:user
,
:external
)
}
let
(
:project
)
{
create
(
:project
,
:public
)
}
let
(
:project
)
{
create
(
:project
,
:public
)
}
let
(
:snippet
)
{
create
(
:project_snippet
,
snippet_visibility
,
project:
project
)
}
let
(
:author_permissions
)
do
let
(
:author_permissions
)
do
[
[
:update_project_snippet
,
:update_project_snippet
,
...
@@ -13,11 +13,7 @@ describe ProjectSnippetPolicy do
...
@@ -13,11 +13,7 @@ describe ProjectSnippetPolicy do
]
]
end
end
def
abilities
(
user
,
snippet_visibility
)
subject
{
described_class
.
new
(
current_user
,
snippet
)
}
snippet
=
create
(
:project_snippet
,
snippet_visibility
,
project:
project
)
described_class
.
new
(
user
,
snippet
)
end
def
expect_allowed
(
*
permissions
)
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
...
@@ -28,8 +24,10 @@ describe ProjectSnippetPolicy do
...
@@ -28,8 +24,10 @@ describe ProjectSnippetPolicy do
end
end
context
'public snippet'
do
context
'public snippet'
do
let
(
:snippet_visibility
)
{
:public
}
context
'no user'
do
context
'no user'
do
subject
{
abilities
(
nil
,
:public
)
}
let
(
:current_user
)
{
nil
}
it
do
it
do
expect_allowed
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
...
@@ -38,7 +36,7 @@ describe ProjectSnippetPolicy do
...
@@ -38,7 +36,7 @@ describe ProjectSnippetPolicy do
end
end
context
'regular user'
do
context
'regular user'
do
subject
{
abilities
(
regular_user
,
:public
)
}
let
(
:current_user
)
{
regular_user
}
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
...
@@ -47,7 +45,7 @@ describe ProjectSnippetPolicy do
...
@@ -47,7 +45,7 @@ describe ProjectSnippetPolicy do
end
end
context
'external user'
do
context
'external user'
do
subject
{
abilities
(
external_user
,
:public
)
}
let
(
:current_user
)
{
external_user
}
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
...
@@ -57,8 +55,10 @@ describe ProjectSnippetPolicy do
...
@@ -57,8 +55,10 @@ describe ProjectSnippetPolicy do
end
end
context
'internal snippet'
do
context
'internal snippet'
do
let
(
:snippet_visibility
)
{
:internal
}
context
'no user'
do
context
'no user'
do
subject
{
abilities
(
nil
,
:internal
)
}
let
(
:current_user
)
{
nil
}
it
do
it
do
expect_disallowed
(
:read_project_snippet
)
expect_disallowed
(
:read_project_snippet
)
...
@@ -67,7 +67,7 @@ describe ProjectSnippetPolicy do
...
@@ -67,7 +67,7 @@ describe ProjectSnippetPolicy do
end
end
context
'regular user'
do
context
'regular user'
do
subject
{
abilities
(
regular_user
,
:internal
)
}
let
(
:current_user
)
{
regular_user
}
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
...
@@ -76,31 +76,31 @@ describe ProjectSnippetPolicy do
...
@@ -76,31 +76,31 @@ describe ProjectSnippetPolicy do
end
end
context
'external user'
do
context
'external user'
do
subject
{
abilities
(
external_user
,
:internal
)
}
let
(
:current_user
)
{
external_user
}
it
do
it
do
expect_disallowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
context
'project team member external user'
do
subject
{
abilities
(
external_user
,
:internal
)
}
before
do
context
'project team member'
do
project
.
add_developer
(
external_user
)
before
do
end
project
.
add_developer
(
external_user
)
end
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
end
end
end
context
'private snippet'
do
context
'private snippet'
do
let
(
:snippet_visibility
)
{
:private
}
context
'no user'
do
context
'no user'
do
subject
{
abilities
(
nil
,
:private
)
}
let
(
:current_user
)
{
nil
}
it
do
it
do
expect_disallowed
(
:read_project_snippet
)
expect_disallowed
(
:read_project_snippet
)
...
@@ -109,53 +109,52 @@ describe ProjectSnippetPolicy do
...
@@ -109,53 +109,52 @@ describe ProjectSnippetPolicy do
end
end
context
'regular user'
do
context
'regular user'
do
subject
{
abilities
(
regular_user
,
:private
)
}
let
(
:current_user
)
{
regular_user
}
it
do
it
do
expect_disallowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
context
'snippet author'
do
let
(
:snippet
)
{
create
(
:project_snippet
,
:private
,
author:
regular_user
,
project:
project
)
}
subject
{
described_class
.
new
(
regular_user
,
snippet
)
}
context
'snippet author'
do
let
(
:snippet
)
{
create
(
:project_snippet
,
:private
,
author:
regular_user
,
project:
project
)
}
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
*
author_permissions
)
expect_allowed
(
*
author_permissions
)
end
end
end
end
context
'project team member normal user'
do
context
'project team member normal user'
do
subject
{
abilities
(
regular_user
,
:private
)
}
before
do
project
.
add_developer
(
regular_user
)
end
before
do
it
do
project
.
add_developer
(
regular_user
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
end
expect_disallowed
(
*
author_permissions
)
end
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
context
'project team member external user'
do
context
'external user'
do
subject
{
abilities
(
external_user
,
:private
)
}
context
'project team member'
do
let
(
:current_user
)
{
external_user
}
before
do
before
do
project
.
add_developer
(
external_user
)
project
.
add_developer
(
external_user
)
end
end
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_disallowed
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
end
context
'admin user'
do
context
'admin user'
do
subject
{
abilities
(
create
(
:admin
),
:private
)
}
let
(
:snippet_visibility
)
{
:private
}
let
(
:current_user
)
{
create
(
:admin
)
}
it
do
it
do
expect_allowed
(
:read_project_snippet
,
:create_note
)
expect_allowed
(
:read_project_snippet
,
:create_note
)
...
...
spec/support/shared_context/policies/project_policy_shared_context.rb
0 → 100644
View file @
1983d05c
# frozen_string_literal: true
RSpec
.
shared_context
'ProjectPolicy context'
do
set
(
:guest
)
{
create
(
:user
)
}
set
(
:reporter
)
{
create
(
:user
)
}
set
(
:developer
)
{
create
(
:user
)
}
set
(
:maintainer
)
{
create
(
:user
)
}
set
(
:owner
)
{
create
(
:user
)
}
set
(
:admin
)
{
create
(
:admin
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
namespace:
owner
.
namespace
)
}
let
(
:base_guest_permissions
)
do
%i[
read_project read_board read_list read_wiki read_issue
read_project_for_iids read_issue_iid read_label
read_milestone read_project_snippet read_project_member read_note
create_project create_issue create_note upload_file create_merge_request_in
award_emoji read_release
]
end
let
(
:base_reporter_permissions
)
do
%i[
download_code fork_project create_project_snippet update_issue
admin_issue admin_label admin_list read_commit_status read_build
read_container_image read_pipeline read_environment read_deployment
read_merge_request download_wiki_code read_sentry_issue
]
end
let
(
:team_member_reporter_permissions
)
do
%i[build_download_code build_read_container_image]
end
let
(
:developer_permissions
)
do
%i[
admin_milestone admin_merge_request update_merge_request create_commit_status
update_commit_status create_build update_build create_pipeline
update_pipeline create_merge_request_from create_wiki push_code
resolve_note create_container_image update_container_image
create_environment create_deployment create_release update_release
]
end
let
(
:base_maintainer_permissions
)
do
%i[
push_to_delete_protected_branch update_project_snippet update_environment
update_deployment admin_project_snippet admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment admin_deployment destroy_release add_cluster
daily_statistics
]
end
let
(
:public_permissions
)
do
%i[
download_code fork_project read_commit_status read_pipeline
read_container_image build_download_code build_read_container_image
download_wiki_code read_release
]
end
let
(
:base_owner_permissions
)
do
%i[
change_namespace change_visibility_level rename_project remove_project
archive_project remove_fork_project destroy_merge_request destroy_issue
set_issue_iid set_issue_created_at set_note_created_at
]
end
# Used in EE specs
let
(
:additional_guest_permissions
)
{
[]
}
let
(
:additional_reporter_permissions
)
{
[]
}
let
(
:additional_maintainer_permissions
)
{
[]
}
let
(
:additional_owner_permissions
)
{
[]
}
let
(
:guest_permissions
)
{
base_guest_permissions
+
additional_guest_permissions
}
let
(
:reporter_permissions
)
{
base_reporter_permissions
+
additional_reporter_permissions
}
let
(
:maintainer_permissions
)
{
base_maintainer_permissions
+
additional_maintainer_permissions
}
let
(
:owner_permissions
)
{
base_owner_permissions
+
additional_owner_permissions
}
before
do
project
.
add_guest
(
guest
)
project
.
add_maintainer
(
maintainer
)
project
.
add_developer
(
developer
)
project
.
add_reporter
(
reporter
)
end
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
end
spec/support/shared_examples/policies/project_policy_shared_examples.rb
0 → 100644
View file @
1983d05c
# frozen_string_literal: true
RSpec
.
shared_examples
'archived project policies'
do
let
(
:feature_write_abilities
)
do
described_class
::
READONLY_FEATURES_WHEN_ARCHIVED
.
flat_map
do
|
feature
|
described_class
.
create_update_admin_destroy
(
feature
)
end
+
additional_reporter_permissions
+
additional_maintainer_permissions
end
let
(
:other_write_abilities
)
do
%i[
create_merge_request_in
create_merge_request_from
push_to_delete_protected_branch
push_code
request_access
upload_file
resolve_note
award_emoji
]
end
context
'when the project is archived'
do
before
do
project
.
archived
=
true
end
it
'disables write actions on all relevant project features'
do
expect_disallowed
(
*
feature_write_abilities
)
end
it
'disables some other important write actions'
do
expect_disallowed
(
*
other_write_abilities
)
end
it
'does not disable other abilities'
do
expect_allowed
(
*
(
regular_abilities
-
feature_write_abilities
-
other_write_abilities
))
end
end
end
RSpec
.
shared_examples
'project policies as anonymous'
do
context
'abilities for public projects'
do
context
'when a project has pending invites'
do
let
(
:group
)
{
create
(
:group
,
:public
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
namespace:
group
)
}
let
(
:user_permissions
)
{
[
:create_merge_request_in
,
:create_project
,
:create_issue
,
:create_note
,
:upload_file
,
:award_emoji
]
}
let
(
:anonymous_permissions
)
{
guest_permissions
-
user_permissions
}
subject
{
described_class
.
new
(
nil
,
project
)
}
before
do
create
(
:group_member
,
:invited
,
group:
group
)
end
it
'does not grant owner access'
do
expect_allowed
(
*
anonymous_permissions
)
expect_disallowed
(
*
user_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
anonymous_permissions
}
end
end
end
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
nil
,
project
)
}
it
{
is_expected
.
to
be_banned
}
end
end
RSpec
.
shared_examples
'project policies as guest'
do
subject
{
described_class
.
new
(
guest
,
project
)
}
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
let
(
:reporter_public_build_permissions
)
do
reporter_permissions
-
[
:read_build
,
:read_pipeline
]
end
it
do
expect_allowed
(
*
guest_permissions
)
expect_disallowed
(
*
reporter_public_build_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
guest_permissions
}
end
context
'public builds enabled'
do
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
:read_build
,
:read_pipeline
)
end
end
context
'when public builds disabled'
do
before
do
project
.
update
(
public_builds:
false
)
end
it
do
expect_allowed
(
*
guest_permissions
)
expect_disallowed
(
:read_build
,
:read_pipeline
)
end
end
context
'when builds are disabled'
do
before
do
project
.
project_feature
.
update
(
builds_access_level:
ProjectFeature
::
DISABLED
)
end
it
do
expect_disallowed
(
:read_build
)
expect_allowed
(
:read_pipeline
)
end
end
end
end
RSpec
.
shared_examples
'project policies as reporter'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
reporter
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
reporter_permissions
}
end
end
end
RSpec
.
shared_examples
'project policies as developer'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
developer
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
developer_permissions
}
end
end
end
RSpec
.
shared_examples
'project policies as maintainer'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
maintainer
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
maintainer_permissions
}
end
end
end
RSpec
.
shared_examples
'project policies as owner'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
owner
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
maintainer_permissions
)
expect_allowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
owner_permissions
}
end
end
end
RSpec
.
shared_examples
'project policies as admin'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
admin
,
project
)
}
it
do
expect_allowed
(
*
guest_permissions
)
expect_allowed
(
*
reporter_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
developer_permissions
)
expect_allowed
(
*
maintainer_permissions
)
expect_allowed
(
*
owner_permissions
)
end
it_behaves_like
'archived project policies'
do
let
(
:regular_abilities
)
{
owner_permissions
}
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment