Commit dc1149df authored by Diego Louzán's avatar Diego Louzán Committed by Imre Farkas

Migrate CE & EE controller specs to consider admin mode

parent 3cffcea5
...@@ -267,7 +267,7 @@ describe GroupsController do ...@@ -267,7 +267,7 @@ describe GroupsController do
sign_in(user) sign_in(user)
end end
context 'when user is an admin' do context 'when user is an admin with admin mode enabled', :enable_admin_mode do
let(:user) { create(:admin) } let(:user) { create(:admin) }
it 'updates max_pages_size' do it 'updates max_pages_size' do
...@@ -277,6 +277,14 @@ describe GroupsController do ...@@ -277,6 +277,14 @@ describe GroupsController do
end end
end end
context 'when user is an admin with admin mode disabled' do
it 'does not update max_pages_size' do
request
expect(group.reload.max_pages_size).to eq(nil)
end
end
context 'when user is not an admin' do context 'when user is not an admin' do
it 'does not update max_pages_size' do it 'does not update max_pages_size' do
request request
......
...@@ -38,11 +38,19 @@ describe Projects::JobsController do ...@@ -38,11 +38,19 @@ describe Projects::JobsController do
context 'with admin' do context 'with admin' do
let(:user) { admin } let(:user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns 200' do it 'returns 200' do
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
end end
context 'when admin mode is disabled' do
it 'returns 404' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with owner' do context 'with owner' do
let(:user) { owner } let(:user) { owner }
......
...@@ -60,11 +60,13 @@ describe ProfilesController, :request_store do ...@@ -60,11 +60,13 @@ describe ProfilesController, :request_store do
end end
end end
context 'as an admin in admin mode', :enable_admin_mode do
it_behaves_like 'a user can update their name' do it_behaves_like 'a user can update their name' do
let(:current_user) { admin } let(:current_user) { admin }
end end
end end
end end
end
context 'when `disable_name_update_for_users` feature is not available' do context 'when `disable_name_update_for_users` feature is not available' do
before do before do
......
...@@ -61,7 +61,12 @@ describe Projects::ClustersController do ...@@ -61,7 +61,12 @@ describe Projects::ClustersController do
allow(controller).to receive(:prometheus_adapter).and_return(prometheus_adapter) allow(controller).to receive(:prometheus_adapter).and_return(prometheus_adapter)
end end
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(clusterable) } it { expect { go }.to be_allowed_for(:owner).of(clusterable) }
it { expect { go }.to be_allowed_for(:maintainer).of(clusterable) } it { expect { go }.to be_allowed_for(:maintainer).of(clusterable) }
it { expect { go }.to be_denied_for(:developer).of(clusterable) } it { expect { go }.to be_denied_for(:developer).of(clusterable) }
......
...@@ -64,7 +64,7 @@ describe Projects::DeployKeysController do ...@@ -64,7 +64,7 @@ describe Projects::DeployKeysController do
let(:deploy_key) { create(:deploy_key) } let(:deploy_key) { create(:deploy_key) }
let!(:deploy_key_project) { create(:deploy_keys_project, project: project, deploy_key: deploy_key) } let!(:deploy_key_project) { create(:deploy_keys_project, project: project, deploy_key: deploy_key) }
context 'with admin' do context 'with admin', :enable_admin_mode do
before do before do
sign_in(create(:admin)) sign_in(create(:admin))
end end
......
...@@ -71,7 +71,7 @@ describe Projects::MirrorsController do ...@@ -71,7 +71,7 @@ describe Projects::MirrorsController do
stub_application_setting(mirror_available: false) stub_application_setting(mirror_available: false)
end end
context 'when user is admin' do context 'when user is admin', :enable_admin_mode do
let(:admin) { create(:user, :admin) } let(:admin) { create(:user, :admin) }
it 'creates a new mirror' do it 'creates a new mirror' do
......
...@@ -30,6 +30,7 @@ describe Projects::PagesController do ...@@ -30,6 +30,7 @@ describe Projects::PagesController do
sign_in(admin) sign_in(admin)
end end
context 'when admin mode is enabled', :enable_admin_mode do
it 'updates max_pages_size' do it 'updates max_pages_size' do
request request
...@@ -37,6 +38,15 @@ describe Projects::PagesController do ...@@ -37,6 +38,15 @@ describe Projects::PagesController do
end end
end end
context 'when admin mode is disabled' do
it 'does not update max_pages_size' do
request
expect(project.reload.max_pages_size).to eq(nil)
end
end
end
context 'when user is not an admin' do context 'when user is not an admin' do
it 'does not update max_pages_size' do it 'does not update max_pages_size' do
request request
......
...@@ -71,7 +71,7 @@ describe Projects::PushRulesController do ...@@ -71,7 +71,7 @@ describe Projects::PushRulesController do
PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr| PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr|
context "Updating #{rule_attr} rule" do context "Updating #{rule_attr} rule" do
context 'as an admin' do context 'as an admin in admin mode', :enable_admin_mode do
let(:user) { create(:admin) } let(:user) { create(:admin) }
it_behaves_like 'a setting with global default', rule_attr, updates: true it_behaves_like 'a setting with global default', rule_attr, updates: true
......
...@@ -29,11 +29,19 @@ describe Projects::WebIdeTerminalsController do ...@@ -29,11 +29,19 @@ describe Projects::WebIdeTerminalsController do
context 'with admin' do context 'with admin' do
let(:user) { admin } let(:user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns 200' do it 'returns 200' do
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
end end
context 'when admin mode is disabled' do
it 'returns 404' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'with owner' do context 'with owner' do
let(:user) { owner } let(:user) { owner }
...@@ -124,7 +132,7 @@ describe Projects::WebIdeTerminalsController do ...@@ -124,7 +132,7 @@ describe Projects::WebIdeTerminalsController do
let(:user) { admin } let(:user) { admin }
let(:result) { { status: :error } } let(:result) { { status: :error } }
it 'returns 422' do it 'returns 422', :enable_admin_mode do
expect(response).to have_gitlab_http_status(:unprocessable_entity) expect(response).to have_gitlab_http_status(:unprocessable_entity)
end end
end end
...@@ -160,7 +168,7 @@ describe Projects::WebIdeTerminalsController do ...@@ -160,7 +168,7 @@ describe Projects::WebIdeTerminalsController do
let(:user) { admin } let(:user) { admin }
let(:branch) { 'foobar' } let(:branch) { 'foobar' }
it 'returns 400' do it 'returns 400', :enable_admin_mode do
subject subject
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
...@@ -170,7 +178,7 @@ describe Projects::WebIdeTerminalsController do ...@@ -170,7 +178,7 @@ describe Projects::WebIdeTerminalsController do
context 'when there is an error creating the job' do context 'when there is an error creating the job' do
let(:user) { admin } let(:user) { admin }
it 'returns 400' do it 'returns 400', :enable_admin_mode do
allow_next_instance_of(::Ci::CreateWebIdeTerminalService) do |instance| allow_next_instance_of(::Ci::CreateWebIdeTerminalService) do |instance|
allow(instance).to receive(:execute).and_return(status: :error, message: 'foobar') allow(instance).to receive(:execute).and_return(status: :error, message: 'foobar')
end end
......
...@@ -748,7 +748,7 @@ describe ApplicationController do ...@@ -748,7 +748,7 @@ describe ApplicationController do
end end
end end
describe '#current_user_mode', :do_not_mock_admin_mode do describe '#current_user_mode' do
include_context 'custom session' include_context 'custom session'
controller(described_class) do controller(described_class) do
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
describe EnforcesAdminAuthentication, :do_not_mock_admin_mode do describe EnforcesAdminAuthentication do
include AdminModeHelper include AdminModeHelper
let(:user) { create(:user) } let(:user) { create(:user) }
......
...@@ -180,6 +180,11 @@ describe Groups::Settings::CiCdController do ...@@ -180,6 +180,11 @@ describe Groups::Settings::CiCdController do
group.add_owner(user) group.add_owner(user)
end end
context 'when admin mode is disabled' do
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'when admin mode is enabled', :enable_admin_mode do
it { is_expected.to redirect_to(group_settings_ci_cd_path) } it { is_expected.to redirect_to(group_settings_ci_cd_path) }
context 'when service execution went wrong' do context 'when service execution went wrong' do
...@@ -210,6 +215,7 @@ describe Groups::Settings::CiCdController do ...@@ -210,6 +215,7 @@ describe Groups::Settings::CiCdController do
end end
end end
end end
end
describe 'POST create_deploy_token' do describe 'POST create_deploy_token' do
context 'when ajax_new_deploy_token feature flag is disabled for the project' do context 'when ajax_new_deploy_token feature flag is disabled for the project' do
......
...@@ -10,7 +10,12 @@ describe Projects::Clusters::ApplicationsController do ...@@ -10,7 +10,12 @@ describe Projects::Clusters::ApplicationsController do
end end
shared_examples 'a secure endpoint' do shared_examples 'a secure endpoint' do
it { expect { subject }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { subject }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { subject }.to be_denied_for(:admin)
end
it { expect { subject }.to be_allowed_for(:owner).of(project) } it { expect { subject }.to be_allowed_for(:owner).of(project) }
it { expect { subject }.to be_allowed_for(:maintainer).of(project) } it { expect { subject }.to be_allowed_for(:maintainer).of(project) }
it { expect { subject }.to be_denied_for(:developer).of(project) } it { expect { subject }.to be_denied_for(:developer).of(project) }
......
...@@ -65,7 +65,12 @@ describe Projects::ClustersController do ...@@ -65,7 +65,12 @@ describe Projects::ClustersController do
describe 'security' do describe 'security' do
let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) } let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -151,7 +156,12 @@ describe Projects::ClustersController do ...@@ -151,7 +156,12 @@ describe Projects::ClustersController do
end end
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -240,7 +250,12 @@ describe Projects::ClustersController do ...@@ -240,7 +250,12 @@ describe Projects::ClustersController do
allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil) allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil)
end end
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -346,7 +361,12 @@ describe Projects::ClustersController do ...@@ -346,7 +361,12 @@ describe Projects::ClustersController do
stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace') stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
end end
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -414,7 +434,12 @@ describe Projects::ClustersController do ...@@ -414,7 +434,12 @@ describe Projects::ClustersController do
allow(WaitForClusterCreationWorker).to receive(:perform_in) allow(WaitForClusterCreationWorker).to receive(:perform_in)
end end
it { expect { post_create_aws }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { post_create_aws }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { post_create_aws }.to be_denied_for(:admin)
end
it { expect { post_create_aws }.to be_allowed_for(:owner).of(project) } it { expect { post_create_aws }.to be_allowed_for(:owner).of(project) }
it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(project) } it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(project) }
it { expect { post_create_aws }.to be_denied_for(:developer).of(project) } it { expect { post_create_aws }.to be_denied_for(:developer).of(project) }
...@@ -469,7 +494,12 @@ describe Projects::ClustersController do ...@@ -469,7 +494,12 @@ describe Projects::ClustersController do
end end
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -501,7 +531,12 @@ describe Projects::ClustersController do ...@@ -501,7 +531,12 @@ describe Projects::ClustersController do
end end
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -541,7 +576,12 @@ describe Projects::ClustersController do ...@@ -541,7 +576,12 @@ describe Projects::ClustersController do
end end
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -574,7 +614,12 @@ describe Projects::ClustersController do ...@@ -574,7 +614,12 @@ describe Projects::ClustersController do
end end
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -677,7 +722,12 @@ describe Projects::ClustersController do ...@@ -677,7 +722,12 @@ describe Projects::ClustersController do
describe 'security' do describe 'security' do
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) } let_it_be(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
...@@ -746,7 +796,12 @@ describe Projects::ClustersController do ...@@ -746,7 +796,12 @@ describe Projects::ClustersController do
describe 'security' do describe 'security' do
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) } let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) }
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) }
......
...@@ -163,7 +163,7 @@ describe Projects::DeployKeysController do ...@@ -163,7 +163,7 @@ describe Projects::DeployKeysController do
end end
end end
context 'with admin' do context 'with admin', :enable_admin_mode do
before do before do
sign_in(admin) sign_in(admin)
end end
...@@ -228,7 +228,7 @@ describe Projects::DeployKeysController do ...@@ -228,7 +228,7 @@ describe Projects::DeployKeysController do
end end
end end
context 'with admin' do context 'with admin', :enable_admin_mode do
before do before do
sign_in(admin) sign_in(admin)
end end
...@@ -284,7 +284,7 @@ describe Projects::DeployKeysController do ...@@ -284,7 +284,7 @@ describe Projects::DeployKeysController do
end end
end end
context 'with admin' do context 'with admin', :enable_admin_mode do
before do before do
sign_in(admin) sign_in(admin)
end end
...@@ -311,9 +311,17 @@ describe Projects::DeployKeysController do ...@@ -311,9 +311,17 @@ describe Projects::DeployKeysController do
context 'public deploy key attached to project' do context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') } let(:extra_params) { deploy_key_params('updated title', '1') }
context 'admin mode disabled' do
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
end
context 'admin mode enabled', :enable_admin_mode do
it 'updates the title of the deploy key' do it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title') expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end end
end
it 'updates can_push of deploy_keys_project' do it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true) expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
......
...@@ -586,6 +586,7 @@ describe Projects::IssuesController do ...@@ -586,6 +586,7 @@ describe Projects::IssuesController do
expect(assigns(:issues)).to include request_forgery_timing_attack expect(assigns(:issues)).to include request_forgery_timing_attack
end end
context 'when admin mode is enabled', :enable_admin_mode do
it 'lists confidential issues for admin' do it 'lists confidential issues for admin' do
sign_in(admin) sign_in(admin)
get_issues get_issues
...@@ -593,6 +594,16 @@ describe Projects::IssuesController do ...@@ -593,6 +594,16 @@ describe Projects::IssuesController do
expect(assigns(:issues)).to include unescaped_parameter_value expect(assigns(:issues)).to include unescaped_parameter_value
expect(assigns(:issues)).to include request_forgery_timing_attack expect(assigns(:issues)).to include request_forgery_timing_attack
end end
end
context 'when admin mode is disabled' do
it 'does not list confidential issues for admin' do
sign_in(admin)
get_issues
expect(assigns(:issues)).to eq [issue]
end
end
def get_issues def get_issues
get :index, get :index,
...@@ -648,6 +659,7 @@ describe Projects::IssuesController do ...@@ -648,6 +659,7 @@ describe Projects::IssuesController do
expect(response).to have_gitlab_http_status http_status[:success] expect(response).to have_gitlab_http_status http_status[:success]
end end
context 'when admin mode is enabled', :enable_admin_mode do
it "returns #{http_status[:success]} for admin" do it "returns #{http_status[:success]} for admin" do
sign_in(admin) sign_in(admin)
go(id: unescaped_parameter_value.to_param) go(id: unescaped_parameter_value.to_param)
...@@ -656,6 +668,16 @@ describe Projects::IssuesController do ...@@ -656,6 +668,16 @@ describe Projects::IssuesController do
end end
end end
context 'when admin mode is disabled' do
xit 'returns 404 for admin' do
sign_in(admin)
go(id: unescaped_parameter_value.to_param)
expect(response).to have_gitlab_http_status :not_found
end
end
end
describe 'PUT #update' do describe 'PUT #update' do
def update_issue(issue_params: {}, additional_params: {}, id: nil) def update_issue(issue_params: {}, additional_params: {}, id: nil)
id ||= issue.iid id ||= issue.iid
......
...@@ -391,6 +391,15 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do ...@@ -391,6 +391,15 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
sign_in(user) sign_in(user)
end end
context 'when admin mode is disabled' do
it 'settings_path is not available' do
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details')
expect(json_response['runners']).not_to have_key('settings_path')
end
end
context 'when admin mode is enabled', :enable_admin_mode do
it 'settings_path is available' do it 'settings_path is available' do
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('job/job_details') expect(response).to match_response_schema('job/job_details')
...@@ -398,6 +407,7 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do ...@@ -398,6 +407,7 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
end end
end end
end end
end
context 'when no trace is available' do context 'when no trace is available' do
it 'has_trace is false' do it 'has_trace is false' do
......
...@@ -39,6 +39,7 @@ describe Projects::MirrorsController do ...@@ -39,6 +39,7 @@ describe Projects::MirrorsController do
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
context 'when admin mode is enabled', :enable_admin_mode do
it 'allows requests from an admin user' do it 'allows requests from an admin user' do
user.update!(admin: true) user.update!(admin: true)
sign_in(user) sign_in(user)
...@@ -47,6 +48,17 @@ describe Projects::MirrorsController do ...@@ -47,6 +48,17 @@ describe Projects::MirrorsController do
expect(response).to redirect_to(project_settings_path) expect(response).to redirect_to(project_settings_path)
end end
end end
context 'when admin mode is disabled' do
it 'disallows requests from an admin user' do
user.update!(admin: true)
sign_in(user)
subject_action
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end end
describe 'Access control' do describe 'Access control' do
......
...@@ -127,7 +127,12 @@ describe Projects::PipelineSchedulesController do ...@@ -127,7 +127,12 @@ describe Projects::PipelineSchedulesController do
describe 'security' do describe 'security' do
let(:schedule) { attributes_for(:ci_pipeline_schedule) } let(:schedule) { attributes_for(:ci_pipeline_schedule) }
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project) } it { expect { go }.to be_allowed_for(:developer).of(project) }
...@@ -279,7 +284,12 @@ describe Projects::PipelineSchedulesController do ...@@ -279,7 +284,12 @@ describe Projects::PipelineSchedulesController do
describe 'security' do describe 'security' do
let(:schedule) { { description: 'updated_desc' } } let(:schedule) { { description: 'updated_desc' } }
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) } it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
...@@ -343,7 +353,12 @@ describe Projects::PipelineSchedulesController do ...@@ -343,7 +353,12 @@ describe Projects::PipelineSchedulesController do
end end
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) } it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
...@@ -361,7 +376,12 @@ describe Projects::PipelineSchedulesController do ...@@ -361,7 +376,12 @@ describe Projects::PipelineSchedulesController do
describe 'GET #take_ownership' do describe 'GET #take_ownership' do
describe 'security' do describe 'security' do
it { expect { go }.to be_allowed_for(:admin) } it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) } it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
......
...@@ -245,6 +245,16 @@ describe Projects::Settings::CiCdController do ...@@ -245,6 +245,16 @@ describe Projects::Settings::CiCdController do
context 'and user is an admin' do context 'and user is an admin' do
let(:user) { create(:admin) } let(:user) { create(:admin) }
context 'with admin mode disabled' do
it 'does not set max_artifacts_size' do
subject
project.reload
expect(project.max_artifacts_size).to be_nil
end
end
context 'with admin mode enabled', :enable_admin_mode do
it 'sets max_artifacts_size' do it 'sets max_artifacts_size' do
subject subject
...@@ -255,6 +265,7 @@ describe Projects::Settings::CiCdController do ...@@ -255,6 +265,7 @@ describe Projects::Settings::CiCdController do
end end
end end
end end
end
describe 'POST create_deploy_token' do describe 'POST create_deploy_token' do
context 'when ajax_new_deploy_token feature flag is disabled for the project' do context 'when ajax_new_deploy_token feature flag is disabled for the project' do
......
...@@ -362,7 +362,7 @@ describe ProjectsController do ...@@ -362,7 +362,7 @@ describe ProjectsController do
end end
describe 'GET edit' do describe 'GET edit' do
it 'allows an admin user to access the page' do it 'allows an admin user to access the page', :enable_admin_mode do
sign_in(create(:user, :admin)) sign_in(create(:user, :admin))
get :edit, get :edit,
...@@ -531,7 +531,7 @@ describe ProjectsController do ...@@ -531,7 +531,7 @@ describe ProjectsController do
end end
end end
describe "#update" do describe "#update", :enable_admin_mode do
render_views render_views
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
...@@ -672,7 +672,7 @@ describe ProjectsController do ...@@ -672,7 +672,7 @@ describe ProjectsController do
end end
end end
describe '#transfer' do describe '#transfer', :enable_admin_mode do
render_views render_views
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
...@@ -720,7 +720,7 @@ describe ProjectsController do ...@@ -720,7 +720,7 @@ describe ProjectsController do
end end
end end
describe "#destroy" do describe "#destroy", :enable_admin_mode do
let(:admin) { create(:admin) } let(:admin) { create(:admin) }
it "redirects to the dashboard", :sidekiq_might_not_need_inline do it "redirects to the dashboard", :sidekiq_might_not_need_inline do
...@@ -1094,7 +1094,7 @@ describe ProjectsController do ...@@ -1094,7 +1094,7 @@ describe ProjectsController do
end end
end end
context 'for a DELETE request' do context 'for a DELETE request', :enable_admin_mode do
before do before do
sign_in(create(:admin)) sign_in(create(:admin))
end end
......
...@@ -91,6 +91,10 @@ RSpec.configure do |config| ...@@ -91,6 +91,10 @@ RSpec.configure do |config|
match = location.match(%r{/spec/([^/]+)/}) match = location.match(%r{/spec/([^/]+)/})
metadata[:type] = match[1].singularize.to_sym if match metadata[:type] = match[1].singularize.to_sym if match
end end
# Admin controller specs get auto admin mode enabled since they are
# protected by the 'EnforcesAdminAuthentication' concern
metadata[:enable_admin_mode] = true if location =~ %r{(ee)?/spec/controllers/admin/}
end end
config.include LicenseHelpers config.include LicenseHelpers
...@@ -226,7 +230,6 @@ RSpec.configure do |config| ...@@ -226,7 +230,6 @@ RSpec.configure do |config|
# #
# context 'some test in mocked dir', :do_not_mock_admin_mode do ... end # context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
admin_mode_mock_dirs = %w( admin_mode_mock_dirs = %w(
./ee/spec/controllers
./ee/spec/elastic_integration ./ee/spec/elastic_integration
./ee/spec/features ./ee/spec/features
./ee/spec/finders ./ee/spec/finders
...@@ -238,7 +241,6 @@ RSpec.configure do |config| ...@@ -238,7 +241,6 @@ RSpec.configure do |config|
./ee/spec/services ./ee/spec/services
./ee/spec/support/protected_tags ./ee/spec/support/protected_tags
./ee/spec/support/shared_examples ./ee/spec/support/shared_examples
./spec/controllers
./spec/features ./spec/features
./spec/finders ./spec/finders
./spec/frontend ./spec/frontend
...@@ -270,7 +272,7 @@ RSpec.configure do |config| ...@@ -270,7 +272,7 @@ RSpec.configure do |config|
# context 'some test that requires admin mode', :enable_admin_mode do ... end # context 'some test that requires admin mode', :enable_admin_mode do ... end
# #
# See also spec/support/helpers/admin_mode_helpers.rb # See also spec/support/helpers/admin_mode_helpers.rb
if example.metadata[:enable_admin_mode] if example.metadata[:enable_admin_mode] && !example.metadata[:do_not_mock_admin_mode]
allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode| allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
current_user_mode.send(:user)&.admin? current_user_mode.send(:user)&.admin?
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment