Commit dc1149df authored by Diego Louzán's avatar Diego Louzán Committed by Imre Farkas

Migrate CE & EE controller specs to consider admin mode

parent 3cffcea5
......@@ -267,7 +267,7 @@ describe GroupsController do
sign_in(user)
end
context 'when user is an admin' do
context 'when user is an admin with admin mode enabled', :enable_admin_mode do
let(:user) { create(:admin) }
it 'updates max_pages_size' do
......@@ -277,6 +277,14 @@ describe GroupsController do
end
end
context 'when user is an admin with admin mode disabled' do
it 'does not update max_pages_size' do
request
expect(group.reload.max_pages_size).to eq(nil)
end
end
context 'when user is not an admin' do
it 'does not update max_pages_size' do
request
......
......@@ -38,11 +38,19 @@ describe Projects::JobsController do
context 'with admin' do
let(:user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns 200' do
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'when admin mode is disabled' do
it 'returns 404' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with owner' do
let(:user) { owner }
......
......@@ -60,11 +60,13 @@ describe ProfilesController, :request_store do
end
end
context 'as an admin in admin mode', :enable_admin_mode do
it_behaves_like 'a user can update their name' do
let(:current_user) { admin }
end
end
end
end
context 'when `disable_name_update_for_users` feature is not available' do
before do
......
......@@ -61,7 +61,12 @@ describe Projects::ClustersController do
allow(controller).to receive(:prometheus_adapter).and_return(prometheus_adapter)
end
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(clusterable) }
it { expect { go }.to be_allowed_for(:maintainer).of(clusterable) }
it { expect { go }.to be_denied_for(:developer).of(clusterable) }
......
......@@ -64,7 +64,7 @@ describe Projects::DeployKeysController do
let(:deploy_key) { create(:deploy_key) }
let!(:deploy_key_project) { create(:deploy_keys_project, project: project, deploy_key: deploy_key) }
context 'with admin' do
context 'with admin', :enable_admin_mode do
before do
sign_in(create(:admin))
end
......
......@@ -71,7 +71,7 @@ describe Projects::MirrorsController do
stub_application_setting(mirror_available: false)
end
context 'when user is admin' do
context 'when user is admin', :enable_admin_mode do
let(:admin) { create(:user, :admin) }
it 'creates a new mirror' do
......
......@@ -30,6 +30,7 @@ describe Projects::PagesController do
sign_in(admin)
end
context 'when admin mode is enabled', :enable_admin_mode do
it 'updates max_pages_size' do
request
......@@ -37,6 +38,15 @@ describe Projects::PagesController do
end
end
context 'when admin mode is disabled' do
it 'does not update max_pages_size' do
request
expect(project.reload.max_pages_size).to eq(nil)
end
end
end
context 'when user is not an admin' do
it 'does not update max_pages_size' do
request
......
......@@ -71,7 +71,7 @@ describe Projects::PushRulesController do
PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr|
context "Updating #{rule_attr} rule" do
context 'as an admin' do
context 'as an admin in admin mode', :enable_admin_mode do
let(:user) { create(:admin) }
it_behaves_like 'a setting with global default', rule_attr, updates: true
......
......@@ -29,11 +29,19 @@ describe Projects::WebIdeTerminalsController do
context 'with admin' do
let(:user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns 200' do
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'when admin mode is disabled' do
it 'returns 404' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with owner' do
let(:user) { owner }
......@@ -124,7 +132,7 @@ describe Projects::WebIdeTerminalsController do
let(:user) { admin }
let(:result) { { status: :error } }
it 'returns 422' do
it 'returns 422', :enable_admin_mode do
expect(response).to have_gitlab_http_status(:unprocessable_entity)
end
end
......@@ -160,7 +168,7 @@ describe Projects::WebIdeTerminalsController do
let(:user) { admin }
let(:branch) { 'foobar' }
it 'returns 400' do
it 'returns 400', :enable_admin_mode do
subject
expect(response).to have_gitlab_http_status(:bad_request)
......@@ -170,7 +178,7 @@ describe Projects::WebIdeTerminalsController do
context 'when there is an error creating the job' do
let(:user) { admin }
it 'returns 400' do
it 'returns 400', :enable_admin_mode do
allow_next_instance_of(::Ci::CreateWebIdeTerminalService) do |instance|
allow(instance).to receive(:execute).and_return(status: :error, message: 'foobar')
end
......
......@@ -748,7 +748,7 @@ describe ApplicationController do
end
end
describe '#current_user_mode', :do_not_mock_admin_mode do
describe '#current_user_mode' do
include_context 'custom session'
controller(described_class) do
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
describe EnforcesAdminAuthentication, :do_not_mock_admin_mode do
describe EnforcesAdminAuthentication do
include AdminModeHelper
let(:user) { create(:user) }
......
......@@ -180,6 +180,11 @@ describe Groups::Settings::CiCdController do
group.add_owner(user)
end
context 'when admin mode is disabled' do
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'when admin mode is enabled', :enable_admin_mode do
it { is_expected.to redirect_to(group_settings_ci_cd_path) }
context 'when service execution went wrong' do
......@@ -210,6 +215,7 @@ describe Groups::Settings::CiCdController do
end
end
end
end
describe 'POST create_deploy_token' do
context 'when ajax_new_deploy_token feature flag is disabled for the project' do
......
......@@ -10,7 +10,12 @@ describe Projects::Clusters::ApplicationsController do
end
shared_examples 'a secure endpoint' do
it { expect { subject }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { subject }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { subject }.to be_denied_for(:admin)
end
it { expect { subject }.to be_allowed_for(:owner).of(project) }
it { expect { subject }.to be_allowed_for(:maintainer).of(project) }
it { expect { subject }.to be_denied_for(:developer).of(project) }
......
......@@ -65,7 +65,12 @@ describe Projects::ClustersController do
describe 'security' do
let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -151,7 +156,12 @@ describe Projects::ClustersController do
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -240,7 +250,12 @@ describe Projects::ClustersController do
allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil)
end
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -346,7 +361,12 @@ describe Projects::ClustersController do
stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
end
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -414,7 +434,12 @@ describe Projects::ClustersController do
allow(WaitForClusterCreationWorker).to receive(:perform_in)
end
it { expect { post_create_aws }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { post_create_aws }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { post_create_aws }.to be_denied_for(:admin)
end
it { expect { post_create_aws }.to be_allowed_for(:owner).of(project) }
it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(project) }
it { expect { post_create_aws }.to be_denied_for(:developer).of(project) }
......@@ -469,7 +494,12 @@ describe Projects::ClustersController do
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -501,7 +531,12 @@ describe Projects::ClustersController do
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -541,7 +576,12 @@ describe Projects::ClustersController do
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -574,7 +614,12 @@ describe Projects::ClustersController do
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -677,7 +722,12 @@ describe Projects::ClustersController do
describe 'security' do
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......@@ -746,7 +796,12 @@ describe Projects::ClustersController do
describe 'security' do
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) }
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
......
......@@ -163,7 +163,7 @@ describe Projects::DeployKeysController do
end
end
context 'with admin' do
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
......@@ -228,7 +228,7 @@ describe Projects::DeployKeysController do
end
end
context 'with admin' do
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
......@@ -284,7 +284,7 @@ describe Projects::DeployKeysController do
end
end
context 'with admin' do
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
......@@ -311,9 +311,17 @@ describe Projects::DeployKeysController do
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
context 'admin mode disabled' do
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
end
context 'admin mode enabled', :enable_admin_mode do
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
......
......@@ -586,6 +586,7 @@ describe Projects::IssuesController do
expect(assigns(:issues)).to include request_forgery_timing_attack
end
context 'when admin mode is enabled', :enable_admin_mode do
it 'lists confidential issues for admin' do
sign_in(admin)
get_issues
......@@ -593,6 +594,16 @@ describe Projects::IssuesController do
expect(assigns(:issues)).to include unescaped_parameter_value
expect(assigns(:issues)).to include request_forgery_timing_attack
end
end
context 'when admin mode is disabled' do
it 'does not list confidential issues for admin' do
sign_in(admin)
get_issues
expect(assigns(:issues)).to eq [issue]
end
end
def get_issues
get :index,
......@@ -648,6 +659,7 @@ describe Projects::IssuesController do
expect(response).to have_gitlab_http_status http_status[:success]
end
context 'when admin mode is enabled', :enable_admin_mode do
it "returns #{http_status[:success]} for admin" do
sign_in(admin)
go(id: unescaped_parameter_value.to_param)
......@@ -656,6 +668,16 @@ describe Projects::IssuesController do
end
end
context 'when admin mode is disabled' do
xit 'returns 404 for admin' do
sign_in(admin)
go(id: unescaped_parameter_value.to_param)
expect(response).to have_gitlab_http_status :not_found
end
end
end
describe 'PUT #update' do
def update_issue(issue_params: {}, additional_params: {}, id: nil)
id ||= issue.iid
......
......@@ -391,6 +391,15 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
sign_in(user)
end
context 'when admin mode is disabled' do
it 'settings_path is not available' do
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details')
expect(json_response['runners']).not_to have_key('settings_path')
end
end
context 'when admin mode is enabled', :enable_admin_mode do
it 'settings_path is available' do
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details')
......@@ -398,6 +407,7 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
end
end
end
end
context 'when no trace is available' do
it 'has_trace is false' do
......
......@@ -39,6 +39,7 @@ describe Projects::MirrorsController do
expect(response).to have_gitlab_http_status(:not_found)
end
context 'when admin mode is enabled', :enable_admin_mode do
it 'allows requests from an admin user' do
user.update!(admin: true)
sign_in(user)
......@@ -47,6 +48,17 @@ describe Projects::MirrorsController do
expect(response).to redirect_to(project_settings_path)
end
end
context 'when admin mode is disabled' do
it 'disallows requests from an admin user' do
user.update!(admin: true)
sign_in(user)
subject_action
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
describe 'Access control' do
......
......@@ -127,7 +127,12 @@ describe Projects::PipelineSchedulesController do
describe 'security' do
let(:schedule) { attributes_for(:ci_pipeline_schedule) }
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project) }
......@@ -279,7 +284,12 @@ describe Projects::PipelineSchedulesController do
describe 'security' do
let(:schedule) { { description: 'updated_desc' } }
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
......@@ -343,7 +353,12 @@ describe Projects::PipelineSchedulesController do
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
......@@ -361,7 +376,12 @@ describe Projects::PipelineSchedulesController do
describe 'GET #take_ownership' do
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
......
......@@ -245,6 +245,16 @@ describe Projects::Settings::CiCdController do
context 'and user is an admin' do
let(:user) { create(:admin) }
context 'with admin mode disabled' do
it 'does not set max_artifacts_size' do
subject
project.reload
expect(project.max_artifacts_size).to be_nil
end
end
context 'with admin mode enabled', :enable_admin_mode do
it 'sets max_artifacts_size' do
subject
......@@ -255,6 +265,7 @@ describe Projects::Settings::CiCdController do
end
end
end
end
describe 'POST create_deploy_token' do
context 'when ajax_new_deploy_token feature flag is disabled for the project' do
......
......@@ -362,7 +362,7 @@ describe ProjectsController do
end
describe 'GET edit' do
it 'allows an admin user to access the page' do
it 'allows an admin user to access the page', :enable_admin_mode do
sign_in(create(:user, :admin))
get :edit,
......@@ -531,7 +531,7 @@ describe ProjectsController do
end
end
describe "#update" do
describe "#update", :enable_admin_mode do
render_views
let(:admin) { create(:admin) }
......@@ -672,7 +672,7 @@ describe ProjectsController do
end
end
describe '#transfer' do
describe '#transfer', :enable_admin_mode do
render_views
let(:project) { create(:project, :repository) }
......@@ -720,7 +720,7 @@ describe ProjectsController do
end
end
describe "#destroy" do
describe "#destroy", :enable_admin_mode do
let(:admin) { create(:admin) }
it "redirects to the dashboard", :sidekiq_might_not_need_inline do
......@@ -1094,7 +1094,7 @@ describe ProjectsController do
end
end
context 'for a DELETE request' do
context 'for a DELETE request', :enable_admin_mode do
before do
sign_in(create(:admin))
end
......
......@@ -91,6 +91,10 @@ RSpec.configure do |config|
match = location.match(%r{/spec/([^/]+)/})
metadata[:type] = match[1].singularize.to_sym if match
end
# Admin controller specs get auto admin mode enabled since they are
# protected by the 'EnforcesAdminAuthentication' concern
metadata[:enable_admin_mode] = true if location =~ %r{(ee)?/spec/controllers/admin/}
end
config.include LicenseHelpers
......@@ -226,7 +230,6 @@ RSpec.configure do |config|
#
# context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
admin_mode_mock_dirs = %w(
./ee/spec/controllers
./ee/spec/elastic_integration
./ee/spec/features
./ee/spec/finders
......@@ -238,7 +241,6 @@ RSpec.configure do |config|
./ee/spec/services
./ee/spec/support/protected_tags
./ee/spec/support/shared_examples
./spec/controllers
./spec/features
./spec/finders
./spec/frontend
......@@ -270,7 +272,7 @@ RSpec.configure do |config|
# context 'some test that requires admin mode', :enable_admin_mode do ... end
#
# See also spec/support/helpers/admin_mode_helpers.rb
if example.metadata[:enable_admin_mode]
if example.metadata[:enable_admin_mode] && !example.metadata[:do_not_mock_admin_mode]
allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
current_user_mode.send(:user)&.admin?
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment