Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
963b374d
Commit
963b374d
authored
Apr 06, 2017
by
http://jneen.net/
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update the specs to not require a set to be returned
parent
80d6e5bb
Changes
12
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
303 additions
and
275 deletions
+303
-275
spec/models/ability_spec.rb
spec/models/ability_spec.rb
+7
-4
spec/policies/base_policy_spec.rb
spec/policies/base_policy_spec.rb
+3
-3
spec/policies/ci/build_policy_spec.rb
spec/policies/ci/build_policy_spec.rb
+14
-14
spec/policies/ci/trigger_policy_spec.rb
spec/policies/ci/trigger_policy_spec.rb
+7
-7
spec/policies/deploy_key_policy_spec.rb
spec/policies/deploy_key_policy_spec.rb
+6
-6
spec/policies/environment_policy_spec.rb
spec/policies/environment_policy_spec.rb
+6
-6
spec/policies/group_policy_spec.rb
spec/policies/group_policy_spec.rb
+62
-54
spec/policies/issue_policy_spec.rb
spec/policies/issue_policy_spec.rb
+61
-61
spec/policies/personal_snippet_policy_spec.rb
spec/policies/personal_snippet_policy_spec.rb
+34
-34
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+61
-52
spec/policies/project_snippet_policy_spec.rb
spec/policies/project_snippet_policy_spec.rb
+36
-28
spec/policies/user_policy_spec.rb
spec/policies/user_policy_spec.rb
+6
-6
No files found.
spec/models/ability_spec.rb
View file @
963b374d
...
@@ -2,8 +2,8 @@ require 'spec_helper'
...
@@ -2,8 +2,8 @@ require 'spec_helper'
describe
Ability
,
lib:
true
do
describe
Ability
,
lib:
true
do
context
'using a nil subject'
do
context
'using a nil subject'
do
it
'
is always empty
'
do
it
'
has no permissions
'
do
expect
(
Ability
.
allowed
(
nil
,
nil
).
to_set
).
to
be_empty
expect
(
Ability
.
policy_for
(
nil
,
nil
)).
to
be_banned
end
end
end
end
...
@@ -255,12 +255,15 @@ describe Ability, lib: true do
...
@@ -255,12 +255,15 @@ describe Ability, lib: true do
describe
'.project_disabled_features_rules'
do
describe
'.project_disabled_features_rules'
do
let
(
:project
)
{
create
(
:empty_project
,
:wiki_disabled
)
}
let
(
:project
)
{
create
(
:empty_project
,
:wiki_disabled
)
}
subject
{
described_class
.
allowed
(
project
.
owner
,
project
)
}
subject
{
described_class
.
policy_for
(
project
.
owner
,
project
)
}
context
'wiki named abilities'
do
context
'wiki named abilities'
do
it
'disables wiki abilities if the project has no wiki'
do
it
'disables wiki abilities if the project has no wiki'
do
expect
(
project
).
to
receive
(
:has_external_wiki?
).
and_return
(
false
)
expect
(
project
).
to
receive
(
:has_external_wiki?
).
and_return
(
false
)
expect
(
subject
).
not_to
include
(
:read_wiki
,
:create_wiki
,
:update_wiki
,
:admin_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:read_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:create_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:update_wiki
)
expect
(
subject
).
not_to
be_allowed
(
:admin_wiki
)
end
end
end
end
end
end
...
...
spec/policies/base_policy_spec.rb
View file @
963b374d
...
@@ -3,17 +3,17 @@ require 'spec_helper'
...
@@ -3,17 +3,17 @@ require 'spec_helper'
describe
BasePolicy
,
models:
true
do
describe
BasePolicy
,
models:
true
do
describe
'.class_for'
do
describe
'.class_for'
do
it
'detects policy class based on the subject ancestors'
do
it
'detects policy class based on the subject ancestors'
do
expect
(
described_class
.
class_for
(
GenericCommitStatus
.
new
)).
to
eq
(
CommitStatusPolicy
)
expect
(
DeclarativePolicy
.
class_for
(
GenericCommitStatus
.
new
)).
to
eq
(
CommitStatusPolicy
)
end
end
it
'detects policy class for a presented subject'
do
it
'detects policy class for a presented subject'
do
presentee
=
Ci
::
BuildPresenter
.
new
(
Ci
::
Build
.
new
)
presentee
=
Ci
::
BuildPresenter
.
new
(
Ci
::
Build
.
new
)
expect
(
described_class
.
class_for
(
presentee
)).
to
eq
(
Ci
::
BuildPolicy
)
expect
(
DeclarativePolicy
.
class_for
(
presentee
)).
to
eq
(
Ci
::
BuildPolicy
)
end
end
it
'uses GlobalPolicy when :global is given'
do
it
'uses GlobalPolicy when :global is given'
do
expect
(
described_class
.
class_for
(
:global
)).
to
eq
(
GlobalPolicy
)
expect
(
DeclarativePolicy
.
class_for
(
:global
)).
to
eq
(
GlobalPolicy
)
end
end
end
end
end
end
spec/policies/ci/build_policy_spec.rb
View file @
963b374d
...
@@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do
...
@@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
)
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
)
}
let
(
:polic
ies
)
do
let
(
:polic
y
)
do
described_class
.
abilities
(
user
,
build
).
to_set
described_class
.
new
(
user
,
build
)
end
end
shared_context
'public pipelines disabled'
do
shared_context
'public pipelines disabled'
do
...
@@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
context
'when public builds are enabled'
do
it
'does not include ability to read build'
do
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
end
...
@@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
end
end
end
...
@@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
it
'includes ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
end
end
...
@@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
end
end
end
...
@@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
it
'includes ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
end
end
...
@@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
it
'does not include ability to read build'
do
expect
(
polic
ies
).
not_to
include
:read_build
expect
(
polic
y
).
not_to
be_allowed
:read_build
end
end
end
end
end
end
...
@@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do
context
'when public builds are enabled'
do
context
'when public builds are enabled'
do
it
'includes ability to read build'
do
it
'includes ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
end
end
...
@@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do
include_context
'public pipelines disabled'
include_context
'public pipelines disabled'
it
'does not include ability to read build'
do
it
'does not include ability to read build'
do
expect
(
polic
ies
).
to
include
:read_build
expect
(
polic
y
).
to
be_allowed
:read_build
end
end
end
end
end
end
...
@@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do
end
end
it
'does not include ability to update build'
do
it
'does not include ability to update build'
do
expect
(
polic
ies
).
not_to
include
:update_build
expect
(
polic
y
).
to
be_disallowed
:update_build
end
end
end
end
...
@@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do
end
end
it
'includes ability to update build'
do
it
'includes ability to update build'
do
expect
(
polic
ies
).
to
include
:update_build
expect
(
polic
y
).
to
be_allowed
:update_build
end
end
end
end
end
end
...
@@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do
let
(
:build
)
{
create
(
:ci_build
,
:manual
,
pipeline:
pipeline
)
}
let
(
:build
)
{
create
(
:ci_build
,
:manual
,
pipeline:
pipeline
)
}
it
'includes ability to update build'
do
it
'includes ability to update build'
do
expect
(
polic
ies
).
to
include
:update_build
expect
(
polic
y
).
to
be_allowed
:update_build
end
end
end
end
...
@@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do
...
@@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
let
(
:build
)
{
create
(
:ci_build
,
pipeline:
pipeline
)
}
it
'includes ability to update build'
do
it
'includes ability to update build'
do
expect
(
polic
ies
).
to
include
:update_build
expect
(
polic
y
).
to
be_allowed
:update_build
end
end
end
end
end
end
...
...
spec/policies/ci/trigger_policy_spec.rb
View file @
963b374d
...
@@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do
...
@@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do
let
(
:trigger
)
{
create
(
:ci_trigger
,
project:
project
,
owner:
owner
)
}
let
(
:trigger
)
{
create
(
:ci_trigger
,
project:
project
,
owner:
owner
)
}
let
(
:policies
)
do
let
(
:policies
)
do
described_class
.
abilities
(
user
,
trigger
).
to_set
described_class
.
new
(
user
,
trigger
)
end
end
shared_examples
'allows to admin and manage trigger'
do
shared_examples
'allows to admin and manage trigger'
do
it
'does include ability to admin trigger'
do
it
'does include ability to admin trigger'
do
expect
(
policies
).
to
include
:admin_trigger
expect
(
policies
).
to
be_allowed
:admin_trigger
end
end
it
'does include ability to manage trigger'
do
it
'does include ability to manage trigger'
do
expect
(
policies
).
to
include
:manage_trigger
expect
(
policies
).
to
be_allowed
:manage_trigger
end
end
end
end
shared_examples
'allows to manage trigger'
do
shared_examples
'allows to manage trigger'
do
it
'does not include ability to admin trigger'
do
it
'does not include ability to admin trigger'
do
expect
(
policies
).
not_to
include
:admin_trigger
expect
(
policies
).
not_to
be_allowed
:admin_trigger
end
end
it
'does include ability to manage trigger'
do
it
'does include ability to manage trigger'
do
expect
(
policies
).
to
include
:manage_trigger
expect
(
policies
).
to
be_allowed
:manage_trigger
end
end
end
end
shared_examples
'disallows to admin and manage trigger'
do
shared_examples
'disallows to admin and manage trigger'
do
it
'does not include ability to admin trigger'
do
it
'does not include ability to admin trigger'
do
expect
(
policies
).
not_to
include
:admin_trigger
expect
(
policies
).
not_to
be_allowed
:admin_trigger
end
end
it
'does not include ability to manage trigger'
do
it
'does not include ability to manage trigger'
do
expect
(
policies
).
not_to
include
:manage_trigger
expect
(
policies
).
not_to
be_allowed
:manage_trigger
end
end
end
end
...
...
spec/policies/deploy_key_policy_spec.rb
View file @
963b374d
require
'spec_helper'
require
'spec_helper'
describe
DeployKeyPolicy
,
models:
true
do
describe
DeployKeyPolicy
,
models:
true
do
subject
{
described_class
.
abilities
(
current_user
,
deploy_key
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
deploy_key
)
}
describe
'updating a deploy_key'
do
describe
'updating a deploy_key'
do
context
'when a regular user'
do
context
'when a regular user'
do
...
@@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do
...
@@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do
project
.
deploy_keys
<<
deploy_key
project
.
deploy_keys
<<
deploy_key
end
end
it
{
is_expected
.
to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
end
context
'tries to update private deploy key attached to other project'
do
context
'tries to update private deploy key attached to other project'
do
...
@@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do
...
@@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do
other_project
.
deploy_keys
<<
deploy_key
other_project
.
deploy_keys
<<
deploy_key
end
end
it
{
is_expected
.
not_to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_deploy_key
)
}
end
end
context
'tries to update public deploy key'
do
context
'tries to update public deploy key'
do
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
it
{
is_expected
.
not_to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_deploy_key
)
}
end
end
end
end
...
@@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do
...
@@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do
context
' tries to update private deploy key'
do
context
' tries to update private deploy key'
do
let
(
:deploy_key
)
{
create
(
:deploy_key
,
public:
false
)
}
let
(
:deploy_key
)
{
create
(
:deploy_key
,
public:
false
)
}
it
{
is_expected
.
to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
end
context
'when an admin user tries to update public deploy key'
do
context
'when an admin user tries to update public deploy key'
do
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
it
{
is_expected
.
to
include
(
:update_deploy_key
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
end
end
end
end
end
...
...
spec/policies/environment_policy_spec.rb
View file @
963b374d
...
@@ -8,8 +8,8 @@ describe EnvironmentPolicy do
...
@@ -8,8 +8,8 @@ describe EnvironmentPolicy do
create
(
:environment
,
:with_review_app
,
project:
project
)
create
(
:environment
,
:with_review_app
,
project:
project
)
end
end
let
(
:polic
ies
)
do
let
(
:polic
y
)
do
described_class
.
abilities
(
user
,
environment
).
to_set
described_class
.
new
(
user
,
environment
)
end
end
describe
'#rules'
do
describe
'#rules'
do
...
@@ -17,7 +17,7 @@ describe EnvironmentPolicy do
...
@@ -17,7 +17,7 @@ describe EnvironmentPolicy do
let
(
:project
)
{
create
(
:project
,
:private
)
}
let
(
:project
)
{
create
(
:project
,
:private
)
}
it
'does not include ability to stop environment'
do
it
'does not include ability to stop environment'
do
expect
(
polic
ies
).
not_to
include
:stop_environment
expect
(
polic
y
).
to
be_disallowed
:stop_environment
end
end
end
end
...
@@ -25,7 +25,7 @@ describe EnvironmentPolicy do
...
@@ -25,7 +25,7 @@ describe EnvironmentPolicy do
let
(
:project
)
{
create
(
:project
,
:public
)
}
let
(
:project
)
{
create
(
:project
,
:public
)
}
it
'does not include ability to stop environment'
do
it
'does not include ability to stop environment'
do
expect
(
polic
ies
).
not_to
include
:stop_environment
expect
(
polic
y
).
to
be_disallowed
:stop_environment
end
end
end
end
...
@@ -38,7 +38,7 @@ describe EnvironmentPolicy do
...
@@ -38,7 +38,7 @@ describe EnvironmentPolicy do
context
'when team member has ability to stop environment'
do
context
'when team member has ability to stop environment'
do
it
'does includes ability to stop environment'
do
it
'does includes ability to stop environment'
do
expect
(
polic
ies
).
to
include
:stop_environment
expect
(
polic
y
).
to
be_allowed
:stop_environment
end
end
end
end
...
@@ -49,7 +49,7 @@ describe EnvironmentPolicy do
...
@@ -49,7 +49,7 @@ describe EnvironmentPolicy do
end
end
it
'does not include ability to stop environment'
do
it
'does not include ability to stop environment'
do
expect
(
polic
ies
).
not_to
include
:stop_environment
expect
(
polic
y
).
to
be_disallowed
:stop_environment
end
end
end
end
end
end
...
...
spec/policies/group_policy_spec.rb
View file @
963b374d
...
@@ -36,16 +36,24 @@ describe GroupPolicy, models: true do
...
@@ -36,16 +36,24 @@ describe GroupPolicy, models: true do
group
.
add_owner
(
owner
)
group
.
add_owner
(
owner
)
end
end
subject
{
described_class
.
abilities
(
current_user
,
group
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
group
)
}
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
context
'with no user'
do
context
'with no user'
do
let
(
:current_user
)
{
nil
}
let
(
:current_user
)
{
nil
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
expect_disallowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -53,10 +61,10 @@ describe GroupPolicy, models: true do
...
@@ -53,10 +61,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
guest
}
let
(
:current_user
)
{
guest
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
expect_disallowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -64,10 +72,10 @@ describe GroupPolicy, models: true do
...
@@ -64,10 +72,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
reporter
}
let
(
:current_user
)
{
reporter
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -75,10 +83,10 @@ describe GroupPolicy, models: true do
...
@@ -75,10 +83,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
developer
}
let
(
:current_user
)
{
developer
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -86,10 +94,10 @@ describe GroupPolicy, models: true do
...
@@ -86,10 +94,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
master
}
let
(
:current_user
)
{
master
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -97,10 +105,10 @@ describe GroupPolicy, models: true do
...
@@ -97,10 +105,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
owner
}
let
(
:current_user
)
{
owner
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -108,10 +116,10 @@ describe GroupPolicy, models: true do
...
@@ -108,10 +116,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -130,16 +138,16 @@ describe GroupPolicy, models: true do
...
@@ -130,16 +138,16 @@ describe GroupPolicy, models: true do
nested_group
.
add_owner
(
owner
)
nested_group
.
add_owner
(
owner
)
end
end
subject
{
described_class
.
abilities
(
current_user
,
nested_group
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
nested_group
)
}
context
'with no user'
do
context
'with no user'
do
let
(
:current_user
)
{
nil
}
let
(
:current_user
)
{
nil
}
it
do
it
do
is_expected
.
not_to
include
(
:read_group
)
expect_disallowed
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
expect_disallowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -147,10 +155,10 @@ describe GroupPolicy, models: true do
...
@@ -147,10 +155,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
guest
}
let
(
:current_user
)
{
guest
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
not_to
include
(
*
reporter_permissions
)
expect_disallowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -158,10 +166,10 @@ describe GroupPolicy, models: true do
...
@@ -158,10 +166,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
reporter
}
let
(
:current_user
)
{
reporter
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -169,10 +177,10 @@ describe GroupPolicy, models: true do
...
@@ -169,10 +177,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
developer
}
let
(
:current_user
)
{
developer
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -180,10 +188,10 @@ describe GroupPolicy, models: true do
...
@@ -180,10 +188,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
master
}
let
(
:current_user
)
{
master
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -191,10 +199,10 @@ describe GroupPolicy, models: true do
...
@@ -191,10 +199,10 @@ describe GroupPolicy, models: true do
let
(
:current_user
)
{
owner
}
let
(
:current_user
)
{
owner
}
it
do
it
do
is_expected
.
to
include
(
:read_group
)
expect_allowed
(
:read_group
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
end
end
end
...
...
spec/policies/issue_policy_spec.rb
View file @
963b374d
...
@@ -9,7 +9,7 @@ describe IssuePolicy, models: true do
...
@@ -9,7 +9,7 @@ describe IssuePolicy, models: true do
let
(
:reporter_from_group_link
)
{
create
(
:user
)
}
let
(
:reporter_from_group_link
)
{
create
(
:user
)
}
def
permissions
(
user
,
issue
)
def
permissions
(
user
,
issue
)
described_class
.
abilities
(
user
,
issue
).
to_set
described_class
.
new
(
user
,
issue
)
end
end
context
'a private project'
do
context
'a private project'
do
...
@@ -30,42 +30,42 @@ describe IssuePolicy, models: true do
...
@@ -30,42 +30,42 @@ describe IssuePolicy, models: true do
end
end
it
'does not allow non-members to read issues'
do
it
'does not allow non-members to read issues'
do
expect
(
permissions
(
non_member
,
issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows guests to read issues'
do
it
'allows guests to read issues'
do
expect
(
permissions
(
guest
,
issue
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters to read, update, and admin issues'
do
it
'allows reporters to read, update, and admin issues'
do
expect
(
permissions
(
reporter
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters from group links to read, update, and admin issues'
do
it
'allows reporters from group links to read, update, and admin issues'
do
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows issue authors to read and update their issues'
do
it
'allows issue authors to read and update their issues'
do
expect
(
permissions
(
author
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
end
it
'allows issue assignees to read and update their issues'
do
it
'allows issue assignees to read and update their issues'
do
expect
(
permissions
(
assignee
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
end
context
'with confidential issues'
do
context
'with confidential issues'
do
...
@@ -73,37 +73,37 @@ describe IssuePolicy, models: true do
...
@@ -73,37 +73,37 @@ describe IssuePolicy, models: true do
let
(
:confidential_issue_no_assignee
)
{
create
(
:issue
,
:confidential
,
project:
project
)
}
let
(
:confidential_issue_no_assignee
)
{
create
(
:issue
,
:confidential
,
project:
project
)
}
it
'does not allow non-members to read confidential issues'
do
it
'does not allow non-members to read confidential issues'
do
expect
(
permissions
(
non_member
,
confidential_issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
confidential_issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
non_member
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'does not allow guests to read confidential issues'
do
it
'does not allow guests to read confidential issues'
do
expect
(
permissions
(
guest
,
confidential_issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters to read, update, and admin confidential issues'
do
it
'allows reporters to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters from group links to read, update, and admin confidential issues'
do
it
'allows reporters from group links to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows issue authors to read and update their confidential issues'
do
it
'allows issue authors to read and update their confidential issues'
do
expect
(
permissions
(
author
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows issue assignees to read and update their confidential issues'
do
it
'allows issue assignees to read and update their confidential issues'
do
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
end
end
end
end
...
@@ -123,37 +123,37 @@ describe IssuePolicy, models: true do
...
@@ -123,37 +123,37 @@ describe IssuePolicy, models: true do
end
end
it
'allows guests to read issues'
do
it
'allows guests to read issues'
do
expect
(
permissions
(
guest
,
issue
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters to read, update, and admin issues'
do
it
'allows reporters to read, update, and admin issues'
do
expect
(
permissions
(
reporter
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters from group links to read, update, and admin issues'
do
it
'allows reporters from group links to read, update, and admin issues'
do
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows issue authors to read and update their issues'
do
it
'allows issue authors to read and update their issues'
do
expect
(
permissions
(
author
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
end
it
'allows issue assignees to read and update their issues'
do
it
'allows issue assignees to read and update their issues'
do
expect
(
permissions
(
assignee
,
issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
include
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_allowed
(
:read_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
not_to
include
(
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
issue_no_assignee
)).
to
be_disallowed
(
:update_issue
,
:admin_issue
)
end
end
context
'with confidential issues'
do
context
'with confidential issues'
do
...
@@ -161,32 +161,32 @@ describe IssuePolicy, models: true do
...
@@ -161,32 +161,32 @@ describe IssuePolicy, models: true do
let
(
:confidential_issue_no_assignee
)
{
create
(
:issue
,
:confidential
,
project:
project
)
}
let
(
:confidential_issue_no_assignee
)
{
create
(
:issue
,
:confidential
,
project:
project
)
}
it
'does not allow guests to read confidential issues'
do
it
'does not allow guests to read confidential issues'
do
expect
(
permissions
(
guest
,
confidential_issue
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
guest
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows reporters to read, update, and admin confidential issues'
do
it
'allows reporters to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows reporter from group links to read, update, and admin confidential issues'
do
it
'allows reporter from group links to read, update, and admin confidential issues'
do
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
reporter_from_group_link
,
confidential_issue_no_assignee
)).
to
be_allowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows issue authors to read and update their confidential issues'
do
it
'allows issue authors to read and update their confidential issues'
do
expect
(
permissions
(
author
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
author
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
it
'allows issue assignees to read and update their confidential issues'
do
it
'allows issue assignees to read and update their confidential issues'
do
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
include
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_allowed
(
:read_issue
,
:update_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
not_to
include
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue
)).
to
be_disallowed
(
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
not_to
include
(
:read_issue
,
:update_issue
,
:admin_issue
)
expect
(
permissions
(
assignee
,
confidential_issue_no_assignee
)).
to
be_disallowed
(
:read_issue
,
:update_issue
,
:admin_issue
)
end
end
end
end
end
end
...
...
spec/policies/personal_snippet_policy_spec.rb
View file @
963b374d
...
@@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do
end
end
def
permissions
(
user
)
def
permissions
(
user
)
described_class
.
abilities
(
user
,
snippet
).
to_set
described_class
.
new
(
user
,
snippet
)
end
end
context
'public snippet'
do
context
'public snippet'
do
...
@@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
nil
)
}
subject
{
permissions
(
nil
)
}
it
do
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
regular_user
)
}
subject
{
permissions
(
regular_user
)
}
it
do
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
snippet
.
author
)
}
subject
{
permissions
(
snippet
.
author
)
}
it
do
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
*
author_permissions
)
end
end
end
end
end
end
...
@@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
nil
)
}
subject
{
permissions
(
nil
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
regular_user
)
}
subject
{
permissions
(
regular_user
)
}
it
do
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
external_user
)
}
subject
{
permissions
(
external_user
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
snippet
.
author
)
}
subject
{
permissions
(
snippet
.
author
)
}
it
do
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
*
author_permissions
)
end
end
end
end
end
end
...
@@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
nil
)
}
subject
{
permissions
(
nil
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
regular_user
)
}
subject
{
permissions
(
regular_user
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
external_user
)
}
subject
{
permissions
(
external_user
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_personal_snippet
)
is_expected
.
to
be_disallowed
(
:read_personal_snippet
)
is_expected
.
not_to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_disallowed
(
:comment_personal_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
is_expected
.
to
be_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do
...
@@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do
subject
{
permissions
(
snippet
.
author
)
}
subject
{
permissions
(
snippet
.
author
)
}
it
do
it
do
is_expected
.
to
include
(
:read_personal_snippet
)
is_expected
.
to
be_allowed
(
:read_personal_snippet
)
is_expected
.
to
include
(
:comment_personal_snippet
)
is_expected
.
to
be_allowed
(
:comment_personal_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
is_expected
.
to
be_allowed
(
*
author_permissions
)
end
end
end
end
end
end
...
...
spec/policies/project_policy_spec.rb
View file @
963b374d
...
@@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do
...
@@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do
project
.
team
<<
[
reporter
,
:reporter
]
project
.
team
<<
[
reporter
,
:reporter
]
end
end
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
it
'does not include the read_issue permission when the issue author is not a member of the private project'
do
project
=
create
(
:empty_project
,
:private
)
project
=
create
(
:empty_project
,
:private
)
issue
=
create
(
:issue
,
project:
project
)
issue
=
create
(
:issue
,
project:
project
)
user
=
issue
.
author
user
=
issue
.
author
expect
(
project
.
team
.
member?
(
issue
.
author
)).
to
eq
(
false
)
expect
(
project
.
team
.
member?
(
issue
.
author
)).
to
be
false
expect
(
BasePolicy
.
class_for
(
project
).
abilities
(
user
,
project
).
can_set
)
.
not_to
include
(
:read_issue
)
expect
(
Ability
.
allowed?
(
user
,
:read_issue
,
project
)).
to
be_falsy
expect
(
Ability
).
not_to
be_allowed
(
user
,
:read_issue
,
project
)
end
end
it
'does not include the wiki permissions when the feature is disabled'
do
context
'when the feature is disabled'
do
project
.
project_feature
.
update_attribute
(
:wiki_access_level
,
ProjectFeature
::
DISABLED
)
subject
{
described_class
.
new
(
owner
,
project
)
}
wiki_permissions
=
[
:read_wiki
,
:create_wiki
,
:update_wiki
,
:admin_wiki
,
:download_wiki_code
]
permissions
=
described_class
.
abilities
(
owner
,
project
).
to_set
before
do
project
.
project_feature
.
update_attribute
(
:wiki_access_level
,
ProjectFeature
::
DISABLED
)
end
expect
(
permissions
).
not_to
include
(
*
wiki_permissions
)
it
'does not include the wiki permissions'
do
expect_disallowed
:read_wiki
,
:create_wiki
,
:update_wiki
,
:admin_wiki
,
:download_wiki_code
end
end
end
context
'abilities for non-public projects'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:empty_project
,
namespace:
owner
.
namespace
)
}
let
(
:project
)
{
create
(
:empty_project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
abilities
(
current_user
,
project
).
to_set
}
subject
{
described_class
.
new
(
current_user
,
project
)
}
context
'with no user'
do
context
'with no user'
do
let
(
:current_user
)
{
nil
}
let
(
:current_user
)
{
nil
}
it
{
is_expected
.
to
be_
empty
}
it
{
is_expected
.
to
be_
banned
}
end
end
context
'guests'
do
context
'guests'
do
...
@@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do
...
@@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do
end
end
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
not_to
include
(
*
reporter_public_build_permissions
)
expect_disallowed
(
*
reporter_public_build_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
expect_disallowed
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
context
'public builds enabled'
do
context
'public builds enabled'
do
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
to
include
(
:read_build
,
:read_pipeline
)
expect_allowed
(
:read_build
,
:read_pipeline
)
end
end
end
end
...
@@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do
...
@@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do
end
end
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
not_to
include
(
:read_build
,
:read_pipeline
)
expect_disallowed
(
:read_build
,
:read_pipeline
)
end
end
end
end
...
@@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do
...
@@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
reporter
}
let
(
:current_user
)
{
reporter
}
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
developer_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
master_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do
...
@@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
dev
}
let
(
:current_user
)
{
dev
}
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
expect_allowed
(
*
developer_permissions
)
is_expected
.
not_to
include
(
*
master_permissions
)
expect_disallowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do
...
@@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
master
}
let
(
:current_user
)
{
master
}
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
expect_allowed
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
not_to
include
(
*
owner_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do
...
@@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
owner
}
let
(
:current_user
)
{
owner
}
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
to
include
(
*
team_member_reporter_permissions
)
expect_allowed
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
expect_allowed
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
end
...
@@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do
...
@@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
do
it
do
is_expected
.
to
include
(
*
guest_permissions
)
expect_allowed
(
*
guest_permissions
)
is_expected
.
to
include
(
*
reporter_permissions
)
expect_allowed
(
*
reporter_permissions
)
is_expected
.
not_to
include
(
*
team_member_reporter_permissions
)
expect_disallowed
(
*
team_member_reporter_permissions
)
is_expected
.
to
include
(
*
developer_permissions
)
expect_allowed
(
*
developer_permissions
)
is_expected
.
to
include
(
*
master_permissions
)
expect_allowed
(
*
master_permissions
)
is_expected
.
to
include
(
*
owner_permissions
)
expect_allowed
(
*
owner_permissions
)
end
end
end
end
end
end
...
...
spec/policies/project_snippet_policy_spec.rb
View file @
963b374d
...
@@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do
def
abilities
(
user
,
snippet_visibility
)
def
abilities
(
user
,
snippet_visibility
)
snippet
=
create
(
:project_snippet
,
snippet_visibility
,
project:
project
)
snippet
=
create
(
:project_snippet
,
snippet_visibility
,
project:
project
)
described_class
.
abilities
(
user
,
snippet
).
to_set
described_class
.
new
(
user
,
snippet
)
end
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
end
context
'public snippet'
do
context
'public snippet'
do
...
@@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
nil
,
:public
)
}
subject
{
abilities
(
nil
,
:public
)
}
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
regular_user
,
:public
)
}
subject
{
abilities
(
regular_user
,
:public
)
}
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
external_user
,
:public
)
}
subject
{
abilities
(
external_user
,
:public
)
}
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
end
end
...
@@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
nil
,
:internal
)
}
subject
{
abilities
(
nil
,
:internal
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
expect_disallowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
regular_user
,
:internal
)
}
subject
{
abilities
(
regular_user
,
:internal
)
}
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
external_user
,
:internal
)
}
subject
{
abilities
(
external_user
,
:internal
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
expect_disallowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do
end
end
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
end
end
...
@@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
nil
,
:private
)
}
subject
{
abilities
(
nil
,
:private
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
expect_disallowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
regular_user
,
:private
)
}
subject
{
abilities
(
regular_user
,
:private
)
}
it
do
it
do
is_expected
.
not_to
include
(
:read_project_snippet
)
expect_disallowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
context
'snippet author'
do
context
'snippet author'
do
let
(
:snippet
)
{
create
(
:project_snippet
,
:private
,
author:
regular_user
,
project:
project
)
}
let
(
:snippet
)
{
create
(
:project_snippet
,
:private
,
author:
regular_user
,
project:
project
)
}
subject
{
described_class
.
abilities
(
regular_user
,
snippet
).
to_set
}
subject
{
described_class
(
regular_user
,
snippet
)
}
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
expect_allowed
(
*
author_permissions
)
end
end
end
end
...
@@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do
end
end
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do
end
end
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
not_to
include
(
*
author_permissions
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
...
@@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do
...
@@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do
subject
{
abilities
(
create
(
:admin
),
:private
)
}
subject
{
abilities
(
create
(
:admin
),
:private
)
}
it
do
it
do
is_expected
.
to
include
(
:read_project_snippet
)
expect_allowed
(
:read_project_snippet
)
is_expected
.
to
include
(
*
author_permissions
)
expect_allowed
(
*
author_permissions
)
end
end
end
end
end
end
...
...
spec/policies/user_policy_spec.rb
View file @
963b374d
...
@@ -4,34 +4,34 @@ describe UserPolicy, models: true do
...
@@ -4,34 +4,34 @@ describe UserPolicy, models: true do
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
subject
{
described_class
.
abilities
(
current_user
,
user
).
to_set
}
subject
{
UserPolicy
.
new
(
current_user
,
user
)
}
describe
"reading a user's information"
do
describe
"reading a user's information"
do
it
{
is_expected
.
to
include
(
:read_user
)
}
it
{
is_expected
.
to
be_allowed
(
:read_user
)
}
end
end
describe
"destroying a user"
do
describe
"destroying a user"
do
context
"when a regular user tries to destroy another regular user"
do
context
"when a regular user tries to destroy another regular user"
do
it
{
is_expected
.
not_to
include
(
:destroy_user
)
}
it
{
is_expected
.
not_to
be_allowed
(
:destroy_user
)
}
end
end
context
"when a regular user tries to destroy themselves"
do
context
"when a regular user tries to destroy themselves"
do
let
(
:current_user
)
{
user
}
let
(
:current_user
)
{
user
}
it
{
is_expected
.
to
include
(
:destroy_user
)
}
it
{
is_expected
.
to
be_allowed
(
:destroy_user
)
}
end
end
context
"when an admin user tries to destroy a regular user"
do
context
"when an admin user tries to destroy a regular user"
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
{
is_expected
.
to
include
(
:destroy_user
)
}
it
{
is_expected
.
to
be_allowed
(
:destroy_user
)
}
end
end
context
"when an admin user tries to destroy a ghost user"
do
context
"when an admin user tries to destroy a ghost user"
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:user
)
{
create
(
:user
,
:ghost
)
}
let
(
:user
)
{
create
(
:user
,
:ghost
)
}
it
{
is_expected
.
not_to
include
(
:destroy_user
)
}
it
{
is_expected
.
not_to
be_allowed
(
:destroy_user
)
}
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment