Skip to content

G
gitlab-ce
Commit 3011c551 authored by Imre Farkas's avatar Imre Farkas
Browse files
Options

Merge branch 'refactor-public-permissions-group-spec' into 'master' 

Refactor Group Policy Spec

See merge request gitlab-org/gitlab!77137
parents 7ef2f115 389a76b3
Show whitespace changes
Inline Side-by-side
Showing with 52 additions and 44 deletions
spec/policies/group_policy_spec.rb
View file @ 3011c551
...@@ -10,21 +10,32 @@ RSpec.describe GroupPolicy do ...@@ -10,21 +10,32 @@ RSpec.describe GroupPolicy do
let(:current_user) { nil } let(:current_user) { nil }
it do it do
expect_allowed(:read_group) expect_allowed(*public_permissions)
expect_allowed(:read_counts)
expect_allowed(*read_group_permissions)
expect_disallowed(:upload_file) expect_disallowed(:upload_file)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
expect_disallowed(*maintainer_permissions) expect_disallowed(*maintainer_permissions)
expect_disallowed(*owner_permissions) expect_disallowed(*owner_permissions)
expect_disallowed(:read_namespace) expect_disallowed(:read_namespace)
expect_disallowed(:read_crm_organization)
expect_disallowed(:read_crm_contact)
end end
end end
context 'with no user and public project' do context 'public group with user who is not a member' do
let(:group) { create(:group, :public, :crm_enabled) }
let(:current_user) { create(:user) }
it do
expect_allowed(*public_permissions)
expect_disallowed(:upload_file)
expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions)
expect_disallowed(*maintainer_permissions)
expect_disallowed(*owner_permissions)
expect_disallowed(:read_namespace)
end
end
context 'private group that has been invited to a public project and with no user' do
let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) } let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) }
let(:current_user) { nil } let(:current_user) { nil }
...@@ -32,15 +43,14 @@ RSpec.describe GroupPolicy do ...@@ -32,15 +43,14 @@ RSpec.describe GroupPolicy do
create(:project_group_link, project: project, group: group) create(:project_group_link, project: project, group: group)
end end
it { expect_disallowed(:read_group) } it do
it { expect_disallowed(:read_crm_organization) } expect_disallowed(*public_permissions)
it { expect_disallowed(:read_crm_contact) } expect_disallowed(*reporter_permissions)
it { expect_disallowed(:read_counts) } expect_disallowed(*owner_permissions)
it { expect_disallowed(:read_group_runners) } end
it { expect_disallowed(*read_group_permissions) }
end end
context 'with foreign user and public project' do context 'private group that has been invited to a public project and with a foreign user' do
let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) } let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) }
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
...@@ -48,12 +58,11 @@ RSpec.describe GroupPolicy do ...@@ -48,12 +58,11 @@ RSpec.describe GroupPolicy do
create(:project_group_link, project: project, group: group) create(:project_group_link, project: project, group: group)
end end
it { expect_disallowed(:read_group) } it do
it { expect_disallowed(:read_crm_organization) } expect_disallowed(*public_permissions)
it { expect_disallowed(:read_crm_contact) } expect_disallowed(*reporter_permissions)
it { expect_disallowed(:read_counts) } expect_disallowed(*owner_permissions)
it { expect_disallowed(:read_group_runners) } end
it { expect_disallowed(*read_group_permissions) }
end end
context 'has projects' do context 'has projects' do
...@@ -64,13 +73,13 @@ RSpec.describe GroupPolicy do ...@@ -64,13 +73,13 @@ RSpec.describe GroupPolicy do
project.add_developer(current_user) project.add_developer(current_user)
end end
it { expect_allowed(*read_group_permissions) } it { expect_allowed(*(public_permissions - [:read_counts])) }
context 'in subgroups' do context 'in subgroups' do
let(:subgroup) { create(:group, :private, :crm_enabled, parent: group) } let(:subgroup) { create(:group, :private, :crm_enabled, parent: group) }
let(:project) { create(:project, namespace: subgroup) } let(:project) { create(:project, namespace: subgroup) }
it { expect_allowed(*read_group_permissions) } it { expect_allowed(*(public_permissions - [:read_counts])) }
end end
end end
...@@ -83,7 +92,7 @@ RSpec.describe GroupPolicy do ...@@ -83,7 +92,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { deploy_token } let(:current_user) { deploy_token }
it do it do
expect_disallowed(*read_group_permissions) expect_disallowed(*public_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -96,7 +105,7 @@ RSpec.describe GroupPolicy do ...@@ -96,7 +105,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { guest } let(:current_user) { guest }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -113,7 +122,7 @@ RSpec.describe GroupPolicy do ...@@ -113,7 +122,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -130,7 +139,7 @@ RSpec.describe GroupPolicy do ...@@ -130,7 +139,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { developer } let(:current_user) { developer }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -158,7 +167,7 @@ RSpec.describe GroupPolicy do ...@@ -158,7 +167,7 @@ RSpec.describe GroupPolicy do
updated_owner_permissions = updated_owner_permissions =
owner_permissions - create_subgroup_permission owner_permissions - create_subgroup_permission
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -169,7 +178,7 @@ RSpec.describe GroupPolicy do ...@@ -169,7 +178,7 @@ RSpec.describe GroupPolicy do
context 'with subgroup_creation_level set to owner' do context 'with subgroup_creation_level set to owner' do
it 'allows every maintainer permission' do it 'allows every maintainer permission' do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -187,7 +196,7 @@ RSpec.describe GroupPolicy do ...@@ -187,7 +196,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -204,7 +213,7 @@ RSpec.describe GroupPolicy do ...@@ -204,7 +213,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { admin } let(:current_user) { admin }
specify do specify do
expect_disallowed(*read_group_permissions) expect_disallowed(*public_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -214,7 +223,7 @@ RSpec.describe GroupPolicy do ...@@ -214,7 +223,7 @@ RSpec.describe GroupPolicy do
context 'with admin mode', :enable_admin_mode do context 'with admin mode', :enable_admin_mode do
specify do specify do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -256,8 +265,7 @@ RSpec.describe GroupPolicy do ...@@ -256,8 +265,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { nil } let(:current_user) { nil }
it do it do
expect_disallowed(:read_counts) expect_disallowed(*public_permissions)
expect_disallowed(*read_group_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -270,8 +278,7 @@ RSpec.describe GroupPolicy do ...@@ -270,8 +278,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { guest } let(:current_user) { guest }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -284,8 +291,7 @@ RSpec.describe GroupPolicy do ...@@ -284,8 +291,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -298,8 +304,7 @@ RSpec.describe GroupPolicy do ...@@ -298,8 +304,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { developer } let(:current_user) { developer }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -312,8 +317,7 @@ RSpec.describe GroupPolicy do ...@@ -312,8 +317,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { maintainer } let(:current_user) { maintainer }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -326,8 +330,7 @@ RSpec.describe GroupPolicy do ...@@ -326,8 +330,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
......
spec/support/shared_contexts/policies/group_policy_shared_context.rb
View file @ 3011c551
...@@ -10,6 +10,13 @@ RSpec.shared_context 'GroupPolicy context' do ...@@ -10,6 +10,13 @@ RSpec.shared_context 'GroupPolicy context' do
let_it_be(:non_group_member) { create(:user) } let_it_be(:non_group_member) { create(:user) }
let_it_be(:group, refind: true) { create(:group, :private, :owner_subgroup_creation_only, :crm_enabled) } let_it_be(:group, refind: true) { create(:group, :private, :owner_subgroup_creation_only, :crm_enabled) }
let(:public_permissions) do
%i[
read_group read_counts
read_label read_issue_board_list read_milestone read_issue_board
]
end
let(:guest_permissions) do let(:guest_permissions) do
%i[ %i[
read_label read_group upload_file read_namespace read_group_activity read_label read_group upload_file read_namespace read_group_activity
...@@ -18,8 +25,6 @@ RSpec.shared_context 'GroupPolicy context' do ...@@ -18,8 +25,6 @@ RSpec.shared_context 'GroupPolicy context' do
] ]
end end
let(:read_group_permissions) { %i[read_label read_issue_board_list read_milestone read_issue_board] }
let(:reporter_permissions) do let(:reporter_permissions) do
%i[ %i[
admin_label admin_label
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7