Commit 856651db authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge branch 'pl-spec-policy-project-perf' into 'master'

Speed project policy specs for both FOSS and EE

See merge request gitlab-org/gitlab!42248
parents c4719482 438d7da6
...@@ -5,16 +5,9 @@ require 'spec_helper' ...@@ -5,16 +5,9 @@ require 'spec_helper'
RSpec.describe ProjectPolicy do RSpec.describe ProjectPolicy do
include ExternalAuthorizationServiceHelpers include ExternalAuthorizationServiceHelpers
include AdminModeHelper include AdminModeHelper
include_context 'ProjectPolicy context'
let_it_be(:owner) { create(:user) } let(:project) { public_project }
let_it_be(:admin) { create(:admin) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:reporter) { create(:user) }
let_it_be(:guest) { create(:user) }
let_it_be(:non_member) { create(:user) }
let_it_be(:project, refind: true) { create(:project, :public, namespace: owner.namespace) }
let_it_be(:private_project, refind: true) { create(:project, :private, namespace: owner.namespace) }
subject { described_class.new(current_user, project) } subject { described_class.new(current_user, project) }
...@@ -22,21 +15,7 @@ RSpec.describe ProjectPolicy do ...@@ -22,21 +15,7 @@ RSpec.describe ProjectPolicy do
stub_licensed_features(license_scanning: true) stub_licensed_features(license_scanning: true)
end end
before_all do
project.add_maintainer(maintainer)
project.add_developer(developer)
project.add_reporter(reporter)
project.add_guest(guest)
private_project.add_maintainer(maintainer)
private_project.add_developer(developer)
private_project.add_reporter(reporter)
private_project.add_guest(guest)
end
context 'basic permissions' do context 'basic permissions' do
include_context 'ProjectPolicy context'
let(:additional_reporter_permissions) do let(:additional_reporter_permissions) do
%i[read_software_license_policy] %i[read_software_license_policy]
end end
...@@ -178,7 +157,7 @@ RSpec.describe ProjectPolicy do ...@@ -178,7 +157,7 @@ RSpec.describe ProjectPolicy do
end end
context 'when user is logged out' do context 'when user is logged out' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_allowed(:read_iteration) } it { is_expected.to be_allowed(:read_iteration) }
it { is_expected.to be_disallowed(:create_iteration, :admin_iteration) } it { is_expected.to be_disallowed(:create_iteration, :admin_iteration) }
...@@ -194,7 +173,7 @@ RSpec.describe ProjectPolicy do ...@@ -194,7 +173,7 @@ RSpec.describe ProjectPolicy do
end end
context 'when user is logged out' do context 'when user is logged out' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_iteration, :create_iteration, :admin_iteration) } it { is_expected.to be_disallowed(:read_iteration, :create_iteration, :admin_iteration) }
end end
...@@ -207,8 +186,7 @@ RSpec.describe ProjectPolicy do ...@@ -207,8 +186,7 @@ RSpec.describe ProjectPolicy do
context 'when the feature is disabled' do context 'when the feature is disabled' do
before do before do
project.issues_enabled = false project.update!(issues_enabled: false)
project.save!
end end
it 'disables boards permissions' do it 'disables boards permissions' do
...@@ -512,7 +490,7 @@ RSpec.describe ProjectPolicy do ...@@ -512,7 +490,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(permission) } it { is_expected.to be_disallowed(permission) }
end end
...@@ -595,7 +573,7 @@ RSpec.describe ProjectPolicy do ...@@ -595,7 +573,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_threat_monitoring) } it { is_expected.to be_disallowed(:read_threat_monitoring) }
end end
...@@ -735,7 +713,7 @@ RSpec.describe ProjectPolicy do ...@@ -735,7 +713,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:admin_software_license_policy) } it { is_expected.to be_disallowed(:admin_software_license_policy) }
end end
...@@ -763,7 +741,7 @@ RSpec.describe ProjectPolicy do ...@@ -763,7 +741,7 @@ RSpec.describe ProjectPolicy do
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
context 'with public access to repository' do context 'with public access to repository' do
let(:project) { create(:project, :public) } let(:project) { public_project }
it { is_expected.to be_allowed(:read_dependencies) } it { is_expected.to be_allowed(:read_dependencies) }
end end
...@@ -827,7 +805,7 @@ RSpec.describe ProjectPolicy do ...@@ -827,7 +805,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_dependencies) } it { is_expected.to be_disallowed(:read_dependencies) }
end end
...@@ -887,7 +865,7 @@ RSpec.describe ProjectPolicy do ...@@ -887,7 +865,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_licenses) } it { is_expected.to be_disallowed(:read_licenses) }
end end
...@@ -906,7 +884,6 @@ RSpec.describe ProjectPolicy do ...@@ -906,7 +884,6 @@ RSpec.describe ProjectPolicy do
end end
describe 'publish_status_page' do describe 'publish_status_page' do
let(:anonymous) { nil }
let(:feature) { :status_page } let(:feature) { :status_page }
let(:policy) { :publish_status_page } let(:policy) { :publish_status_page }
...@@ -1152,7 +1129,7 @@ RSpec.describe ProjectPolicy do ...@@ -1152,7 +1129,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_group_timelogs) } it { is_expected.to be_disallowed(:read_group_timelogs) }
end end
......
...@@ -6,21 +6,9 @@ RSpec.describe ProjectPolicy do ...@@ -6,21 +6,9 @@ RSpec.describe ProjectPolicy do
include ExternalAuthorizationServiceHelpers include ExternalAuthorizationServiceHelpers
include_context 'ProjectPolicy context' include_context 'ProjectPolicy context'
let_it_be(:other_user) { create(:user) } let(:project) { public_project }
let_it_be(:guest) { create(:user) }
let_it_be(:reporter) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:owner) { create(:user) }
let_it_be(:admin) { create(:admin) }
let(:project) { create(:project, :public, namespace: owner.namespace) }
before do subject { described_class.new(current_user, project) }
project.add_guest(guest)
project.add_maintainer(maintainer)
project.add_developer(developer)
project.add_reporter(reporter)
end
def expect_allowed(*permissions) def expect_allowed(*permissions)
permissions.each { |p| is_expected.to be_allowed(p) } permissions.each { |p| is_expected.to be_allowed(p) }
...@@ -31,7 +19,7 @@ RSpec.describe ProjectPolicy do ...@@ -31,7 +19,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with no project feature' do context 'with no project feature' do
subject { described_class.new(owner, project) } let(:current_user) { owner }
before do before do
project.project_feature.destroy! project.project_feature.destroy!
...@@ -63,7 +51,7 @@ RSpec.describe ProjectPolicy do ...@@ -63,7 +51,7 @@ RSpec.describe ProjectPolicy do
end end
context 'issues feature' do context 'issues feature' do
subject { described_class.new(owner, project) } let(:current_user) { owner }
context 'when the feature is disabled' do context 'when the feature is disabled' do
before do before do
...@@ -91,7 +79,7 @@ RSpec.describe ProjectPolicy do ...@@ -91,7 +79,7 @@ RSpec.describe ProjectPolicy do
end end
context 'merge requests feature' do context 'merge requests feature' do
subject { described_class.new(owner, project) } let(:current_user) { owner }
it 'disallows all permissions when the feature is disabled' do it 'disallows all permissions when the feature is disabled' do
project.project_feature.update!(merge_requests_access_level: ProjectFeature::DISABLED) project.project_feature.update!(merge_requests_access_level: ProjectFeature::DISABLED)
...@@ -105,9 +93,8 @@ RSpec.describe ProjectPolicy do ...@@ -105,9 +93,8 @@ RSpec.describe ProjectPolicy do
end end
context 'for a guest in a private project' do context 'for a guest in a private project' do
let(:project) { create(:project, :private) } let(:current_user) { guest }
let(:project) { private_project }
subject { described_class.new(guest, project) }
it 'disallows the guest from reading the merge request and merge request iid' do it 'disallows the guest from reading the merge request and merge request iid' do
expect_disallowed(:read_merge_request) expect_disallowed(:read_merge_request)
...@@ -116,12 +103,10 @@ RSpec.describe ProjectPolicy do ...@@ -116,12 +103,10 @@ RSpec.describe ProjectPolicy do
end end
context 'pipeline feature' do context 'pipeline feature' do
let(:project) { create(:project) } let(:project) { private_project }
describe 'for unconfirmed user' do describe 'for unconfirmed user' do
let(:unconfirmed_user) { create(:user, confirmed_at: nil) } let(:current_user) { create(:user, confirmed_at: nil) }
subject { described_class.new(unconfirmed_user, project) }
it 'disallows to modify pipelines' do it 'disallows to modify pipelines' do
expect_disallowed(:create_pipeline) expect_disallowed(:create_pipeline)
...@@ -131,7 +116,7 @@ RSpec.describe ProjectPolicy do ...@@ -131,7 +116,7 @@ RSpec.describe ProjectPolicy do
end end
describe 'for confirmed user' do describe 'for confirmed user' do
subject { described_class.new(developer, project) } let(:current_user) { developer }
it 'allows modify pipelines' do it 'allows modify pipelines' do
expect_allowed(:create_pipeline) expect_allowed(:create_pipeline)
...@@ -143,7 +128,7 @@ RSpec.describe ProjectPolicy do ...@@ -143,7 +128,7 @@ RSpec.describe ProjectPolicy do
context 'builds feature' do context 'builds feature' do
context 'when builds are disabled' do context 'when builds are disabled' do
subject { described_class.new(owner, project) } let(:current_user) { owner }
before do before do
project.project_feature.update!(builds_access_level: ProjectFeature::DISABLED) project.project_feature.update!(builds_access_level: ProjectFeature::DISABLED)
...@@ -163,7 +148,7 @@ RSpec.describe ProjectPolicy do ...@@ -163,7 +148,7 @@ RSpec.describe ProjectPolicy do
end end
context 'when builds are disabled only for some users' do context 'when builds are disabled only for some users' do
subject { described_class.new(guest, project) } let(:current_user) { guest }
before do before do
project.project_feature.update!(builds_access_level: ProjectFeature::PRIVATE) project.project_feature.update!(builds_access_level: ProjectFeature::PRIVATE)
...@@ -194,7 +179,7 @@ RSpec.describe ProjectPolicy do ...@@ -194,7 +179,7 @@ RSpec.describe ProjectPolicy do
end end
context 'when user is a project member' do context 'when user is a project member' do
subject { described_class.new(owner, project) } let(:current_user) { owner }
context 'when it is disabled' do context 'when it is disabled' do
before do before do
...@@ -212,8 +197,8 @@ RSpec.describe ProjectPolicy do ...@@ -212,8 +197,8 @@ RSpec.describe ProjectPolicy do
end end
end end
context 'when user is some other user' do context 'when user is non-member' do
subject { described_class.new(other_user, project) } let(:current_user) { non_member }
context 'when access level is private' do context 'when access level is private' do
before do before do
...@@ -243,7 +228,7 @@ RSpec.describe ProjectPolicy do ...@@ -243,7 +228,7 @@ RSpec.describe ProjectPolicy do
context 'when a public project has merge requests allowing access' do context 'when a public project has merge requests allowing access' do
include ProjectForksHelper include ProjectForksHelper
let(:user) { create(:user) } let(:current_user) { create(:user) }
let(:target_project) { create(:project, :public) } let(:target_project) { create(:project, :public) }
let(:project) { fork_project(target_project) } let(:project) { fork_project(target_project) }
let!(:merge_request) do let!(:merge_request) do
...@@ -259,20 +244,18 @@ RSpec.describe ProjectPolicy do ...@@ -259,20 +244,18 @@ RSpec.describe ProjectPolicy do
%w(create_build create_pipeline) %w(create_build create_pipeline)
end end
subject { described_class.new(user, project) }
it 'does not allow pushing code' do it 'does not allow pushing code' do
expect_disallowed(*maintainer_abilities) expect_disallowed(*maintainer_abilities)
end end
it 'allows pushing if the user is a member with push access to the target project' do it 'allows pushing if the user is a member with push access to the target project' do
target_project.add_developer(user) target_project.add_developer(current_user)
expect_allowed(*maintainer_abilities) expect_allowed(*maintainer_abilities)
end end
it 'disallows abilities to a maintainer if the merge request was closed' do it 'disallows abilities to a maintainer if the merge request was closed' do
target_project.add_developer(user) target_project.add_developer(current_user)
merge_request.close! merge_request.close!
expect_disallowed(*maintainer_abilities) expect_disallowed(*maintainer_abilities)
...@@ -280,12 +263,9 @@ RSpec.describe ProjectPolicy do ...@@ -280,12 +263,9 @@ RSpec.describe ProjectPolicy do
end end
it_behaves_like 'clusterable policies' do it_behaves_like 'clusterable policies' do
let(:clusterable) { create(:project, :repository) } let_it_be(:clusterable) { create(:project, :repository) }
let(:cluster) do let_it_be(:cluster) do
create(:cluster, create(:cluster, :provided_by_gcp, :project, projects: [clusterable])
:provided_by_gcp,
:project,
projects: [clusterable])
end end
end end
...@@ -356,16 +336,14 @@ RSpec.describe ProjectPolicy do ...@@ -356,16 +336,14 @@ RSpec.describe ProjectPolicy do
end end
context 'forking a project' do context 'forking a project' do
subject { described_class.new(current_user, project) }
context 'anonymous user' do context 'anonymous user' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:fork_project) } it { is_expected.to be_disallowed(:fork_project) }
end end
context 'project member' do context 'project member' do
let_it_be(:project) { create(:project, :private) } let(:project) { private_project }
context 'guest' do context 'guest' do
let(:current_user) { guest } let(:current_user) { guest }
...@@ -384,10 +362,8 @@ RSpec.describe ProjectPolicy do ...@@ -384,10 +362,8 @@ RSpec.describe ProjectPolicy do
end end
describe 'update_max_artifacts_size' do describe 'update_max_artifacts_size' do
subject { described_class.new(current_user, project) }
context 'when no user' do context 'when no user' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { expect_disallowed(:update_max_artifacts_size) } it { expect_disallowed(:update_max_artifacts_size) }
end end
...@@ -416,12 +392,10 @@ RSpec.describe ProjectPolicy do ...@@ -416,12 +392,10 @@ RSpec.describe ProjectPolicy do
context 'alert bot' do context 'alert bot' do
let(:current_user) { User.alert_bot } let(:current_user) { User.alert_bot }
subject { described_class.new(current_user, project) }
it { is_expected.to be_allowed(:reporter_access) } it { is_expected.to be_allowed(:reporter_access) }
context 'within a private project' do context 'within a private project' do
let(:project) { create(:project, :private) } let(:project) { private_project }
it { is_expected.to be_allowed(:admin_issue) } it { is_expected.to be_allowed(:admin_issue) }
end end
...@@ -430,8 +404,6 @@ RSpec.describe ProjectPolicy do ...@@ -430,8 +404,6 @@ RSpec.describe ProjectPolicy do
context 'support bot' do context 'support bot' do
let(:current_user) { User.support_bot } let(:current_user) { User.support_bot }
subject { described_class.new(current_user, project) }
context 'with service desk disabled' do context 'with service desk disabled' do
it { expect_allowed(:guest_access) } it { expect_allowed(:guest_access) }
it { expect_disallowed(:create_note, :read_project) } it { expect_disallowed(:create_note, :read_project) }
...@@ -455,8 +427,6 @@ RSpec.describe ProjectPolicy do ...@@ -455,8 +427,6 @@ RSpec.describe ProjectPolicy do
end end
describe 'read_prometheus_alerts' do describe 'read_prometheus_alerts' do
subject { described_class.new(current_user, project) }
context 'with admin' do context 'with admin' do
let(:current_user) { admin } let(:current_user) { admin }
...@@ -500,17 +470,15 @@ RSpec.describe ProjectPolicy do ...@@ -500,17 +470,15 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:read_prometheus_alerts) } it { is_expected.to be_disallowed(:read_prometheus_alerts) }
end end
end end
describe 'metrics_dashboard feature' do describe 'metrics_dashboard feature' do
subject { described_class.new(current_user, project) }
context 'public project' do context 'public project' do
let(:project) { create(:project, :public) } let(:project) { public_project }
context 'feature private' do context 'feature private' do
context 'with reporter' do context 'with reporter' do
...@@ -530,7 +498,7 @@ RSpec.describe ProjectPolicy do ...@@ -530,7 +498,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:metrics_dashboard) } it { is_expected.to be_disallowed(:metrics_dashboard) }
end end
...@@ -562,7 +530,7 @@ RSpec.describe ProjectPolicy do ...@@ -562,7 +530,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_allowed(:metrics_dashboard) } it { is_expected.to be_allowed(:metrics_dashboard) }
it { is_expected.to be_allowed(:read_prometheus) } it { is_expected.to be_allowed(:read_prometheus) }
...@@ -574,7 +542,7 @@ RSpec.describe ProjectPolicy do ...@@ -574,7 +542,7 @@ RSpec.describe ProjectPolicy do
end end
context 'internal project' do context 'internal project' do
let(:project) { create(:project, :internal) } let(:project) { internal_project }
context 'feature private' do context 'feature private' do
context 'with reporter' do context 'with reporter' do
...@@ -594,7 +562,7 @@ RSpec.describe ProjectPolicy do ...@@ -594,7 +562,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:metrics_dashboard)} it { is_expected.to be_disallowed(:metrics_dashboard)}
end end
...@@ -626,7 +594,7 @@ RSpec.describe ProjectPolicy do ...@@ -626,7 +594,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:metrics_dashboard) } it { is_expected.to be_disallowed(:metrics_dashboard) }
end end
...@@ -634,7 +602,7 @@ RSpec.describe ProjectPolicy do ...@@ -634,7 +602,7 @@ RSpec.describe ProjectPolicy do
end end
context 'private project' do context 'private project' do
let(:project) { create(:project, :private) } let(:project) { private_project }
context 'feature private' do context 'feature private' do
context 'with reporter' do context 'with reporter' do
...@@ -654,7 +622,7 @@ RSpec.describe ProjectPolicy do ...@@ -654,7 +622,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:metrics_dashboard) } it { is_expected.to be_disallowed(:metrics_dashboard) }
end end
...@@ -678,7 +646,7 @@ RSpec.describe ProjectPolicy do ...@@ -678,7 +646,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:metrics_dashboard) } it { is_expected.to be_disallowed(:metrics_dashboard) }
end end
...@@ -703,7 +671,7 @@ RSpec.describe ProjectPolicy do ...@@ -703,7 +671,7 @@ RSpec.describe ProjectPolicy do
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:metrics_dashboard) } it { is_expected.to be_disallowed(:metrics_dashboard) }
end end
...@@ -735,8 +703,6 @@ RSpec.describe ProjectPolicy do ...@@ -735,8 +703,6 @@ RSpec.describe ProjectPolicy do
end end
describe 'create_web_ide_terminal' do describe 'create_web_ide_terminal' do
subject { described_class.new(current_user, project) }
context 'with admin' do context 'with admin' do
let(:current_user) { admin } let(:current_user) { admin }
...@@ -780,20 +746,20 @@ RSpec.describe ProjectPolicy do ...@@ -780,20 +746,20 @@ RSpec.describe ProjectPolicy do
end end
context 'with non member' do context 'with non member' do
let(:current_user) { create(:user) } let(:current_user) { non_member }
it { is_expected.to be_disallowed(:create_web_ide_terminal) } it { is_expected.to be_disallowed(:create_web_ide_terminal) }
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_disallowed(:create_web_ide_terminal) } it { is_expected.to be_disallowed(:create_web_ide_terminal) }
end end
end end
describe 'read_repository_graphs' do describe 'read_repository_graphs' do
subject { described_class.new(guest, project) } let(:current_user) { guest }
before do before do
allow(subject).to receive(:allowed?).with(:read_repository_graphs).and_call_original allow(subject).to receive(:allowed?).with(:read_repository_graphs).and_call_original
...@@ -814,7 +780,7 @@ RSpec.describe ProjectPolicy do ...@@ -814,7 +780,7 @@ RSpec.describe ProjectPolicy do
end end
describe 'design permissions' do describe 'design permissions' do
subject { described_class.new(guest, project) } let(:current_user) { guest }
let(:design_permissions) do let(:design_permissions) do
%i[read_design_activity read_design] %i[read_design_activity read_design]
...@@ -836,7 +802,7 @@ RSpec.describe ProjectPolicy do ...@@ -836,7 +802,7 @@ RSpec.describe ProjectPolicy do
end end
describe 'read_build_report_results' do describe 'read_build_report_results' do
subject { described_class.new(guest, project) } let(:current_user) { guest }
before do before do
allow(subject).to receive(:allowed?).with(:read_build_report_results).and_call_original allow(subject).to receive(:allowed?).with(:read_build_report_results).and_call_original
...@@ -874,8 +840,6 @@ RSpec.describe ProjectPolicy do ...@@ -874,8 +840,6 @@ RSpec.describe ProjectPolicy do
end end
describe 'read_package' do describe 'read_package' do
subject { described_class.new(current_user, project) }
context 'with admin' do context 'with admin' do
let(:current_user) { admin } let(:current_user) { admin }
...@@ -926,13 +890,13 @@ RSpec.describe ProjectPolicy do ...@@ -926,13 +890,13 @@ RSpec.describe ProjectPolicy do
end end
context 'with non member' do context 'with non member' do
let(:current_user) { create(:user) } let(:current_user) { non_member }
it { is_expected.to be_allowed(:read_package) } it { is_expected.to be_allowed(:read_package) }
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { anonymous }
it { is_expected.to be_allowed(:read_package) } it { is_expected.to be_allowed(:read_package) }
end end
......
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_context 'ProjectPolicy context' do RSpec.shared_context 'ProjectPolicy context' do
let_it_be(:anonymous) { nil }
let_it_be(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
let_it_be(:reporter) { create(:user) } let_it_be(:reporter) { create(:user) }
let_it_be(:developer) { create(:user) } let_it_be(:developer) { create(:user) }
let_it_be(:maintainer) { create(:user) } let_it_be(:maintainer) { create(:user) }
let_it_be(:owner) { create(:user) } let_it_be(:owner) { create(:user) }
let_it_be(:admin) { create(:admin) } let_it_be(:admin) { create(:admin) }
let(:project) { create(:project, :public, namespace: owner.namespace) } let_it_be(:non_member) { create(:user) }
let_it_be_with_refind(:private_project) { create(:project, :private, namespace: owner.namespace) }
let_it_be_with_refind(:internal_project) { create(:project, :internal, namespace: owner.namespace) }
let_it_be_with_refind(:public_project) { create(:project, :public, namespace: owner.namespace) }
let(:base_guest_permissions) do let(:base_guest_permissions) do
%i[ %i[
...@@ -86,10 +90,12 @@ RSpec.shared_context 'ProjectPolicy context' do ...@@ -86,10 +90,12 @@ RSpec.shared_context 'ProjectPolicy context' do
let(:maintainer_permissions) { base_maintainer_permissions + additional_maintainer_permissions } let(:maintainer_permissions) { base_maintainer_permissions + additional_maintainer_permissions }
let(:owner_permissions) { base_owner_permissions + additional_owner_permissions } let(:owner_permissions) { base_owner_permissions + additional_owner_permissions }
before do before_all do
[private_project, internal_project, public_project].each do |project|
project.add_guest(guest) project.add_guest(guest)
project.add_maintainer(maintainer)
project.add_developer(developer)
project.add_reporter(reporter) project.add_reporter(reporter)
project.add_developer(developer)
project.add_maintainer(maintainer)
end
end end
end end
...@@ -59,8 +59,7 @@ RSpec.shared_examples 'project policies as anonymous' do ...@@ -59,8 +59,7 @@ RSpec.shared_examples 'project policies as anonymous' do
let(:project) { create(:project, :public, namespace: group) } let(:project) { create(:project, :public, namespace: group) }
let(:user_permissions) { [:create_merge_request_in, :create_project, :create_issue, :create_note, :upload_file, :award_emoji] } let(:user_permissions) { [:create_merge_request_in, :create_project, :create_issue, :create_note, :upload_file, :award_emoji] }
let(:anonymous_permissions) { guest_permissions - user_permissions } let(:anonymous_permissions) { guest_permissions - user_permissions }
let(:current_user) { anonymous }
subject { described_class.new(nil, project) }
before do before do
create(:group_member, :invited, group: group) create(:group_member, :invited, group: group)
...@@ -78,9 +77,8 @@ RSpec.shared_examples 'project policies as anonymous' do ...@@ -78,9 +77,8 @@ RSpec.shared_examples 'project policies as anonymous' do
end end
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { anonymous }
subject { described_class.new(nil, project) }
it { is_expected.to be_banned } it { is_expected.to be_banned }
end end
...@@ -109,10 +107,10 @@ RSpec.shared_examples 'deploy token does not get confused with user' do ...@@ -109,10 +107,10 @@ RSpec.shared_examples 'deploy token does not get confused with user' do
end end
RSpec.shared_examples 'project policies as guest' do RSpec.shared_examples 'project policies as guest' do
subject { described_class.new(guest, project) }
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { guest }
let(:reporter_public_build_permissions) do let(:reporter_public_build_permissions) do
reporter_permissions - [:read_build, :read_pipeline] reporter_permissions - [:read_build, :read_pipeline]
end end
...@@ -167,9 +165,8 @@ end ...@@ -167,9 +165,8 @@ end
RSpec.shared_examples 'project policies as reporter' do RSpec.shared_examples 'project policies as reporter' do
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { reporter }
subject { described_class.new(reporter, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -192,9 +189,8 @@ end ...@@ -192,9 +189,8 @@ end
RSpec.shared_examples 'project policies as developer' do RSpec.shared_examples 'project policies as developer' do
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { developer }
subject { described_class.new(developer, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -217,9 +213,8 @@ end ...@@ -217,9 +213,8 @@ end
RSpec.shared_examples 'project policies as maintainer' do RSpec.shared_examples 'project policies as maintainer' do
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { maintainer }
subject { described_class.new(maintainer, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -242,9 +237,8 @@ end ...@@ -242,9 +237,8 @@ end
RSpec.shared_examples 'project policies as owner' do RSpec.shared_examples 'project policies as owner' do
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { owner }
subject { described_class.new(owner, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -267,9 +261,8 @@ end ...@@ -267,9 +261,8 @@ end
RSpec.shared_examples 'project policies as admin with admin mode' do RSpec.shared_examples 'project policies as admin with admin mode' do
context 'abilities for non-public projects', :enable_admin_mode do context 'abilities for non-public projects', :enable_admin_mode do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { admin }
subject { described_class.new(admin, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -316,9 +309,8 @@ end ...@@ -316,9 +309,8 @@ end
RSpec.shared_examples 'project policies as admin without admin mode' do RSpec.shared_examples 'project policies as admin without admin mode' do
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { private_project }
let(:current_user) { admin }
subject { described_class.new(admin, project) }
it { is_expected.to be_banned } it { is_expected.to be_banned }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment