Use NamespacePolicy as base namespace policy class

- subclass NamespacePolicy from BasePolicy - subclass UserNamespacePolicy from NamespacePolicy - subclass ProjectNamespacePolicy from NamespacePolicy - update ProjectNamespace specs to disallow everything

Use NamespacePolicy as base namespace policy class
- subclass NamespacePolicy from BasePolicy - subclass UserNamespacePolicy from NamespacePolicy - subclass ProjectNamespacePolicy from NamespacePolicy - update ProjectNamespace specs to disallow everything
ab2d75db · charlie ablett · 95f43e44 · ab2d75db · ab2d75db · ab2d75db
Commit ab2d75db authored Dec 01, 2021 by charlie ablett
4 changed files
--- a/app/policies/namespace_policy.rb
+++ b/app/policies/namespace_policy.rb
 # frozen_string_literal: true

-class NamespacePolicy < ::Namespaces::UserNamespacePolicy
+class NamespacePolicy < BasePolicy
  # NamespacePolicy has been traditionally for user namespaces.
  # So these policies have been moved into Namespaces::UserNamespacePolicy.
  # Once the user namespace conversion is complete, we can look at
  # either removing this file or locating common namespace policy items
  # here.
+  # See https://gitlab.com/groups/gitlab-org/-/epics/6689 for details
 end
--- a/app/policies/namespaces/project_namespace_policy.rb
+++ b/app/policies/namespaces/project_namespace_policy.rb
 # frozen_string_literal: true

 module Namespaces
-  class ProjectNamespacePolicy < BasePolicy
+  class ProjectNamespacePolicy < NamespacePolicy
    # For now users are not granted any permissions on project namespace
    # as it's completely hidden to them. When we start using project
    # namespaces in queries, we will have to extend this policy.

--- a/app/policies/namespaces/user_namespace_policy.rb
+++ b/app/policies/namespaces/user_namespace_policy.rb
 # frozen_string_literal: true

 module Namespaces
-  class UserNamespacePolicy < BasePolicy
+  class UserNamespacePolicy < ::NamespacePolicy
    rule { anonymous }.prevent_all

    condition(:personal_project, scope: :subject) { @subject.kind == 'user' }

--- a/spec/policies/namespaces/project_namespace_policy_spec.rb
+++ b/spec/policies/namespaces/project_namespace_policy_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-RSpec.describe NamespacePolicy do
+RSpec.describe Namespaces::ProjectNamespacePolicy do
  let_it_be(:parent) { create(:namespace) }
  let_it_be(:project) { create(:project, namespace: parent) }
  let_it_be(:namespace) { project.project_namespace }
@@ -37,7 +37,7 @@ RSpec.describe NamespacePolicy do
    let_it_be(:current_user) { create(:admin) }

    context 'when admin mode is enabled', :enable_admin_mode do
-      it { is_expected.to be_allowed(*permissions) }
+      it { is_expected.to be_disallowed(*permissions) }
    end

    context 'when admin mode is disabled' do