Commit c5f7e20a authored by Douwe Maan's avatar Douwe Maan

Merge branch 'rc/refactor-project_policy_spec' into 'master'

Refactor spec/policies/project_policy_spec.rb to minimize the diff with CE

See merge request gitlab-org/gitlab-ee!2953
parents 6fb05fee 1c71a629
require 'spec_helper' require 'spec_helper'
describe ProjectPolicy do describe ProjectPolicy do
let(:guest) { create(:user) } set(:guest) { create(:user) }
let(:reporter) { create(:user) } set(:reporter) { create(:user) }
let(:dev) { create(:user) } set(:developer) { create(:user) }
let(:master) { create(:user) } set(:master) { create(:user) }
let(:owner) { create(:user) } set(:owner) { create(:user) }
let(:auditor) { create(:user, :auditor) } set(:admin) { create(:admin) }
let(:admin) { create(:admin) }
let(:project) { create(:project, :public, namespace: owner.namespace) } let(:project) { create(:project, :public, namespace: owner.namespace) }
let(:guest_permissions) do let(:base_guest_permissions) do
%i[ %i[
read_project read_board read_list read_wiki read_issue read_label read_project read_board read_list read_wiki read_issue read_label
read_issue_link read_milestone read_project_snippet read_project_member read_milestone read_project_snippet read_project_member
read_note create_project create_issue create_note read_note create_project create_issue create_note
upload_file upload_file
] ]
end end
let(:reporter_permissions) do let(:base_reporter_permissions) do
%i[ %i[
download_code fork_project create_project_snippet update_issue download_code fork_project create_project_snippet update_issue
admin_issue admin_label admin_issue_link admin_list read_commit_status read_build admin_issue admin_label admin_list read_commit_status read_build
read_container_image read_pipeline read_environment read_deployment read_container_image read_pipeline read_environment read_deployment
read_merge_request download_wiki_code read_merge_request download_wiki_code
] ]
...@@ -42,10 +41,9 @@ describe ProjectPolicy do ...@@ -42,10 +41,9 @@ describe ProjectPolicy do
] ]
end end
let(:master_permissions) do let(:base_master_permissions) do
%i[ %i[
push_code_to_protected_branches delete_protected_branch delete_protected_branch update_project_snippet update_environment
update_project_snippet update_environment
update_deployment admin_project_snippet update_deployment admin_project_snippet
admin_project_member admin_note admin_wiki admin_project admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image admin_commit_status admin_build admin_container_image
...@@ -68,21 +66,20 @@ describe ProjectPolicy do ...@@ -68,21 +66,20 @@ describe ProjectPolicy do
] ]
end end
let(:auditor_permissions) do # Used in EE specs
%i[ let(:additional_guest_permissions) { [] }
download_code download_wiki_code read_project read_board read_list let(:additional_reporter_permissions) { [] }
read_wiki read_issue read_label read_issue_link read_milestone read_project_snippet let(:additional_master_permissions) { [] }
read_project_member read_note read_cycle_analytics read_pipeline
read_build read_commit_status read_container_image read_environment let(:guest_permissions) { base_guest_permissions + additional_guest_permissions }
read_deployment read_merge_request read_pages let(:reporter_permissions) { base_reporter_permissions + additional_reporter_permissions }
] let(:master_permissions) { base_master_permissions + additional_master_permissions }
end
before do before do
project.team << [guest, :guest] project.add_guest(guest)
project.team << [master, :master] project.add_master(master)
project.team << [dev, :developer] project.add_developer(developer)
project.team << [reporter, :reporter] project.add_reporter(reporter)
end end
def expect_allowed(*permissions) def expect_allowed(*permissions)
...@@ -139,7 +136,9 @@ describe ProjectPolicy do ...@@ -139,7 +136,9 @@ describe ProjectPolicy do
end end
end end
context 'when a project has pending invites, and the current user is anonymous' do shared_examples 'project policies as anonymous' do
context 'abilities for public projects' do
context 'when a project has pending invites' do
let(:group) { create(:group, :public) } let(:group) { create(:group, :public) }
let(:project) { create(:project, :public, namespace: group) } let(:project) { create(:project, :public, namespace: group) }
let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] } let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
...@@ -156,21 +155,22 @@ describe ProjectPolicy do ...@@ -156,21 +155,22 @@ describe ProjectPolicy do
expect_disallowed(*user_permissions) expect_disallowed(*user_permissions)
end end
end end
end
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) } let(:project) { create(:project, namespace: owner.namespace) }
subject { described_class.new(current_user, project) } subject { described_class.new(nil, project) }
context 'with no user' do
let(:current_user) { nil }
it { is_expected.to be_banned } it { is_expected.to be_banned }
end end
end
context 'guests' do shared_examples 'project policies as guest' do
let(:current_user) { guest } subject { described_class.new(guest, project) }
context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) }
let(:reporter_public_build_permissions) do let(:reporter_public_build_permissions) do
reporter_permissions - [:read_build, :read_pipeline] reporter_permissions - [:read_build, :read_pipeline]
end end
...@@ -191,7 +191,7 @@ describe ProjectPolicy do ...@@ -191,7 +191,7 @@ describe ProjectPolicy do
end end
end end
context 'public builds disabled' do context 'when public builds disabled' do
before do before do
project.update(public_builds: false) project.update(public_builds: false)
end end
...@@ -204,8 +204,7 @@ describe ProjectPolicy do ...@@ -204,8 +204,7 @@ describe ProjectPolicy do
context 'when builds are disabled' do context 'when builds are disabled' do
before do before do
project.project_feature.update( project.project_feature.update(builds_access_level: ProjectFeature::DISABLED)
builds_access_level: ProjectFeature::DISABLED)
end end
it do it do
...@@ -214,9 +213,13 @@ describe ProjectPolicy do ...@@ -214,9 +213,13 @@ describe ProjectPolicy do
end end
end end
end end
end
shared_examples 'project policies as reporter' do
context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) }
context 'reporter' do subject { described_class.new(reporter, project) }
let(:current_user) { reporter }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -228,9 +231,13 @@ describe ProjectPolicy do ...@@ -228,9 +231,13 @@ describe ProjectPolicy do
expect_disallowed(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
end
shared_examples 'project policies as developer' do
context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) }
context 'developer' do subject { described_class.new(developer, project) }
let(:current_user) { dev }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -241,9 +248,13 @@ describe ProjectPolicy do ...@@ -241,9 +248,13 @@ describe ProjectPolicy do
expect_disallowed(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
end
context 'master' do shared_examples 'project policies as master' do
let(:current_user) { master } context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) }
subject { described_class.new(master, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -254,9 +265,13 @@ describe ProjectPolicy do ...@@ -254,9 +265,13 @@ describe ProjectPolicy do
expect_disallowed(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
end
context 'owner' do shared_examples 'project policies as owner' do
let(:current_user) { owner } context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) }
subject { described_class.new(owner, project) }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -267,9 +282,13 @@ describe ProjectPolicy do ...@@ -267,9 +282,13 @@ describe ProjectPolicy do
expect_allowed(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
end
shared_examples 'project policies as admin' do
context 'abilities for non-public projects' do
let(:project) { create(:project, namespace: owner.namespace) }
context 'admin' do subject { described_class.new(admin, project) }
let(:current_user) { admin }
it do it do
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
...@@ -280,11 +299,44 @@ describe ProjectPolicy do ...@@ -280,11 +299,44 @@ describe ProjectPolicy do
expect_allowed(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
end
it_behaves_like 'project policies as anonymous'
it_behaves_like 'project policies as guest'
it_behaves_like 'project policies as reporter'
it_behaves_like 'project policies as developer'
it_behaves_like 'project policies as master'
it_behaves_like 'project policies as owner'
it_behaves_like 'project policies as admin'
context 'EE' do
let(:additional_guest_permissions) { [:read_issue_link] }
let(:additional_reporter_permissions) { [:admin_issue_link]}
let(:additional_master_permissions) { [:push_code_to_protected_branches] }
let(:auditor_permissions) do
%i[
download_code download_wiki_code read_project read_board read_list
read_wiki read_issue read_label read_issue_link read_milestone read_project_snippet
read_project_member read_note read_cycle_analytics read_pipeline
read_build read_commit_status read_container_image read_environment
read_deployment read_merge_request read_pages
]
end
it_behaves_like 'project policies as anonymous'
it_behaves_like 'project policies as guest'
it_behaves_like 'project policies as reporter'
it_behaves_like 'project policies as developer'
it_behaves_like 'project policies as master'
it_behaves_like 'project policies as owner'
it_behaves_like 'project policies as admin'
context 'auditor' do context 'auditor' do
let(:current_user) { auditor } let(:auditor) { create(:user, :auditor) }
subject { described_class.new(auditor, project) }
context 'not a team member' do context 'who is not a team member' do
it do it do
is_expected.to be_disallowed(*developer_permissions) is_expected.to be_disallowed(*developer_permissions)
is_expected.to be_disallowed(*master_permissions) is_expected.to be_disallowed(*master_permissions)
...@@ -294,9 +346,9 @@ describe ProjectPolicy do ...@@ -294,9 +346,9 @@ describe ProjectPolicy do
end end
end end
context 'team member' do context 'who is a team member' do
before do before do
project.team << [auditor, :guest] project.add_guest(auditor)
end end
it do it do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment