Merge branch 'replace-build-permissions' into 'master'

Replace project builds permissions spinach with RSpec

See merge request gitlab-org/gitlab-ce!18306

features/project/builds/permissions.feature

-Feature: Project Builds Permissions
-  Background:
-    Given I sign in as a user
-    And project exists in some group namespace
-    And project has CI enabled
-    And project has a recent build
-
-  Scenario: I try to visit build details as guest
-    Given I am member of a project with a guest role
-    When I visit recent build details page
-    Then page status code should be 404
-
-  Scenario: I try to visit project builds page as guest
-    Given I am member of a project with a guest role
-    When I visit project builds page
-    Then page status code should be 404
-
-  Scenario: I try to visit build details of internal project without access to builds
-    Given The project is internal
-    And public access for builds is disabled
-    When I visit recent build details page
-    Then page status code should be 404
-
-  Scenario: I try to visit internal project builds page without access to builds
-    Given The project is internal
-    And public access for builds is disabled
-    When I visit project builds page
-    Then page status code should be 404
-
-  @javascript
-  Scenario: I try to visit build details of internal project with access to builds
-    Given The project is internal
-    And public access for builds is enabled
-    When I visit recent build details page
-    Then I see details of a build
-    And I see build trace
-
-  Scenario: I try to visit internal project builds page with access to builds
-    Given The project is internal
-    And public access for builds is enabled
-    When I visit project builds page
-    Then I see the build
-
-  Scenario: I try to download build artifacts as guest
-    Given I am member of a project with a guest role
-    And recent build has artifacts available
-    When I access artifacts download page
-    Then page status code should be 404
-
-  Scenario: I try to download build artifacts as reporter
-    Given I am member of a project with a reporter role
-    And recent build has artifacts available
-    When I access artifacts download page
-    Then download of build artifacts archive starts

features/steps/project/builds/permissions.rb

-class Spinach::Features::ProjectBuildsPermissions < Spinach::FeatureSteps
-  include SharedAuthentication
-  include SharedProject
-  include SharedBuilds
-  include SharedPaths
-  include RepoHelpers
-end

features/steps/shared/builds.rb

@@ -30,10 +30,6 @@ module SharedBuilds
     visit project_job_path(@project, @build)
   end
 
-  step 'I visit project builds page' do
-    visit project_jobs_path(@project)
-  end
-
   step 'recent build has artifacts available' do
     artifacts = Rails.root + 'spec/fixtures/ci_build_artifacts.zip'
     archive = fixture_file_upload(artifacts, 'application/zip')
@@ -54,25 +50,4 @@ module SharedBuilds
     expect(page.response_headers['Content-Type']).to eq 'application/zip'
     expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
   end
-
-  step 'I access artifacts download page' do
-    visit download_project_job_artifacts_path(@project, @build)
-  end
-
-  step 'I see details of a build' do
-    expect(page).to have_content "Job ##{@build.id}"
-  end
-
-  step 'I see build trace' do
-    expect(page).to have_css '#build-trace'
-  end
-
-  step 'I see the build' do
-    page.within('.build') do
-      expect(page).to have_content "##{@build.id}"
-      expect(page).to have_content @build.sha[0..7]
-      expect(page).to have_content @build.ref
-      expect(page).to have_content @build.name
-    end
-  end
 end

features/steps/shared/paths.rb

@@ -435,12 +435,4 @@ module SharedPaths
     mr = MergeRequest.find_by(title: title)
     project_merge_request_path(mr.target_project, mr)
   end
-
-  # ----------------------------------------
-  # Errors
-  # ----------------------------------------
-
-  step 'page status code should be 404' do
-    expect(status_code).to eq 404
-  end
 end

features/steps/shared/project.rb

@@ -13,11 +13,6 @@ module SharedProject
     @project.add_master(@user)
   end
 
-  step "project exists in some group namespace" do
-    @group = create(:group, name: 'some group')
-    @project = create(:project, :repository, namespace: @group, public_builds: false)
-  end
-
   # Create a specific project called "Shop"
   step 'I own project "Shop"' do
     @project = Project.find_by(name: "Shop")
@@ -29,18 +24,6 @@ module SharedProject
     @project ||= Project.first
   end
 
-  # ----------------------------------------
-  # Project permissions
-  # ----------------------------------------
-
-  step 'I am member of a project with a guest role' do
-    @project.add_guest(@user)
-  end
-
-  step 'I am member of a project with a reporter role' do
-    @project.add_reporter(@user)
-  end
-
   # ----------------------------------------
   # Visibility of archived project
   # ----------------------------------------
@@ -140,18 +123,6 @@ module SharedProject
     create(:label, project: project, title: 'enhancement')
   end
 
-  step 'The project is internal' do
-    @project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
-  end
-
-  step 'public access for builds is enabled' do
-    @project.update(public_builds: true)
-  end
-
-  step 'public access for builds is disabled' do
-    @project.update(public_builds: false)
-  end
-
   def user_owns_project(user_name:, project_name:, visibility: :private)
     user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
     project = Project.find_by(name: project_name)

spec/features/projects/jobs/permissions_spec.rb

+require 'spec_helper'
+
+describe 'Project Jobs Permissions' do
+  let(:user) { create(:user) }
+  let(:group) { create(:group, name: 'some group') }
+  let(:project) { create(:project, :repository, namespace: group) }
+  let(:pipeline) { create(:ci_empty_pipeline, project: project, sha: project.commit.sha, ref: 'master') }
+  let!(:job) { create(:ci_build, :running, :coverage, :trace_artifact, pipeline: pipeline) }
+
+  before do
+    sign_in(user)
+
+    project.enable_ci
+  end
+
+  describe 'jobs pages' do
+    shared_examples 'recent job page details responds with status' do |status|
+      before do
+        visit project_job_path(project, job)
+      end
+
+      it { expect(status_code).to eq(status) }
+    end
+
+    shared_examples 'project jobs page responds with status' do |status|
+      before do
+        visit project_jobs_path(project)
+      end
+
+      it { expect(status_code).to eq(status) }
+    end
+
+    context 'when public access for jobs is disabled' do
+      before do
+        project.update(public_builds: false)
+      end
+
+      context 'when user is a guest' do
+        before do
+          project.add_guest(user)
+        end
+
+        it_behaves_like 'recent job page details responds with status', 404
+        it_behaves_like 'project jobs page responds with status', 404
+      end
+
+      context 'when project is internal' do
+        before do
+          project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+        end
+
+        it_behaves_like 'recent job page details responds with status', 404
+        it_behaves_like 'project jobs page responds with status', 404
+      end
+    end
+
+    context 'when public access for jobs is enabled' do
+      before do
+        project.update(public_builds: true)
+      end
+
+      context 'when project is internal' do
+        before do
+          project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+        end
+
+        it_behaves_like 'recent job page details responds with status', 200 do
+          it 'renders job details', :js do
+            expect(page).to have_content "Job ##{job.id}"
+            expect(page).to have_css '#build-trace'
+          end
+        end
+
+        it_behaves_like 'project jobs page responds with status', 200 do
+          it 'renders job' do
+            page.within('.build') do
+              expect(page).to have_content("##{job.id}")
+                .and have_content(job.sha[0..7])
+                .and have_content(job.ref)
+                .and have_content(job.name)
+            end
+          end
+        end
+      end
+    end
+  end
+
+  describe 'artifacts page' do
+    context 'when recent job has artifacts available' do
+      before do
+        artifacts = Rails.root.join('spec/fixtures/ci_build_artifacts.zip')
+        archive = fixture_file_upload(artifacts, 'application/zip')
+
+        job.update_attributes(legacy_artifacts_file: archive)
+      end
+
+      context 'when public access for jobs is disabled' do
+        before do
+          project.update(public_builds: false)
+        end
+
+        context 'when user with guest role' do
+          before do
+            project.add_guest(user)
+          end
+
+          it 'responds with 404 status' do
+            visit download_project_job_artifacts_path(project, job)
+
+            expect(status_code).to eq(404)
+          end
+        end
+
+        context 'when user with reporter role' do
+          before do
+            project.add_reporter(user)
+          end
+
+          it 'starts download artifact' do
+            visit download_project_job_artifacts_path(project, job)
+
+            expect(status_code).to eq(200)
+            expect(page.response_headers['Content-Type']).to eq 'application/zip'
+            expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
+          end
+        end
+      end
+    end
+  end
+end