Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
fa73571b
Commit
fa73571b
authored
Apr 24, 2020
by
Diego Louzán
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Migrate models and policies specs to consider admin mode
parent
b5511297
Changes
60
Hide whitespace changes
Inline
Side-by-side
Showing
60 changed files
with
903 additions
and
289 deletions
+903
-289
app/models/issue.rb
app/models/issue.rb
+1
-1
changelogs/unreleased/chore-migrate-models-policies-specs-admin-mode.yml
...leased/chore-migrate-models-policies-specs-admin-mode.yml
+5
-0
ee/spec/models/analytics/cycle_analytics/group_level_spec.rb
ee/spec/models/analytics/cycle_analytics/group_level_spec.rb
+8
-2
ee/spec/models/concerns/elastic/note_spec.rb
ee/spec/models/concerns/elastic/note_spec.rb
+11
-3
ee/spec/models/ee/event_spec.rb
ee/spec/models/ee/event_spec.rb
+14
-1
ee/spec/models/issue_spec.rb
ee/spec/models/issue_spec.rb
+1
-1
ee/spec/models/productivity_analytics_spec.rb
ee/spec/models/productivity_analytics_spec.rb
+10
-3
ee/spec/policies/base_policy_spec.rb
ee/spec/policies/base_policy_spec.rb
+1
-1
ee/spec/policies/ci/build_policy_spec.rb
ee/spec/policies/ci/build_policy_spec.rb
+16
-3
ee/spec/policies/clusters/instance_policy_spec.rb
ee/spec/policies/clusters/instance_policy_spec.rb
+1
-1
ee/spec/policies/geo/registry_policy_spec.rb
ee/spec/policies/geo/registry_policy_spec.rb
+10
-2
ee/spec/policies/geo_node_policy_spec.rb
ee/spec/policies/geo_node_policy_spec.rb
+10
-2
ee/spec/policies/global_policy_spec.rb
ee/spec/policies/global_policy_spec.rb
+30
-7
ee/spec/policies/group_policy_spec.rb
ee/spec/policies/group_policy_spec.rb
+16
-3
ee/spec/policies/namespace_policy_spec.rb
ee/spec/policies/namespace_policy_spec.rb
+7
-1
ee/spec/policies/project_policy_spec.rb
ee/spec/policies/project_policy_spec.rb
+204
-90
ee/spec/policies/user_policy_spec.rb
ee/spec/policies/user_policy_spec.rb
+21
-3
ee/spec/support/shared_examples/policies/protected_environments_shared_examples.rb
...amples/policies/protected_environments_shared_examples.rb
+36
-29
spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
+1
-1
spec/controllers/omniauth_callbacks_controller_spec.rb
spec/controllers/omniauth_callbacks_controller_spec.rb
+1
-1
spec/models/ability_spec.rb
spec/models/ability_spec.rb
+43
-3
spec/models/cycle_analytics/code_spec.rb
spec/models/cycle_analytics/code_spec.rb
+1
-1
spec/models/cycle_analytics/issue_spec.rb
spec/models/cycle_analytics/issue_spec.rb
+1
-1
spec/models/cycle_analytics/plan_spec.rb
spec/models/cycle_analytics/plan_spec.rb
+1
-1
spec/models/cycle_analytics/production_spec.rb
spec/models/cycle_analytics/production_spec.rb
+1
-1
spec/models/cycle_analytics/project_level_spec.rb
spec/models/cycle_analytics/project_level_spec.rb
+1
-1
spec/models/cycle_analytics/review_spec.rb
spec/models/cycle_analytics/review_spec.rb
+1
-1
spec/models/cycle_analytics/staging_spec.rb
spec/models/cycle_analytics/staging_spec.rb
+1
-1
spec/models/cycle_analytics/test_spec.rb
spec/models/cycle_analytics/test_spec.rb
+1
-1
spec/models/event_spec.rb
spec/models/event_spec.rb
+92
-18
spec/models/issue_spec.rb
spec/models/issue_spec.rb
+30
-7
spec/models/member_spec.rb
spec/models/member_spec.rb
+17
-5
spec/models/project_feature_spec.rb
spec/models/project_feature_spec.rb
+49
-25
spec/models/project_spec.rb
spec/models/project_spec.rb
+1
-1
spec/models/spam_log_spec.rb
spec/models/spam_log_spec.rb
+21
-6
spec/models/user_spec.rb
spec/models/user_spec.rb
+1
-1
spec/policies/base_policy_spec.rb
spec/policies/base_policy_spec.rb
+1
-1
spec/policies/blob_policy_spec.rb
spec/policies/blob_policy_spec.rb
+1
-1
spec/policies/clusters/cluster_policy_spec.rb
spec/policies/clusters/cluster_policy_spec.rb
+9
-2
spec/policies/clusters/instance_policy_spec.rb
spec/policies/clusters/instance_policy_spec.rb
+15
-5
spec/policies/deploy_key_policy_spec.rb
spec/policies/deploy_key_policy_spec.rb
+15
-3
spec/policies/design_management/design_policy_spec.rb
spec/policies/design_management/design_policy_spec.rb
+8
-1
spec/policies/environment_policy_spec.rb
spec/policies/environment_policy_spec.rb
+28
-4
spec/policies/global_policy_spec.rb
spec/policies/global_policy_spec.rb
+16
-3
spec/policies/group_policy_spec.rb
spec/policies/group_policy_spec.rb
+7
-1
spec/policies/issue_policy_spec.rb
spec/policies/issue_policy_spec.rb
+18
-4
spec/policies/namespace_policy_spec.rb
spec/policies/namespace_policy_spec.rb
+7
-1
spec/policies/note_policy_spec.rb
spec/policies/note_policy_spec.rb
+10
-2
spec/policies/personal_snippet_policy_spec.rb
spec/policies/personal_snippet_policy_spec.rb
+5
-5
spec/policies/project_policy_spec.rb
spec/policies/project_policy_spec.rb
+34
-7
spec/policies/project_snippet_policy_spec.rb
spec/policies/project_snippet_policy_spec.rb
+12
-3
spec/policies/user_policy_spec.rb
spec/policies/user_policy_spec.rb
+7
-1
spec/policies/wiki_page_policy_spec.rb
spec/policies/wiki_page_policy_spec.rb
+1
-1
spec/spec_helper.rb
spec/spec_helper.rb
+6
-7
spec/support/cycle_analytics_helpers/test_generation.rb
spec/support/cycle_analytics_helpers/test_generation.rb
+4
-0
spec/support/helpers/admin_mode_helpers.rb
spec/support/helpers/admin_mode_helpers.rb
+3
-0
spec/support/helpers/login_helpers.rb
spec/support/helpers/login_helpers.rb
+0
-2
spec/support/shared_examples/controllers/instance_statistics_controllers_shared_examples.rb
...ollers/instance_statistics_controllers_shared_examples.rb
+16
-4
spec/support/shared_examples/policies/project_policy_shared_examples.rb
...hared_examples/policies/project_policy_shared_examples.rb
+12
-2
spec/support/shared_examples/policies/wiki_policies_shared_examples.rb
...shared_examples/policies/wiki_policies_shared_examples.rb
+2
-0
No files found.
app/models/issue.rb
View file @
fa73571b
...
@@ -359,7 +359,7 @@ class Issue < ApplicationRecord
...
@@ -359,7 +359,7 @@ class Issue < ApplicationRecord
# for performance reasons, check commit: 002ad215818450d2cbbc5fa065850a953dc7ada8
# for performance reasons, check commit: 002ad215818450d2cbbc5fa065850a953dc7ada8
# Make sure to sync this method with issue_policy.rb
# Make sure to sync this method with issue_policy.rb
def
readable_by?
(
user
)
def
readable_by?
(
user
)
if
user
.
admin
?
if
user
.
can_read_all_resources
?
true
true
elsif
project
.
owner
==
user
elsif
project
.
owner
==
user
true
true
...
...
changelogs/unreleased/chore-migrate-models-policies-specs-admin-mode.yml
0 → 100644
View file @
fa73571b
---
title
:
Migrate models and policies specs to consider admin mode
merge_request
:
30430
author
:
Diego Louzán
type
:
other
ee/spec/models/analytics/cycle_analytics/group_level_spec.rb
View file @
fa73571b
...
@@ -3,10 +3,10 @@
...
@@ -3,10 +3,10 @@
require
'spec_helper'
require
'spec_helper'
describe
Analytics
::
CycleAnalytics
::
GroupLevel
do
describe
Analytics
::
CycleAnalytics
::
GroupLevel
do
let_it_be
(
:group
)
{
create
(
:group
)}
let_it_be
(
:group
)
{
create
(
:group
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
,
namespace:
group
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
,
namespace:
group
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
create
(
:user
)
}
let
(
:issue
)
{
create
(
:issue
,
project:
project
,
created_at:
2
.
days
.
ago
)
}
let
(
:issue
)
{
create
(
:issue
,
project:
project
,
created_at:
2
.
days
.
ago
)
}
let_it_be
(
:milestone
)
{
create
(
:milestone
,
project:
project
)
}
let_it_be
(
:milestone
)
{
create
(
:milestone
,
project:
project
)
}
let
(
:mr
)
{
create_merge_request_closing_issue
(
user
,
project
,
issue
,
commit_message:
"References
#{
issue
.
to_reference
}
"
)
}
let
(
:mr
)
{
create_merge_request_closing_issue
(
user
,
project
,
issue
,
commit_message:
"References
#{
issue
.
to_reference
}
"
)
}
...
@@ -18,6 +18,12 @@ describe Analytics::CycleAnalytics::GroupLevel do
...
@@ -18,6 +18,12 @@ describe Analytics::CycleAnalytics::GroupLevel do
subject
{
described_class
.
new
(
group:
group
,
options:
{
from:
from_date
,
current_user:
user
})
}
subject
{
described_class
.
new
(
group:
group
,
options:
{
from:
from_date
,
current_user:
user
})
}
before
do
# Cannot set the owner directly when calling `create(:group)`
# See spec/factories/groups.rb#after(:create)
group
.
add_owner
(
user
)
end
describe
'#permissions'
do
describe
'#permissions'
do
it
'returns true for all stages'
do
it
'returns true for all stages'
do
expect
(
subject
.
permissions
.
values
.
uniq
).
to
eq
([
true
])
expect
(
subject
.
permissions
.
values
.
uniq
).
to
eq
([
true
])
...
...
ee/spec/models/concerns/elastic/note_spec.rb
View file @
fa73571b
...
@@ -152,8 +152,8 @@ describe Note, :elastic do
...
@@ -152,8 +152,8 @@ describe Note, :elastic do
expect
(
Note
.
elastic_search
(
'term'
,
options:
options
).
total_count
).
to
eq
(
1
)
expect
(
Note
.
elastic_search
(
'term'
,
options:
options
).
total_count
).
to
eq
(
1
)
end
end
[
:admin
,
:auditor
].
each
do
|
user_type
|
shared_examples
'notes finder'
do
|
user_type
,
no_of_notes
|
it
"finds
note
for
#{
user_type
}
"
,
:sidekiq_might_not_need_inline
do
it
"finds
#{
no_of_notes
}
notes
for
#{
user_type
}
"
,
:sidekiq_might_not_need_inline
do
superuser
=
create
(
user_type
)
superuser
=
create
(
user_type
)
issue
=
create
(
:issue
,
:confidential
,
author:
create
(
:user
))
issue
=
create
(
:issue
,
:confidential
,
author:
create
(
:user
))
...
@@ -164,10 +164,18 @@ describe Note, :elastic do
...
@@ -164,10 +164,18 @@ describe Note, :elastic do
options
=
{
project_ids:
[
issue
.
project
.
id
],
current_user:
superuser
}
options
=
{
project_ids:
[
issue
.
project
.
id
],
current_user:
superuser
}
expect
(
Note
.
elastic_search
(
'term'
,
options:
options
).
total_count
).
to
eq
(
1
)
expect
(
Note
.
elastic_search
(
'term'
,
options:
options
).
total_count
).
to
eq
(
no_of_notes
)
end
end
end
end
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it_behaves_like
'notes finder'
,
:admin
,
1
end
it_behaves_like
'notes finder'
,
:admin
,
0
it_behaves_like
'notes finder'
,
:auditor
,
1
it
"return notes with matching content for project members"
,
:sidekiq_might_not_need_inline
do
it
"return notes with matching content for project members"
,
:sidekiq_might_not_need_inline
do
user
=
create
:user
user
=
create
:user
issue
=
create
:issue
,
:confidential
,
author:
user
issue
=
create
:issue
,
:confidential
,
author:
user
...
...
ee/spec/models/ee/event_spec.rb
View file @
fa73571b
...
@@ -66,7 +66,20 @@ describe Event do
...
@@ -66,7 +66,20 @@ describe Event do
expect
(
event
).
to
be_visible_to
(
member
)
expect
(
event
).
to
be_visible_to
(
member
)
expect
(
event
).
to
be_visible_to
(
guest
)
expect
(
event
).
to
be_visible_to
(
guest
)
expect
(
event
).
to
be_visible_to
(
admin
)
end
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
'is visible to admin'
,
:aggregate_failures
do
expect
(
event
).
to
be_visible_to
(
admin
)
end
end
context
'when admin mode disabled'
do
# Skipped because `Group#max_member_access_for_user` needs to be migrated to use admin mode
# See https://gitlab.com/gitlab-org/gitlab/-/issues/207950
xit
'is not visible to admin'
,
:aggregate_failures
do
expect
(
event
).
not_to
be_visible_to
(
admin
)
end
end
end
end
end
...
...
ee/spec/models/issue_spec.rb
View file @
fa73571b
...
@@ -240,7 +240,7 @@ describe Issue do
...
@@ -240,7 +240,7 @@ describe Issue do
describe
'when a user cannot read cross project'
do
describe
'when a user cannot read cross project'
do
it
'only returns issues within the same project'
do
it
'only returns issues within the same project'
do
expect
(
Ability
).
to
receive
(
:allowed?
).
with
(
user
,
:read_all_resources
,
:global
).
and_call_original
expect
(
Ability
).
to
receive
(
:allowed?
).
with
(
user
,
:read_all_resources
,
:global
).
a
t_least
(
:once
).
a
nd_call_original
expect
(
Ability
).
to
receive
(
:allowed?
).
with
(
user
,
:read_cross_project
).
and_return
(
false
)
expect
(
Ability
).
to
receive
(
:allowed?
).
with
(
user
,
:read_cross_project
).
and_return
(
false
)
expect
(
authorized_issue_a
.
related_issues
(
user
))
expect
(
authorized_issue_a
.
related_issues
(
user
))
...
...
ee/spec/models/productivity_analytics_spec.rb
View file @
fa73571b
...
@@ -6,13 +6,16 @@ describe ProductivityAnalytics do
...
@@ -6,13 +6,16 @@ describe ProductivityAnalytics do
describe
'metrics data'
do
describe
'metrics data'
do
subject
(
:analytics
)
{
described_class
.
new
(
merge_requests:
finder_mrs
,
sort:
custom_sort
)
}
subject
(
:analytics
)
{
described_class
.
new
(
merge_requests:
finder_mrs
,
sort:
custom_sort
)
}
let
(
:finder_mrs
)
{
ProductivityAnalyticsFinder
.
new
(
create
(
:admin
),
finder_options
).
execute
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:user
)
{
project
.
owner
}
let
(
:finder_mrs
)
{
ProductivityAnalyticsFinder
.
new
(
user
,
finder_options
).
execute
}
let
(
:finder_options
)
{
{
state:
'merged'
}
}
let
(
:finder_options
)
{
{
state:
'merged'
}
}
let
(
:custom_sort
)
{
nil
}
let
(
:custom_sort
)
{
nil
}
let
(
:label_a
)
{
create
(
:label
)
}
let
(
:label_a
)
{
create
(
:label
,
project:
project
)
}
let
(
:label_b
)
{
create
(
:label
)
}
let
(
:label_b
)
{
create
(
:label
,
project:
project
)
}
let
(
:long_mr
)
do
let
(
:long_mr
)
do
metrics_data
=
{
metrics_data
=
{
...
@@ -25,6 +28,7 @@ describe ProductivityAnalytics do
...
@@ -25,6 +28,7 @@ describe ProductivityAnalytics do
}
}
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
labels:
[
label_a
,
label_b
],
labels:
[
label_a
,
label_b
],
source_project:
project
,
created_at:
31
.
days
.
ago
,
created_at:
31
.
days
.
ago
,
metrics_data:
metrics_data
)
metrics_data:
metrics_data
)
end
end
...
@@ -40,6 +44,7 @@ describe ProductivityAnalytics do
...
@@ -40,6 +44,7 @@ describe ProductivityAnalytics do
}
}
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
source_project:
project
,
created_at:
15
.
days
.
ago
,
created_at:
15
.
days
.
ago
,
metrics_data:
metrics_data
)
metrics_data:
metrics_data
)
end
end
...
@@ -56,6 +61,7 @@ describe ProductivityAnalytics do
...
@@ -56,6 +61,7 @@ describe ProductivityAnalytics do
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
labels:
[
label_a
,
label_b
],
labels:
[
label_a
,
label_b
],
source_project:
project
,
created_at:
31
.
days
.
ago
,
created_at:
31
.
days
.
ago
,
metrics_data:
metrics_data
)
metrics_data:
metrics_data
)
end
end
...
@@ -72,6 +78,7 @@ describe ProductivityAnalytics do
...
@@ -72,6 +78,7 @@ describe ProductivityAnalytics do
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
create
(
:labeled_merge_request
,
:merged
,
:with_productivity_metrics
,
labels:
[
label_a
,
label_b
],
labels:
[
label_a
,
label_b
],
source_project:
project
,
created_at:
31
.
days
.
ago
,
created_at:
31
.
days
.
ago
,
metrics_data:
metrics_data
)
metrics_data:
metrics_data
)
end
end
...
...
ee/spec/policies/base_policy_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
BasePolicy
,
:do_not_mock_admin_mode
do
describe
BasePolicy
do
include
ExternalAuthorizationServiceHelpers
include
ExternalAuthorizationServiceHelpers
let
(
:auditor
)
{
build
(
:auditor
)
}
let
(
:auditor
)
{
build
(
:auditor
)
}
...
...
ee/spec/policies/ci/build_policy_spec.rb
View file @
fa73571b
...
@@ -74,7 +74,13 @@ describe Ci::BuildPolicy do
...
@@ -74,7 +74,13 @@ describe Ci::BuildPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
expect_allowed
(
*
build_permissions
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
expect_allowed
(
*
build_permissions
)
}
end
context
'when admin mode disabled'
do
it
{
expect_disallowed
(
*
build_permissions
)
}
end
context
'when build is not from a webide pipeline'
do
context
'when build is not from a webide pipeline'
do
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
,
source: :chat
)
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
,
source: :chat
)
}
...
@@ -87,8 +93,15 @@ describe Ci::BuildPolicy do
...
@@ -87,8 +93,15 @@ describe Ci::BuildPolicy do
allow
(
build
).
to
receive
(
:has_terminal?
).
and_return
(
false
)
allow
(
build
).
to
receive
(
:has_terminal?
).
and_return
(
false
)
end
end
it
{
expect_allowed
(
:read_web_ide_terminal
,
:update_web_ide_terminal
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
expect_disallowed
(
:create_build_terminal
,
:create_build_service_proxy
)
}
it
{
expect_allowed
(
:read_web_ide_terminal
,
:update_web_ide_terminal
)
}
it
{
expect_disallowed
(
:create_build_terminal
,
:create_build_service_proxy
)
}
end
context
'when admin mode disabled'
do
it
{
expect_disallowed
(
:read_web_ide_terminal
,
:update_web_ide_terminal
)
}
it
{
expect_disallowed
(
:create_build_terminal
,
:create_build_service_proxy
)
}
end
end
end
context
'feature flag "build_service_proxy" is disabled'
do
context
'feature flag "build_service_proxy" is disabled'
do
...
...
ee/spec/policies/clusters/instance_policy_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
Clusters
::
InstancePolicy
do
describe
Clusters
::
InstancePolicy
,
:enable_admin_mode
do
let
(
:user
)
{
build
(
:admin
)
}
let
(
:user
)
{
build
(
:admin
)
}
let
(
:instance
)
{
Clusters
::
Instance
.
new
}
let
(
:instance
)
{
Clusters
::
Instance
.
new
}
...
...
ee/spec/policies/geo/registry_policy_spec.rb
View file @
fa73571b
...
@@ -10,8 +10,16 @@ describe Geo::RegistryPolicy do
...
@@ -10,8 +10,16 @@ describe Geo::RegistryPolicy do
context
'when the user is an admin'
do
context
'when the user is an admin'
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
'allows read_geo_registry for any registry'
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
expect
(
policy
).
to
be_allowed
(
:read_geo_registry
)
it
'allows read_geo_registry for any registry'
do
expect
(
policy
).
to
be_allowed
(
:read_geo_registry
)
end
end
context
'when admin mode is disabled'
do
it
'disallows read_geo_registry for any registry'
do
expect
(
policy
).
to
be_disallowed
(
:read_geo_registry
)
end
end
end
end
end
...
...
ee/spec/policies/geo_node_policy_spec.rb
View file @
fa73571b
...
@@ -10,8 +10,16 @@ describe GeoNodePolicy do
...
@@ -10,8 +10,16 @@ describe GeoNodePolicy do
context
'when the user is an admin'
do
context
'when the user is an admin'
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
'allows read_geo_node for any GeoNode'
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
expect
(
policy
).
to
be_allowed
(
:read_geo_node
)
it
'allows read_geo_node for any GeoNode'
do
expect
(
policy
).
to
be_allowed
(
:read_geo_node
)
end
end
context
'when admin mode is disabled'
do
it
'disallows read_geo_node for any GeoNode'
do
expect
(
policy
).
to
be_disallowed
(
:read_geo_node
)
end
end
end
end
end
...
...
ee/spec/policies/global_policy_spec.rb
View file @
fa73571b
...
@@ -5,6 +5,8 @@ require 'spec_helper'
...
@@ -5,6 +5,8 @@ require 'spec_helper'
describe
GlobalPolicy
do
describe
GlobalPolicy
do
include
ExternalAuthorizationServiceHelpers
include
ExternalAuthorizationServiceHelpers
let_it_be
(
:admin
)
{
create
(
:admin
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
...
@@ -38,9 +40,17 @@ describe GlobalPolicy do
...
@@ -38,9 +40,17 @@ describe GlobalPolicy do
it
{
is_expected
.
to
be_disallowed
(
:destroy_licenses
)
}
it
{
is_expected
.
to
be_disallowed
(
:destroy_licenses
)
}
it
{
is_expected
.
to
be_disallowed
(
:read_all_geo
)
}
it
{
is_expected
.
to
be_disallowed
(
:read_all_geo
)
}
it
{
expect
(
described_class
.
new
(
create
(
:admin
),
[
user
])).
to
be_allowed
(
:read_licenses
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
expect
(
described_class
.
new
(
create
(
:admin
),
[
user
])).
to
be_allowed
(
:destroy_licenses
)
}
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_allowed
(
:read_licenses
)
}
it
{
expect
(
described_class
.
new
(
create
(
:admin
),
[
user
])).
to
be_allowed
(
:read_all_geo
)
}
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_allowed
(
:destroy_licenses
)
}
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_allowed
(
:read_all_geo
)
}
end
context
'when admin mode disabled'
do
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_disallowed
(
:read_licenses
)
}
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_disallowed
(
:destroy_licenses
)
}
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_disallowed
(
:read_all_geo
)
}
end
shared_examples
'analytics policy'
do
|
action
|
shared_examples
'analytics policy'
do
|
action
|
context
'anonymous user'
do
context
'anonymous user'
do
...
@@ -69,15 +79,22 @@ describe GlobalPolicy do
...
@@ -69,15 +79,22 @@ describe GlobalPolicy do
end
end
it
{
is_expected
.
to
be_disallowed
(
:update_max_pages_size
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_max_pages_size
)
}
it
{
expect
(
described_class
.
new
(
create
(
:admin
),
[
user
])).
to
be_allowed
(
:update_max_pages_size
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_allowed
(
:update_max_pages_size
)
}
end
context
'when admin mode disabled'
do
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_disallowed
(
:update_max_pages_size
)
}
end
end
end
it
{
expect
(
described_class
.
new
(
create
(
:admin
)
,
[
user
])).
to
be_disallowed
(
:update_max_pages_size
)
}
it
{
expect
(
described_class
.
new
(
admin
,
[
user
])).
to
be_disallowed
(
:update_max_pages_size
)
}
end
end
describe
'create_group_with_default_branch_protection'
do
describe
'create_group_with_default_branch_protection'
do
context
'for an admin'
do
context
'for an admin'
do
let
(
:current_user
)
{
create
(
:admin
)
}
let
(
:current_user
)
{
admin
}
context
'when the `default_branch_protection_restriction_in_groups` feature is available'
do
context
'when the `default_branch_protection_restriction_in_groups` feature is available'
do
before
do
before
do
...
@@ -97,7 +114,13 @@ describe GlobalPolicy do
...
@@ -97,7 +114,13 @@ describe GlobalPolicy do
stub_ee_application_setting
(
group_owners_can_manage_default_branch_protection:
false
)
stub_ee_application_setting
(
group_owners_can_manage_default_branch_protection:
false
)
end
end
it
{
is_expected
.
to
be_allowed
(
:create_group_with_default_branch_protection
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:create_group_with_default_branch_protection
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:create_group_with_default_branch_protection
)
}
end
end
end
end
end
...
...
ee/spec/policies/group_policy_spec.rb
View file @
fa73571b
...
@@ -418,8 +418,15 @@ describe GroupPolicy do
...
@@ -418,8 +418,15 @@ describe GroupPolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:override_group_member
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:update_group_member
)
}
it
{
is_expected
.
to
be_allowed
(
:override_group_member
)
}
it
{
is_expected
.
to
be_allowed
(
:update_group_member
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:override_group_member
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_group_member
)
}
end
end
end
context
'owner'
do
context
'owner'
do
...
@@ -801,7 +808,13 @@ describe GroupPolicy do
...
@@ -801,7 +808,13 @@ describe GroupPolicy do
stub_ee_application_setting
(
group_owners_can_manage_default_branch_protection:
false
)
stub_ee_application_setting
(
group_owners_can_manage_default_branch_protection:
false
)
end
end
it
{
is_expected
.
to
be_allowed
(
:update_default_branch_protection
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:update_default_branch_protection
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:update_default_branch_protection
)
}
end
end
end
end
end
...
...
ee/spec/policies/namespace_policy_spec.rb
View file @
fa73571b
...
@@ -27,7 +27,13 @@ describe NamespacePolicy do
...
@@ -27,7 +27,13 @@ describe NamespacePolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
build_stubbed
(
:admin
)
}
let
(
:current_user
)
{
build_stubbed
(
:admin
)
}
it
{
is_expected
.
to
be_allowed
(
:create_jira_connect_subscription
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:create_jira_connect_subscription
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:create_jira_connect_subscription
)
}
end
end
end
context
'owner'
do
context
'owner'
do
...
...
ee/spec/policies/project_policy_spec.rb
View file @
fa73571b
...
@@ -4,6 +4,7 @@ require 'spec_helper'
...
@@ -4,6 +4,7 @@ require 'spec_helper'
describe
ProjectPolicy
do
describe
ProjectPolicy
do
include
ExternalAuthorizationServiceHelpers
include
ExternalAuthorizationServiceHelpers
include
AdminModeHelper
let_it_be
(
:owner
)
{
create
(
:user
)
}
let_it_be
(
:owner
)
{
create
(
:user
)
}
let_it_be
(
:admin
)
{
create
(
:admin
)
}
let_it_be
(
:admin
)
{
create
(
:admin
)
}
...
@@ -62,7 +63,8 @@ describe ProjectPolicy do
...
@@ -62,7 +63,8 @@ describe ProjectPolicy do
it_behaves_like
'project policies as developer'
it_behaves_like
'project policies as developer'
it_behaves_like
'project policies as maintainer'
it_behaves_like
'project policies as maintainer'
it_behaves_like
'project policies as owner'
it_behaves_like
'project policies as owner'
it_behaves_like
'project policies as admin'
it_behaves_like
'project policies as admin with admin mode'
it_behaves_like
'project policies as admin without admin mode'
context
'auditor'
do
context
'auditor'
do
let
(
:current_user
)
{
create
(
:user
,
:auditor
)
}
let
(
:current_user
)
{
create
(
:user
,
:auditor
)
}
...
@@ -211,7 +213,13 @@ describe ProjectPolicy do
...
@@ -211,7 +213,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:admin_mirror
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:admin_mirror
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:admin_mirror
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -235,7 +243,13 @@ describe ProjectPolicy do
...
@@ -235,7 +243,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:admin_mirror
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:admin_mirror
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:admin_mirror
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -271,7 +285,13 @@ describe ProjectPolicy do
...
@@ -271,7 +285,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:admin_mirror
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:admin_mirror
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:admin_mirror
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -327,8 +347,16 @@ describe ProjectPolicy do
...
@@ -327,8 +347,16 @@ describe ProjectPolicy do
context
'as an admin'
do
context
'as an admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
'allows access'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
is_expected
.
to
allow_action
(
:read_project
)
it
'allows access'
do
is_expected
.
to
allow_action
(
:read_project
)
end
end
context
'when admin mode disabled'
do
it
'does not allow access'
do
is_expected
.
not_to
allow_action
(
:read_project
)
end
end
end
end
end
...
@@ -375,6 +403,7 @@ describe ProjectPolicy do
...
@@ -375,6 +403,7 @@ describe ProjectPolicy do
before
do
before
do
allow
(
Gitlab
::
IpAddressState
).
to
receive
(
:current
).
and_return
(
'192.168.0.2'
)
allow
(
Gitlab
::
IpAddressState
).
to
receive
(
:current
).
and_return
(
'192.168.0.2'
)
stub_licensed_features
(
group_ip_restriction:
true
)
stub_licensed_features
(
group_ip_restriction:
true
)
group
.
add_developer
(
current_user
)
end
end
context
'group without restriction'
do
context
'group without restriction'
do
...
@@ -421,7 +450,13 @@ describe ProjectPolicy do
...
@@ -421,7 +450,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
permission
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
permission
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
permission
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -506,7 +541,7 @@ describe ProjectPolicy do
...
@@ -506,7 +541,7 @@ describe ProjectPolicy do
end
end
context
'with developer or higher role'
do
context
'with developer or higher role'
do
where
(
role:
%w[
admin
owner maintainer developer]
)
where
(
role:
%w[owner maintainer developer]
)
with_them
do
with_them
do
let
(
:current_user
)
{
public_send
(
role
)
}
let
(
:current_user
)
{
public_send
(
role
)
}
...
@@ -515,6 +550,18 @@ describe ProjectPolicy do
...
@@ -515,6 +550,18 @@ describe ProjectPolicy do
end
end
end
end
context
'with admin'
do
let
(
:current_user
)
{
admin
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:read_threat_monitoring
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_threat_monitoring
)
}
end
end
context
'with less than developer role'
do
context
'with less than developer role'
do
where
(
role:
%w[reporter guest]
)
where
(
role:
%w[reporter guest]
)
...
@@ -617,12 +664,18 @@ describe ProjectPolicy do
...
@@ -617,12 +664,18 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:remove_project
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:remove_project
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:remove_project
)
}
end
context
'who owns the project'
do
context
'who owns the project'
do
let
(
:project
)
{
create
(
:project
,
:public
,
namespace:
admin
.
namespace
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
namespace:
admin
.
namespace
)
}
it
{
is_expected
.
to
be_allowed
(
:remove_project
)
}
it
{
is_expected
.
to
be_
dis
allowed
(
:remove_project
)
}
end
end
end
end
...
@@ -673,7 +726,13 @@ describe ProjectPolicy do
...
@@ -673,7 +726,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:admin_software_license_policy
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:admin_software_license_policy
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:admin_software_license_policy
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -759,7 +818,13 @@ describe ProjectPolicy do
...
@@ -759,7 +818,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:read_dependencies
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:read_dependencies
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_dependencies
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -826,7 +891,7 @@ describe ProjectPolicy do
...
@@ -826,7 +891,7 @@ describe ProjectPolicy do
context
'with private project'
do
context
'with private project'
do
let
(
:project
)
{
create
(
:project
,
:private
,
namespace:
owner
.
namespace
)
}
let
(
:project
)
{
create
(
:project
,
:private
,
namespace:
owner
.
namespace
)
}
where
(
role:
%w[
admin
owner maintainer developer reporter]
)
where
(
role:
%w[owner maintainer developer reporter]
)
with_them
do
with_them
do
let
(
:current_user
)
{
public_send
(
role
)
}
let
(
:current_user
)
{
public_send
(
role
)
}
...
@@ -834,6 +899,18 @@ describe ProjectPolicy do
...
@@ -834,6 +899,18 @@ describe ProjectPolicy do
it
{
is_expected
.
to
be_allowed
(
:read_licenses
)
}
it
{
is_expected
.
to
be_allowed
(
:read_licenses
)
}
end
end
context
'with admin'
do
let
(
:current_user
)
{
admin
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:read_licenses
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_licenses
)
}
end
end
context
'with guest'
do
context
'with guest'
do
let
(
:current_user
)
{
guest
}
let
(
:current_user
)
{
guest
}
...
@@ -883,7 +960,13 @@ describe ProjectPolicy do
...
@@ -883,7 +960,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:create_web_ide_terminal
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:create_web_ide_terminal
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:create_web_ide_terminal
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -937,14 +1020,15 @@ describe ProjectPolicy do
...
@@ -937,14 +1020,15 @@ describe ProjectPolicy do
context
'when feature is available'
do
context
'when feature is available'
do
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:role
,
:allowed
)
do
where
(
:role
,
:admin_mode
,
:allowed
)
do
:anonymous
|
false
:anonymous
|
nil
|
false
:guest
|
false
:guest
|
nil
|
false
:reporter
|
false
:reporter
|
nil
|
false
:developer
|
true
:developer
|
nil
|
true
:maintainer
|
true
:maintainer
|
nil
|
true
:owner
|
true
:owner
|
nil
|
true
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -953,6 +1037,7 @@ describe ProjectPolicy do
...
@@ -953,6 +1037,7 @@ describe ProjectPolicy do
before
do
before
do
stub_feature_flags
(
feature
=>
true
)
stub_feature_flags
(
feature
=>
true
)
stub_licensed_features
(
feature
=>
true
)
stub_licensed_features
(
feature
=>
true
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
...
@@ -1082,7 +1167,13 @@ describe ProjectPolicy do
...
@@ -1082,7 +1167,13 @@ describe ProjectPolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:read_group_timelogs
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:read_group_timelogs
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_group_timelogs
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
@@ -1137,13 +1228,14 @@ describe ProjectPolicy do
...
@@ -1137,13 +1228,14 @@ describe ProjectPolicy do
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:role
,
:allowed
)
do
where
(
:role
,
:admin_mode
,
:allowed
)
do
:guest
|
false
:guest
|
nil
|
false
:reporter
|
true
:reporter
|
nil
|
true
:developer
|
true
:developer
|
nil
|
true
:maintainer
|
true
:maintainer
|
nil
|
true
:owner
|
true
:owner
|
nil
|
true
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -1151,6 +1243,7 @@ describe ProjectPolicy do
...
@@ -1151,6 +1243,7 @@ describe ProjectPolicy do
before
do
before
do
stub_licensed_features
(
code_review_analytics:
true
)
stub_licensed_features
(
code_review_analytics:
true
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
:read_code_review_analytics
)
:
be_disallowed
(
:read_code_review_analytics
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
:read_code_review_analytics
)
:
be_disallowed
(
:read_code_review_analytics
))
}
...
@@ -1214,16 +1307,18 @@ describe ProjectPolicy do
...
@@ -1214,16 +1307,18 @@ describe ProjectPolicy do
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
context
'with merge request approvers rules available in license'
do
context
'with merge request approvers rules available in license'
do
where
(
:role
,
:setting
,
:allowed
)
do
where
(
:role
,
:setting
,
:admin_mode
,
:allowed
)
do
:guest
|
true
|
false
:guest
|
true
|
nil
|
false
:reporter
|
true
|
false
:reporter
|
true
|
nil
|
false
:developer
|
true
|
false
:developer
|
true
|
nil
|
false
:maintainer
|
false
|
true
:maintainer
|
false
|
nil
|
true
:maintainer
|
true
|
false
:maintainer
|
true
|
nil
|
false
:owner
|
false
|
true
:owner
|
false
|
nil
|
true
:owner
|
true
|
false
:owner
|
true
|
nil
|
false
:admin
|
false
|
true
:admin
|
false
|
false
|
false
:admin
|
true
|
true
:admin
|
false
|
true
|
true
:admin
|
true
|
false
|
false
:admin
|
true
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -1232,6 +1327,7 @@ describe ProjectPolicy do
...
@@ -1232,6 +1327,7 @@ describe ProjectPolicy do
before
do
before
do
stub_licensed_features
(
admin_merge_request_approvers_rules:
true
)
stub_licensed_features
(
admin_merge_request_approvers_rules:
true
)
stub_application_setting
(
setting_name
=>
setting
)
stub_application_setting
(
setting_name
=>
setting
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
...
@@ -1239,16 +1335,18 @@ describe ProjectPolicy do
...
@@ -1239,16 +1335,18 @@ describe ProjectPolicy do
end
end
context
'with merge request approvers not available in license'
do
context
'with merge request approvers not available in license'
do
where
(
:role
,
:setting
,
:allowed
)
do
where
(
:role
,
:setting
,
:admin_mode
,
:allowed
)
do
:guest
|
true
|
false
:guest
|
true
|
nil
|
false
:reporter
|
true
|
false
:reporter
|
true
|
nil
|
false
:developer
|
true
|
false
:developer
|
true
|
nil
|
false
:maintainer
|
false
|
true
:maintainer
|
false
|
nil
|
true
:maintainer
|
true
|
true
:maintainer
|
true
|
nil
|
true
:owner
|
false
|
true
:owner
|
false
|
nil
|
true
:owner
|
true
|
true
:owner
|
true
|
nil
|
true
:admin
|
true
|
true
:admin
|
false
|
false
|
false
:admin
|
false
|
true
:admin
|
false
|
true
|
true
:admin
|
true
|
false
|
false
:admin
|
true
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -1257,6 +1355,7 @@ describe ProjectPolicy do
...
@@ -1257,6 +1355,7 @@ describe ProjectPolicy do
before
do
before
do
stub_licensed_features
(
admin_merge_request_approvers_rules:
false
)
stub_licensed_features
(
admin_merge_request_approvers_rules:
false
)
stub_application_setting
(
setting_name
=>
setting
)
stub_application_setting
(
setting_name
=>
setting
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
...
@@ -1291,17 +1390,20 @@ describe ProjectPolicy do
...
@@ -1291,17 +1390,20 @@ describe ProjectPolicy do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
context
'with merge request approvers rules available in license'
do
context
'with merge request approvers rules available in license'
do
where
(
:role
,
:setting
,
:allowed
)
do
where
(
:role
,
:setting
,
:admin_mode
,
:allowed
)
do
:guest
|
true
|
false
:guest
|
true
|
nil
|
false
:reporter
|
true
|
false
:reporter
|
true
|
nil
|
false
:developer
|
true
|
false
:developer
|
true
|
nil
|
false
:maintainer
|
false
|
true
:maintainer
|
false
|
nil
|
true
:maintainer
|
true
|
false
:maintainer
|
true
|
nil
|
false
:owner
|
false
|
true
:owner
|
false
|
nil
|
true
:owner
|
true
|
false
:owner
|
true
|
nil
|
false
:admin
|
false
|
true
:admin
|
false
|
false
|
false
:admin
|
true
|
true
:admin
|
false
|
true
|
true
:admin
|
true
|
false
|
false
:admin
|
true
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -1310,6 +1412,7 @@ describe ProjectPolicy do
...
@@ -1310,6 +1412,7 @@ describe ProjectPolicy do
before
do
before
do
stub_licensed_features
(
admin_merge_request_approvers_rules:
true
)
stub_licensed_features
(
admin_merge_request_approvers_rules:
true
)
stub_application_setting
(
setting_name
=>
setting
)
stub_application_setting
(
setting_name
=>
setting
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
...
@@ -1317,16 +1420,18 @@ describe ProjectPolicy do
...
@@ -1317,16 +1420,18 @@ describe ProjectPolicy do
end
end
context
'with merge request approvers not available in license'
do
context
'with merge request approvers not available in license'
do
where
(
:role
,
:setting
,
:allowed
)
do
where
(
:role
,
:setting
,
:admin_mode
,
:allowed
)
do
:guest
|
true
|
false
:guest
|
true
|
nil
|
false
:reporter
|
true
|
false
:reporter
|
true
|
nil
|
false
:developer
|
true
|
false
:developer
|
true
|
nil
|
false
:maintainer
|
false
|
true
:maintainer
|
false
|
nil
|
true
:maintainer
|
true
|
true
:maintainer
|
true
|
nil
|
true
:owner
|
false
|
true
:owner
|
false
|
nil
|
true
:owner
|
true
|
true
:owner
|
true
|
nil
|
true
:admin
|
true
|
true
:admin
|
false
|
false
|
false
:admin
|
false
|
true
:admin
|
false
|
true
|
true
:admin
|
true
|
false
|
false
:admin
|
true
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -1335,6 +1440,7 @@ describe ProjectPolicy do
...
@@ -1335,6 +1440,7 @@ describe ProjectPolicy do
before
do
before
do
stub_licensed_features
(
admin_merge_request_approvers_rules:
false
)
stub_licensed_features
(
admin_merge_request_approvers_rules:
false
)
stub_application_setting
(
setting_name
=>
setting
)
stub_application_setting
(
setting_name
=>
setting
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
...
@@ -1351,19 +1457,21 @@ describe ProjectPolicy do
...
@@ -1351,19 +1457,21 @@ describe ProjectPolicy do
let
(
:policy
)
{
:admin_compliance_framework
}
let
(
:policy
)
{
:admin_compliance_framework
}
where
(
:role
,
:feature_enabled
,
:allowed
)
do
where
(
:role
,
:feature_enabled
,
:admin_mode
,
:allowed
)
do
:guest
|
false
|
false
:guest
|
false
|
nil
|
false
:guest
|
true
|
false
:guest
|
true
|
nil
|
false
:reporter
|
false
|
false
:reporter
|
false
|
nil
|
false
:reporter
|
true
|
false
:reporter
|
true
|
nil
|
false
:developer
|
false
|
false
:developer
|
false
|
nil
|
false
:developer
|
true
|
false
:developer
|
true
|
nil
|
false
:maintainer
|
false
|
false
:maintainer
|
false
|
nil
|
false
:maintainer
|
true
|
true
:maintainer
|
true
|
nil
|
true
:owner
|
false
|
false
:owner
|
false
|
nil
|
false
:owner
|
true
|
true
:owner
|
true
|
nil
|
true
:admin
|
false
|
false
:admin
|
false
|
false
|
false
:admin
|
true
|
true
:admin
|
false
|
true
|
false
:admin
|
true
|
false
|
false
:admin
|
true
|
true
|
true
end
end
with_them
do
with_them
do
...
@@ -1371,6 +1479,7 @@ describe ProjectPolicy do
...
@@ -1371,6 +1479,7 @@ describe ProjectPolicy do
before
do
before
do
stub_licensed_features
(
compliance_framework:
feature_enabled
)
stub_licensed_features
(
compliance_framework:
feature_enabled
)
enable_admin_mode!
(
current_user
)
if
admin_mode
end
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
...
@@ -1382,18 +1491,23 @@ describe ProjectPolicy do
...
@@ -1382,18 +1491,23 @@ describe ProjectPolicy do
let
(
:policy
)
{
:read_ci_minutes_quota
}
let
(
:policy
)
{
:read_ci_minutes_quota
}
where
(
:role
,
:allowed
)
do
where
(
:role
,
:admin_mode
,
:allowed
)
do
:guest
|
false
:guest
|
nil
|
false
:reporter
|
false
:reporter
|
nil
|
false
:developer
|
true
:developer
|
nil
|
true
:maintainer
|
true
:maintainer
|
nil
|
true
:owner
|
true
:owner
|
nil
|
true
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
let
(
:current_user
)
{
public_send
(
role
)
}
let
(
:current_user
)
{
public_send
(
role
)
}
before
do
enable_admin_mode!
(
current_user
)
if
admin_mode
end
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
it
{
is_expected
.
to
(
allowed
?
be_allowed
(
policy
)
:
be_disallowed
(
policy
))
}
end
end
end
end
...
...
ee/spec/policies/user_policy_spec.rb
View file @
fa73571b
...
@@ -22,14 +22,26 @@ describe UserPolicy do
...
@@ -22,14 +22,26 @@ describe UserPolicy do
context
'when an admin user tries to update a regular user'
do
context
'when an admin user tries to update a regular user'
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
{
is_expected
.
to
be_allowed
(
ability
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
ability
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
not_to
be_allowed
(
ability
)
}
end
end
end
context
'when an admin user tries to update a ghost user'
do
context
'when an admin user tries to update a ghost user'
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:user
)
{
create
(
:user
,
:ghost
)
}
let
(
:user
)
{
create
(
:user
,
:ghost
)
}
it
{
is_expected
.
not_to
be_allowed
(
ability
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
not_to
be_allowed
(
ability
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
not_to
be_allowed
(
ability
)
}
end
end
end
end
end
...
@@ -65,7 +77,13 @@ describe UserPolicy do
...
@@ -65,7 +77,13 @@ describe UserPolicy do
context
'for an admin user'
do
context
'for an admin user'
do
let
(
:current_user
)
{
create
(
:admin
)
}
let
(
:current_user
)
{
create
(
:admin
)
}
it
{
is_expected
.
to
be_allowed
(
:update_name
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:update_name
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
not_to
be_allowed
(
:update_name
)
}
end
end
end
end
end
end
end
...
...
ee/spec/support/shared_examples/policies/protected_environments_shared_examples.rb
View file @
fa73571b
...
@@ -3,6 +3,8 @@
...
@@ -3,6 +3,8 @@
RSpec
.
shared_examples
'protected environments access'
do
|
developer_access
=
true
|
RSpec
.
shared_examples
'protected environments access'
do
|
developer_access
=
true
|
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
include
AdminModeHelper
before
do
before
do
allow
(
License
).
to
receive
(
:feature_available?
).
and_call_original
allow
(
License
).
to
receive
(
:feature_available?
).
and_call_original
allow
(
License
).
to
receive
(
:feature_available?
).
with
(
:protected_environments
).
and_return
(
feature_available
)
allow
(
License
).
to
receive
(
:feature_available?
).
with
(
:protected_environments
).
and_return
(
feature_available
)
...
@@ -11,19 +13,20 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
...
@@ -11,19 +13,20 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
context
'when Protected Environments feature is not available in the project'
do
context
'when Protected Environments feature is not available in the project'
do
let
(
:feature_available
)
{
false
}
let
(
:feature_available
)
{
false
}
where
(
:access_level
,
:result
)
do
where
(
:access_level
,
:admin_mode
,
:result
)
do
:guest
|
false
:guest
|
nil
|
false
:reporter
|
false
:reporter
|
nil
|
false
:developer
|
developer_access
:developer
|
nil
|
developer_access
:maintainer
|
true
:maintainer
|
nil
|
true
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
before
do
before
do
environment
environment
update_user_access
(
access_level
,
user
,
project
)
update_user_access
(
access_level
,
admin_mode
,
user
,
project
)
end
end
it
{
is_expected
.
to
eq
(
result
)
}
it
{
is_expected
.
to
eq
(
result
)
}
...
@@ -37,19 +40,20 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
...
@@ -37,19 +40,20 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
let
(
:protected_environment
)
{
create
(
:protected_environment
,
name:
environment
.
name
,
project:
project
)
}
let
(
:protected_environment
)
{
create
(
:protected_environment
,
name:
environment
.
name
,
project:
project
)
}
context
'when user does not have access to the environment'
do
context
'when user does not have access to the environment'
do
where
(
:access_level
,
:result
)
do
where
(
:access_level
,
:admin_mode
,
:result
)
do
:guest
|
false
:guest
|
nil
|
false
:reporter
|
false
:reporter
|
nil
|
false
:developer
|
false
:developer
|
nil
|
false
:maintainer
|
false
:maintainer
|
nil
|
false
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
before
do
before
do
protected_environment
protected_environment
update_user_access
(
access_level
,
user
,
project
)
update_user_access
(
access_level
,
admin_mode
,
user
,
project
)
end
end
it
{
is_expected
.
to
eq
(
result
)
}
it
{
is_expected
.
to
eq
(
result
)
}
...
@@ -57,19 +61,20 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
...
@@ -57,19 +61,20 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
end
end
context
'when user has access to the environment'
do
context
'when user has access to the environment'
do
where
(
:access_level
,
:result
)
do
where
(
:access_level
,
:admin_mode
,
:result
)
do
:guest
|
false
:guest
|
nil
|
false
:reporter
|
false
:reporter
|
nil
|
false
:developer
|
developer_access
:developer
|
nil
|
developer_access
:maintainer
|
true
:maintainer
|
nil
|
true
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
before
do
before
do
protected_environment
.
deploy_access_levels
.
create
(
user:
user
)
protected_environment
.
deploy_access_levels
.
create
(
user:
user
)
update_user_access
(
access_level
,
user
,
project
)
update_user_access
(
access_level
,
admin_mode
,
user
,
project
)
end
end
it
{
is_expected
.
to
eq
(
result
)
}
it
{
is_expected
.
to
eq
(
result
)
}
...
@@ -78,17 +83,18 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
...
@@ -78,17 +83,18 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
end
end
context
'when environment is not protected'
do
context
'when environment is not protected'
do
where
(
:access_level
,
:result
)
do
where
(
:access_level
,
:admin_mode
,
:result
)
do
:guest
|
false
:guest
|
nil
|
false
:reporter
|
false
:reporter
|
nil
|
false
:developer
|
developer_access
:developer
|
nil
|
developer_access
:maintainer
|
true
:maintainer
|
nil
|
true
:admin
|
true
:admin
|
false
|
false
:admin
|
true
|
true
end
end
with_them
do
with_them
do
before
do
before
do
update_user_access
(
access_level
,
user
,
project
)
update_user_access
(
access_level
,
admin_mode
,
user
,
project
)
end
end
it
{
is_expected
.
to
eq
(
result
)
}
it
{
is_expected
.
to
eq
(
result
)
}
...
@@ -96,9 +102,10 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
...
@@ -96,9 +102,10 @@ RSpec.shared_examples 'protected environments access' do |developer_access = tru
end
end
end
end
def
update_user_access
(
access_level
,
user
,
project
)
def
update_user_access
(
access_level
,
admin_mode
,
user
,
project
)
if
access_level
==
:admin
if
access_level
==
:admin
user
.
update_attribute
(
:admin
,
true
)
user
.
update_attribute
(
:admin
,
true
)
enable_admin_mode!
(
user
)
if
admin_mode
elsif
access_level
.
present?
elsif
access_level
.
present?
project
.
add_user
(
user
,
access_level
)
project
.
add_user
(
user
,
access_level
)
end
end
...
...
spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
Ldap
::
OmniauthCallbacksController
,
:do_not_mock_admin_mode
do
describe
Ldap
::
OmniauthCallbacksController
do
include_context
'Ldap::OmniauthCallbacksController'
include_context
'Ldap::OmniauthCallbacksController'
it
'allows sign in'
do
it
'allows sign in'
do
...
...
spec/controllers/omniauth_callbacks_controller_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
OmniauthCallbacksController
,
type: :controller
,
do_not_mock_admin_mode:
true
do
describe
OmniauthCallbacksController
,
type: :controller
do
include
LoginHelpers
include
LoginHelpers
describe
'omniauth'
do
describe
'omniauth'
do
...
...
spec/models/ability_spec.rb
View file @
fa73571b
...
@@ -74,13 +74,20 @@ describe Ability do
...
@@ -74,13 +74,20 @@ describe Ability do
context
'using a private project'
do
context
'using a private project'
do
let
(
:project
)
{
create
(
:project
,
:private
)
}
let
(
:project
)
{
create
(
:project
,
:private
)
}
it
'returns users that are administrators
'
do
it
'returns users that are administrators
when admin mode is enabled'
,
:enable_admin_mode
do
user
=
build
(
:user
,
admin:
true
)
user
=
build
(
:user
,
admin:
true
)
expect
(
described_class
.
users_that_can_read_project
([
user
],
project
))
expect
(
described_class
.
users_that_can_read_project
([
user
],
project
))
.
to
eq
([
user
])
.
to
eq
([
user
])
end
end
it
'does not return users that are administrators when admin mode is disabled'
do
user
=
build
(
:user
,
admin:
true
)
expect
(
described_class
.
users_that_can_read_project
([
user
],
project
))
.
to
eq
([])
end
it
'returns external users if they are the project owner'
do
it
'returns external users if they are the project owner'
do
user1
=
build
(
:user
,
external:
true
)
user1
=
build
(
:user
,
external:
true
)
user2
=
build
(
:user
,
external:
true
)
user2
=
build
(
:user
,
external:
true
)
...
@@ -145,7 +152,7 @@ describe Ability do
...
@@ -145,7 +152,7 @@ describe Ability do
end
end
describe
'.merge_requests_readable_by_user'
do
describe
'.merge_requests_readable_by_user'
do
context
'with an admin
'
do
context
'with an admin
when admin mode is enabled'
,
:enable_admin_mode
do
it
'returns all merge requests'
do
it
'returns all merge requests'
do
user
=
build
(
:user
,
admin:
true
)
user
=
build
(
:user
,
admin:
true
)
merge_request
=
build
(
:merge_request
)
merge_request
=
build
(
:merge_request
)
...
@@ -155,6 +162,19 @@ describe Ability do
...
@@ -155,6 +162,19 @@ describe Ability do
end
end
end
end
context
'with an admin when admin mode is disabled'
do
it
'returns merge_requests that are publicly visible'
do
user
=
build
(
:user
,
admin:
true
)
hidden_merge_request
=
build
(
:merge_request
)
visible_merge_request
=
build
(
:merge_request
,
source_project:
build
(
:project
,
:public
))
merge_requests
=
described_class
.
merge_requests_readable_by_user
([
hidden_merge_request
,
visible_merge_request
],
user
)
expect
(
merge_requests
).
to
eq
([
visible_merge_request
])
end
end
context
'without a user'
do
context
'without a user'
do
it
'returns merge_requests that are publicly visible'
do
it
'returns merge_requests that are publicly visible'
do
hidden_merge_request
=
build
(
:merge_request
)
hidden_merge_request
=
build
(
:merge_request
)
...
@@ -217,7 +237,7 @@ describe Ability do
...
@@ -217,7 +237,7 @@ describe Ability do
end
end
describe
'.issues_readable_by_user'
do
describe
'.issues_readable_by_user'
do
context
'with an admin
user'
do
context
'with an admin
when admin mode is enabled'
,
:enable_admin_mode
do
it
'returns all given issues'
do
it
'returns all given issues'
do
user
=
build
(
:user
,
admin:
true
)
user
=
build
(
:user
,
admin:
true
)
issue
=
build
(
:issue
)
issue
=
build
(
:issue
)
...
@@ -227,6 +247,26 @@ describe Ability do
...
@@ -227,6 +247,26 @@ describe Ability do
end
end
end
end
context
'with an admin when admin mode is disabled'
do
it
'returns the issues readable by the admin'
do
user
=
build
(
:user
,
admin:
true
)
issue
=
build
(
:issue
)
expect
(
issue
).
to
receive
(
:readable_by?
).
with
(
user
).
and_return
(
true
)
expect
(
described_class
.
issues_readable_by_user
([
issue
],
user
))
.
to
eq
([
issue
])
end
it
'returns no issues when not given access'
do
user
=
build
(
:user
,
admin:
true
)
issue
=
build
(
:issue
)
expect
(
described_class
.
issues_readable_by_user
([
issue
],
user
))
.
to
be_empty
end
end
context
'with a regular user'
do
context
'with a regular user'
do
it
'returns the issues readable by the user'
do
it
'returns the issues readable by the user'
do
user
=
build
(
:user
)
user
=
build
(
:user
)
...
...
spec/models/cycle_analytics/code_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#code' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#code' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
subject
{
project_level
}
subject
{
project_level
}
...
...
spec/models/cycle_analytics/issue_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#issue' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#issue' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
subject
{
project_level
}
subject
{
project_level
}
...
...
spec/models/cycle_analytics/plan_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#plan' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#plan' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
subject
{
project_level
}
subject
{
project_level
}
...
...
spec/models/cycle_analytics/production_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#production' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#production' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
subject
{
project_level
}
subject
{
project_level
}
...
...
spec/models/cycle_analytics/project_level_spec.rb
View file @
fa73571b
...
@@ -5,7 +5,7 @@ require 'spec_helper'
...
@@ -5,7 +5,7 @@ require 'spec_helper'
describe
CycleAnalytics
::
ProjectLevel
do
describe
CycleAnalytics
::
ProjectLevel
do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:issue
)
{
create
(
:issue
,
project:
project
,
created_at:
2
.
days
.
ago
)
}
let_it_be
(
:issue
)
{
create
(
:issue
,
project:
project
,
created_at:
2
.
days
.
ago
)
}
let_it_be
(
:milestone
)
{
create
(
:milestone
,
project:
project
)
}
let_it_be
(
:milestone
)
{
create
(
:milestone
,
project:
project
)
}
let
(
:mr
)
{
create_merge_request_closing_issue
(
user
,
project
,
issue
,
commit_message:
"References
#{
issue
.
to_reference
}
"
)
}
let
(
:mr
)
{
create_merge_request_closing_issue
(
user
,
project
,
issue
,
commit_message:
"References
#{
issue
.
to_reference
}
"
)
}
...
...
spec/models/cycle_analytics/review_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#review' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#review' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
subject
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
subject
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
...
...
spec/models/cycle_analytics/staging_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#staging' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#staging' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
subject
{
project_level
}
subject
{
project_level
}
...
...
spec/models/cycle_analytics/test_spec.rb
View file @
fa73571b
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#test' do
...
@@ -7,7 +7,7 @@ describe 'CycleAnalytics#test' do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:from_date
)
{
10
.
days
.
ago
}
let_it_be
(
:user
)
{
create
(
:user
,
:admin
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let_it_be
(
:issue
)
{
create
(
:issue
,
project:
project
)
}
let_it_be
(
:issue
)
{
create
(
:issue
,
project:
project
)
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let_it_be
(
:project_level
)
{
CycleAnalytics
::
ProjectLevel
.
new
(
project
,
options:
{
from:
from_date
})
}
let!
(
:merge_request
)
{
create_merge_request_closing_issue
(
user
,
project
,
issue
)
}
let!
(
:merge_request
)
{
create_merge_request_closing_issue
(
user
,
project
,
issue
)
}
...
...
spec/models/event_spec.rb
View file @
fa73571b
...
@@ -287,8 +287,16 @@ describe Event do
...
@@ -287,8 +287,16 @@ describe Event do
context
'private project'
do
context
'private project'
do
let
(
:project
)
{
create
(
:project
,
:private
,
:repository
)
}
let
(
:project
)
{
create
(
:project
,
:private
,
:repository
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_none_except
(
:member
,
:admin
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:member
,
:admin
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:member
)
}
end
end
end
end
end
end
end
...
@@ -340,8 +348,16 @@ describe Event do
...
@@ -340,8 +348,16 @@ describe Event do
let
(
:project
)
{
private_project
}
let
(
:project
)
{
private_project
}
let
(
:target
)
{
note_on_issue
}
let
(
:target
)
{
note_on_issue
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
,
:admin
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
,
:admin
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
)
}
end
end
end
include_examples
'visible to assignee and author'
,
false
include_examples
'visible to assignee and author'
,
false
...
@@ -366,8 +382,16 @@ describe Event do
...
@@ -366,8 +382,16 @@ describe Event do
context
'private project'
do
context
'private project'
do
let
(
:project
)
{
private_project
}
let
(
:project
)
{
private_project
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_none_except
(
:member
,
:admin
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:member
,
:admin
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:member
)
}
end
end
end
include_examples
'visible to assignee'
,
false
include_examples
'visible to assignee'
,
false
...
@@ -384,16 +408,32 @@ describe Event do
...
@@ -384,16 +408,32 @@ describe Event do
context
'on public project with private issue tracker and merge requests'
do
context
'on public project with private issue tracker and merge requests'
do
let
(
:project
)
{
create
(
:project
,
:public
,
:issues_private
,
:merge_requests_private
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
:issues_private
,
:merge_requests_private
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
,
:admin
)
}
end
end
end
end
end
context
'on private project'
do
context
'on private project'
do
let
(
:project
)
{
create
(
:project
,
:private
)
}
let
(
:project
)
{
create
(
:project
,
:private
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
,
:admin
)
}
end
end
end
end
end
end
end
...
@@ -404,8 +444,16 @@ describe Event do
...
@@ -404,8 +444,16 @@ describe Event do
context
'on private project'
,
:aggregate_failures
do
context
'on private project'
,
:aggregate_failures
do
let
(
:project
)
{
create
(
:project
,
:wiki_repo
)
}
let
(
:project
)
{
create
(
:project
,
:wiki_repo
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_all_except
(
:logged_out
,
:non_member
,
:admin
)
}
end
end
end
end
end
...
@@ -428,9 +476,18 @@ describe Event do
...
@@ -428,9 +476,18 @@ describe Event do
context
'on public project with private snippets'
do
context
'on public project with private snippets'
do
let
(
:project
)
{
create
(
:project
,
:public
,
:snippets_private
)
}
let
(
:project
)
{
create
(
:project
,
:public
,
:snippets_private
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
,
:admin
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
,
:admin
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
)
}
end
end
end
# Normally, we'd expect the author of a comment to be able to view it.
# Normally, we'd expect the author of a comment to be able to view it.
# However, this doesn't seem to be the case for comments on snippets.
# However, this doesn't seem to be the case for comments on snippets.
...
@@ -440,9 +497,18 @@ describe Event do
...
@@ -440,9 +497,18 @@ describe Event do
context
'on private project'
do
context
'on private project'
do
let
(
:project
)
{
create
(
:project
,
:private
)
}
let
(
:project
)
{
create
(
:project
,
:private
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
,
:admin
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
,
:admin
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:guest
,
:member
)
}
end
end
end
# Normally, we'd expect the author of a comment to be able to view it.
# Normally, we'd expect the author of a comment to be able to view it.
# However, this doesn't seem to be the case for comments on snippets.
# However, this doesn't seem to be the case for comments on snippets.
...
@@ -470,8 +536,16 @@ describe Event do
...
@@ -470,8 +536,16 @@ describe Event do
context
'on private snippet'
do
context
'on private snippet'
do
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:private
,
author:
author
)
}
let
(
:personal_snippet
)
{
create
(
:personal_snippet
,
:private
,
author:
author
)
}
include_examples
'visibility examples'
do
context
'when admin mode enabled'
,
:enable_admin_mode
do
let
(
:visibility
)
{
visible_to_none_except
(
:admin
)
}
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none_except
(
:admin
)
}
end
end
context
'when admin mode disabled'
do
include_examples
'visibility examples'
do
let
(
:visibility
)
{
visible_to_none
}
end
end
end
include_examples
'visible to author'
,
true
include_examples
'visible to author'
,
true
...
...
spec/models/issue_spec.rb
View file @
fa73571b
...
@@ -612,8 +612,15 @@ describe Issue do
...
@@ -612,8 +612,15 @@ describe Issue do
context
'with an admin user'
do
context
'with an admin user'
do
let
(
:user
)
{
build
(
:admin
)
}
let
(
:user
)
{
build
(
:admin
)
}
it_behaves_like
'issue readable by user'
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it_behaves_like
'confidential issue readable by user'
it_behaves_like
'issue readable by user'
it_behaves_like
'confidential issue readable by user'
end
context
'when admin mode is disabled'
do
it_behaves_like
'issue not readable by user'
it_behaves_like
'confidential issue not readable by user'
end
end
end
context
'with an owner'
do
context
'with an owner'
do
...
@@ -732,13 +739,29 @@ describe Issue do
...
@@ -732,13 +739,29 @@ describe Issue do
expect
(
issue
.
visible_to_user?
(
user
)).
to
be_falsy
expect
(
issue
.
visible_to_user?
(
user
)).
to
be_falsy
end
end
it
'does not check the external webservice for admins'
do
context
'with an admin'
do
issue
=
build
(
:issue
)
context
'when admin mode is enabled'
,
:enable_admin_mode
do
user
=
build
(
:admin
)
it
'does not check the external webservice'
do
issue
=
build
(
:issue
)
user
=
build
(
:admin
)
expect
(
::
Gitlab
::
ExternalAuthorization
).
not_to
receive
(
:access_allowed?
)
expect
(
::
Gitlab
::
ExternalAuthorization
).
not_to
receive
(
:access_allowed?
)
issue
.
visible_to_user?
(
user
)
end
end
context
'when admin mode is disabled'
do
it
'checks the external service to determine if an issue is readable by the admin'
do
project
=
build
(
:project
,
:public
,
external_authorization_classification_label:
'a-label'
)
issue
=
build
(
:issue
,
project:
project
)
user
=
build
(
:admin
)
issue
.
visible_to_user?
(
user
)
expect
(
::
Gitlab
::
ExternalAuthorization
).
to
receive
(
:access_allowed?
).
with
(
user
,
'a-label'
)
{
false
}
expect
(
issue
.
visible_to_user?
(
user
)).
to
be_falsy
end
end
end
end
end
end
...
...
spec/models/member_spec.rb
View file @
fa73571b
...
@@ -241,10 +241,22 @@ describe Member do
...
@@ -241,10 +241,22 @@ describe Member do
expect
(
member
).
to
be_persisted
expect
(
member
).
to
be_persisted
end
end
it
'sets members.created_by to the given current_user'
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
member
=
described_class
.
add_user
(
source
,
user
,
:maintainer
,
current_user:
admin
)
it
'sets members.created_by to the given admin current_user'
do
member
=
described_class
.
add_user
(
source
,
user
,
:maintainer
,
current_user:
admin
)
expect
(
member
.
created_by
).
to
eq
(
admin
)
expect
(
member
.
created_by
).
to
eq
(
admin
)
end
end
context
'when admin mode is disabled'
do
# Skipped because `Group#max_member_access_for_user` needs to be migrated to use admin mode
# https://gitlab.com/gitlab-org/gitlab/-/issues/207950
xit
'rejects setting members.created_by to the given admin current_user'
do
member
=
described_class
.
add_user
(
source
,
user
,
:maintainer
,
current_user:
admin
)
expect
(
member
.
created_by
).
not_to
be_persisted
end
end
end
it
'sets members.expires_at to the given expires_at'
do
it
'sets members.expires_at to the given expires_at'
do
...
@@ -353,7 +365,7 @@ describe Member do
...
@@ -353,7 +365,7 @@ describe Member do
end
end
end
end
context
'when current_user can update member'
do
context
'when current_user can update member'
,
:enable_admin_mode
do
it
'creates the member'
do
it
'creates the member'
do
expect
(
source
.
users
).
not_to
include
(
user
)
expect
(
source
.
users
).
not_to
include
(
user
)
...
@@ -421,7 +433,7 @@ describe Member do
...
@@ -421,7 +433,7 @@ describe Member do
end
end
end
end
context
'when current_user can update member'
do
context
'when current_user can update member'
,
:enable_admin_mode
do
it
'updates the member'
do
it
'updates the member'
do
expect
(
source
.
users
).
to
include
(
user
)
expect
(
source
.
users
).
to
include
(
user
)
...
...
spec/models/project_feature_spec.rb
View file @
fa73571b
...
@@ -31,27 +31,30 @@ describe ProjectFeature do
...
@@ -31,27 +31,30 @@ describe ProjectFeature do
context
'when features are disabled'
do
context
'when features are disabled'
do
it
"returns false"
do
it
"returns false"
do
update_all_project_features
(
project
,
features
,
ProjectFeature
::
DISABLED
)
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
DISABLED
)
expect
(
project
.
feature_available?
(
feature
.
to_sym
,
user
)).
to
eq
(
false
),
"
#{
feature
}
failed"
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
false
)
end
end
end
end
end
end
context
'when features are enabled only for team members'
do
context
'when features are enabled only for team members'
do
it
"returns false when user is not a team member"
do
it
"returns false when user is not a team member"
do
update_all_project_features
(
project
,
features
,
ProjectFeature
::
PRIVATE
)
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
PRIVATE
)
expect
(
project
.
feature_available?
(
feature
.
to_sym
,
user
)).
to
eq
(
false
),
"
#{
feature
}
failed"
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
false
)
end
end
end
end
it
"returns true when user is a team member"
do
it
"returns true when user is a team member"
do
project
.
add_developer
(
user
)
project
.
add_developer
(
user
)
update_all_project_features
(
project
,
features
,
ProjectFeature
::
PRIVATE
)
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
PRIVATE
)
expect
(
project
.
feature_available?
(
feature
.
to_sym
,
user
)).
to
eq
(
true
),
"
#{
feature
}
failed"
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
true
)
end
end
end
end
...
@@ -60,27 +63,41 @@ describe ProjectFeature do
...
@@ -60,27 +63,41 @@ describe ProjectFeature do
project
=
create
(
:project
,
namespace:
group
)
project
=
create
(
:project
,
namespace:
group
)
group
.
add_developer
(
user
)
group
.
add_developer
(
user
)
update_all_project_features
(
project
,
features
,
ProjectFeature
::
PRIVATE
)
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
PRIVATE
)
expect
(
project
.
feature_available?
(
feature
.
to_sym
,
user
)).
to
eq
(
true
),
"
#{
feature
}
failed"
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
true
)
end
end
end
end
it
"returns true if user is an admin"
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
user
.
update_attribute
(
:admin
,
true
)
it
"returns true if user is an admin"
do
user
.
update_attribute
(
:admin
,
true
)
features
.
each
do
|
feature
|
update_all_project_features
(
project
,
features
,
ProjectFeature
::
PRIVATE
)
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
PRIVATE
)
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
true
)
features
.
each
do
|
feature
|
expect
(
project
.
feature_available?
(
feature
.
to_sym
,
user
)).
to
eq
(
true
),
"
#{
feature
}
failed"
end
end
end
context
'when admin mode is disabled'
do
it
"returns false when user is an admin"
do
user
.
update_attribute
(
:admin
,
true
)
update_all_project_features
(
project
,
features
,
ProjectFeature
::
PRIVATE
)
features
.
each
do
|
feature
|
expect
(
project
.
feature_available?
(
feature
.
to_sym
,
user
)).
to
eq
(
false
),
"
#{
feature
}
failed"
end
end
end
end
end
end
end
context
'when feature is enabled for everyone'
do
context
'when feature is enabled for everyone'
do
it
"returns true"
do
it
"returns true"
do
features
.
each
do
|
feature
|
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
true
)
expect
(
project
.
feature_available?
(
:issues
,
user
)).
to
eq
(
true
)
end
end
end
end
end
...
@@ -117,7 +134,7 @@ describe ProjectFeature do
...
@@ -117,7 +134,7 @@ describe ProjectFeature do
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
field
=
"
#{
feature
}
_access_level"
.
to_sym
field
=
"
#{
feature
}
_access_level"
.
to_sym
project_feature
.
update_attribute
(
field
,
ProjectFeature
::
ENABLED
)
project_feature
.
update_attribute
(
field
,
ProjectFeature
::
ENABLED
)
expect
(
project_feature
.
valid?
).
to
be_falsy
expect
(
project_feature
.
valid?
).
to
be_falsy
,
"
#{
field
}
failed"
end
end
end
end
end
end
...
@@ -131,7 +148,7 @@ describe ProjectFeature do
...
@@ -131,7 +148,7 @@ describe ProjectFeature do
field
=
"
#{
feature
}
_access_level"
.
to_sym
field
=
"
#{
feature
}
_access_level"
.
to_sym
project_feature
.
update_attribute
(
field
,
ProjectFeature
::
PUBLIC
)
project_feature
.
update_attribute
(
field
,
ProjectFeature
::
PUBLIC
)
expect
(
project_feature
.
valid?
).
to
be_falsy
expect
(
project_feature
.
valid?
).
to
be_falsy
,
"
#{
field
}
failed"
end
end
end
end
end
end
...
@@ -140,22 +157,24 @@ describe ProjectFeature do
...
@@ -140,22 +157,24 @@ describe ProjectFeature do
let
(
:features
)
{
%w(wiki builds merge_requests)
}
let
(
:features
)
{
%w(wiki builds merge_requests)
}
it
"returns false when feature is disabled"
do
it
"returns false when feature is disabled"
do
update_all_project_features
(
project
,
features
,
ProjectFeature
::
DISABLED
)
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
DISABLED
)
expect
(
project
.
public_send
(
"
#{
feature
}
_enabled?"
)).
to
eq
(
false
),
"
#{
feature
}
failed"
expect
(
project
.
public_send
(
"
#{
feature
}
_enabled?"
)).
to
eq
(
false
)
end
end
end
end
it
"returns true when feature is enabled only for team members"
do
it
"returns true when feature is enabled only for team members"
do
update_all_project_features
(
project
,
features
,
ProjectFeature
::
PRIVATE
)
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
project
.
project_feature
.
update_attribute
(
"
#{
feature
}
_access_level"
.
to_sym
,
ProjectFeature
::
PRIVATE
)
expect
(
project
.
public_send
(
"
#{
feature
}
_enabled?"
)).
to
eq
(
true
),
"
#{
feature
}
failed"
expect
(
project
.
public_send
(
"
#{
feature
}
_enabled?"
)).
to
eq
(
true
)
end
end
end
end
it
"returns true when feature is enabled for everyone"
do
it
"returns true when feature is enabled for everyone"
do
features
.
each
do
|
feature
|
features
.
each
do
|
feature
|
expect
(
project
.
public_send
(
"
#{
feature
}
_enabled?"
)).
to
eq
(
true
)
expect
(
project
.
public_send
(
"
#{
feature
}
_enabled?"
)).
to
eq
(
true
)
,
"
#{
feature
}
failed"
end
end
end
end
end
end
...
@@ -198,7 +217,7 @@ describe ProjectFeature do
...
@@ -198,7 +217,7 @@ describe ProjectFeature do
end
end
describe
'#public_pages?'
do
describe
'#public_pages?'
do
it
'returns true if Pages access control
l
is not enabled'
do
it
'returns true if Pages access control is not enabled'
do
stub_config
(
pages:
{
access_control:
false
})
stub_config
(
pages:
{
access_control:
false
})
project_feature
=
described_class
.
new
(
pages_access_level:
described_class
::
PRIVATE
)
project_feature
=
described_class
.
new
(
pages_access_level:
described_class
::
PRIVATE
)
...
@@ -281,7 +300,7 @@ describe ProjectFeature do
...
@@ -281,7 +300,7 @@ describe ProjectFeature do
it
'raises error if feature is invalid'
do
it
'raises error if feature is invalid'
do
expect
do
expect
do
described_class
.
required_minimum_access_level
(
:foos
)
described_class
.
required_minimum_access_level
(
:foos
)
end
.
to
raise_error
end
.
to
raise_error
(
ArgumentError
)
end
end
end
end
...
@@ -294,4 +313,9 @@ describe ProjectFeature do
...
@@ -294,4 +313,9 @@ describe ProjectFeature do
expect
(
described_class
.
required_minimum_access_level_for_private_project
(
:issues
)).
to
eq
(
Gitlab
::
Access
::
GUEST
)
expect
(
described_class
.
required_minimum_access_level_for_private_project
(
:issues
)).
to
eq
(
Gitlab
::
Access
::
GUEST
)
end
end
end
end
def
update_all_project_features
(
project
,
features
,
value
)
project_feature_attributes
=
features
.
map
{
|
f
|
[
"
#{
f
}
_access_level"
,
value
]
}.
to_h
project
.
project_feature
.
update
(
project_feature_attributes
)
end
end
end
spec/models/project_spec.rb
View file @
fa73571b
...
@@ -3777,7 +3777,7 @@ describe Project do
...
@@ -3777,7 +3777,7 @@ describe Project do
end
end
end
end
describe
'.filter_by_feature_visibility'
do
describe
'.filter_by_feature_visibility'
,
:enable_admin_mode
do
include_context
'ProjectPolicyTable context'
include_context
'ProjectPolicyTable context'
include
ProjectHelpers
include
ProjectHelpers
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
...
...
spec/models/spam_log_spec.rb
View file @
fa73571b
...
@@ -20,15 +20,30 @@ describe SpamLog do
...
@@ -20,15 +20,30 @@ describe SpamLog do
expect
{
spam_log
.
remove_user
(
deleted_by:
admin
)
}.
to
change
{
spam_log
.
user
.
blocked?
}.
to
(
true
)
expect
{
spam_log
.
remove_user
(
deleted_by:
admin
)
}.
to
change
{
spam_log
.
user
.
blocked?
}.
to
(
true
)
end
end
it
'removes the user'
,
:sidekiq_might_not_need_inline
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
spam_log
=
build
(
:spam_log
)
it
'removes the user'
,
:sidekiq_might_not_need_inline
do
user
=
spam_log
.
user
spam_log
=
build
(
:spam_log
)
user
=
spam_log
.
user
perform_enqueued_jobs
do
spam_log
.
remove_user
(
deleted_by:
admin
)
end
perform_enqueued_jobs
do
expect
{
User
.
find
(
user
.
id
)
}.
to
raise_error
(
ActiveRecord
::
RecordNotFound
)
spam_log
.
remove_user
(
deleted_by:
admin
)
end
end
end
expect
{
User
.
find
(
user
.
id
)
}.
to
raise_error
(
ActiveRecord
::
RecordNotFound
)
context
'when admin mode is disabled'
do
it
'does not allow to remove the user'
,
:sidekiq_might_not_need_inline
do
spam_log
=
build
(
:spam_log
)
user
=
spam_log
.
user
perform_enqueued_jobs
do
spam_log
.
remove_user
(
deleted_by:
admin
)
end
expect
(
User
.
exists?
(
user
.
id
)).
to
be
(
true
)
end
end
end
end
end
...
...
spec/models/user_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
User
,
:do_not_mock_admin_mode
do
describe
User
do
include
ProjectForksHelper
include
ProjectForksHelper
include
TermsHelper
include
TermsHelper
include
ExclusiveLeaseHelpers
include
ExclusiveLeaseHelpers
...
...
spec/policies/base_policy_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
BasePolicy
,
:do_not_mock_admin_mode
do
describe
BasePolicy
do
include
ExternalAuthorizationServiceHelpers
include
ExternalAuthorizationServiceHelpers
include
AdminModeHelper
include
AdminModeHelper
...
...
spec/policies/blob_policy_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
BlobPolicy
do
describe
BlobPolicy
,
:enable_admin_mode
do
include_context
'ProjectPolicyTable context'
include_context
'ProjectPolicyTable context'
include
ProjectHelpers
include
ProjectHelpers
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
...
...
spec/policies/clusters/cluster_policy_spec.rb
View file @
fa73571b
...
@@ -80,8 +80,15 @@ describe Clusters::ClusterPolicy, :models do
...
@@ -80,8 +80,15 @@ describe Clusters::ClusterPolicy, :models do
context
'when admin'
do
context
'when admin'
do
let
(
:user
)
{
create
(
:admin
)
}
let
(
:user
)
{
create
(
:admin
)
}
it
{
expect
(
policy
).
to
be_allowed
:update_cluster
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect
(
policy
).
to
be_allowed
:admin_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:update_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:admin_cluster
}
end
context
'when admin mode is disabled'
do
it
{
expect
(
policy
).
to
be_disallowed
:update_cluster
}
it
{
expect
(
policy
).
to
be_disallowed
:admin_cluster
}
end
end
end
end
end
end
end
...
...
spec/policies/clusters/instance_policy_spec.rb
View file @
fa73571b
...
@@ -18,11 +18,21 @@ describe Clusters::InstancePolicy do
...
@@ -18,11 +18,21 @@ describe Clusters::InstancePolicy do
context
'when admin'
do
context
'when admin'
do
let
(
:user
)
{
create
(
:admin
)
}
let
(
:user
)
{
create
(
:admin
)
}
it
{
expect
(
policy
).
to
be_allowed
:read_cluster
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect
(
policy
).
to
be_allowed
:add_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:read_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:create_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:add_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:update_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:create_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:admin_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:update_cluster
}
it
{
expect
(
policy
).
to
be_allowed
:admin_cluster
}
end
context
'when admin mode is disabled'
do
it
{
expect
(
policy
).
to
be_disallowed
:read_cluster
}
it
{
expect
(
policy
).
to
be_disallowed
:add_cluster
}
it
{
expect
(
policy
).
to
be_disallowed
:create_cluster
}
it
{
expect
(
policy
).
to
be_disallowed
:update_cluster
}
it
{
expect
(
policy
).
to
be_disallowed
:admin_cluster
}
end
end
end
end
end
end
end
spec/policies/deploy_key_policy_spec.rb
View file @
fa73571b
...
@@ -42,16 +42,28 @@ describe DeployKeyPolicy do
...
@@ -42,16 +42,28 @@ describe DeployKeyPolicy do
context
'when an admin user'
do
context
'when an admin user'
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
context
'
tries to update private deploy key'
do
context
'tries to update private deploy key'
do
let
(
:deploy_key
)
{
create
(
:deploy_key
,
public:
false
)
}
let
(
:deploy_key
)
{
create
(
:deploy_key
,
public:
false
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:update_deploy_key
)
}
end
end
end
context
'when an admin user tries to update public deploy key'
do
context
'when an admin user tries to update public deploy key'
do
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
let
(
:deploy_key
)
{
create
(
:another_deploy_key
,
public:
true
)
}
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:update_deploy_key
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:update_deploy_key
)
}
end
end
end
end
end
end
end
...
...
spec/policies/design_management/design_policy_spec.rb
View file @
fa73571b
...
@@ -71,7 +71,14 @@ describe DesignManagement::DesignPolicy do
...
@@ -71,7 +71,14 @@ describe DesignManagement::DesignPolicy do
context
"for admins"
do
context
"for admins"
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
*
design_abilities
)
}
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
*
design_abilities
)
}
end
context
'when admin mode disabled'
do
it
{
is_expected
.
to
be_allowed
(
*
guest_design_abilities
)
}
it
{
is_expected
.
to
be_disallowed
(
*
developer_design_abilities
)
}
end
end
end
context
"for maintainers"
do
context
"for maintainers"
do
...
...
spec/policies/environment_policy_spec.rb
View file @
fa73571b
...
@@ -37,7 +37,13 @@ describe EnvironmentPolicy do
...
@@ -37,7 +37,13 @@ describe EnvironmentPolicy do
context
'when an admin user'
do
context
'when an admin user'
do
let
(
:user
)
{
create
(
:user
,
:admin
)
}
let
(
:user
)
{
create
(
:user
,
:admin
)
}
it
{
expect
(
policy
).
to
be_allowed
:stop_environment
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect
(
policy
).
to
be_allowed
:stop_environment
}
end
context
'when admin mode is disabled'
do
it
{
expect
(
policy
).
to
be_disallowed
:stop_environment
}
end
end
end
context
'with protected branch'
do
context
'with protected branch'
do
...
@@ -54,7 +60,13 @@ describe EnvironmentPolicy do
...
@@ -54,7 +60,13 @@ describe EnvironmentPolicy do
context
'when an admin user'
do
context
'when an admin user'
do
let
(
:user
)
{
create
(
:user
,
:admin
)
}
let
(
:user
)
{
create
(
:user
,
:admin
)
}
it
{
expect
(
policy
).
to
be_allowed
:stop_environment
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect
(
policy
).
to
be_allowed
:stop_environment
}
end
context
'when admin mode is disabled'
do
it
{
expect
(
policy
).
to
be_disallowed
:stop_environment
}
end
end
end
end
end
end
end
...
@@ -83,7 +95,13 @@ describe EnvironmentPolicy do
...
@@ -83,7 +95,13 @@ describe EnvironmentPolicy do
context
'when an admin user'
do
context
'when an admin user'
do
let
(
:user
)
{
create
(
:user
,
:admin
)
}
let
(
:user
)
{
create
(
:user
,
:admin
)
}
it
{
expect
(
policy
).
to
be_allowed
:stop_environment
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect
(
policy
).
to
be_allowed
:stop_environment
}
end
context
'when admin mode is disabled'
do
it
{
expect
(
policy
).
to
be_disallowed
:stop_environment
}
end
end
end
end
end
...
@@ -126,7 +144,13 @@ describe EnvironmentPolicy do
...
@@ -126,7 +144,13 @@ describe EnvironmentPolicy do
environment
.
stop!
environment
.
stop!
end
end
it
{
expect
(
policy
).
to
be_allowed
:destroy_environment
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect
(
policy
).
to
be_allowed
:destroy_environment
}
end
context
'when admin mode is disabled'
do
it
{
expect
(
policy
).
to
be_disallowed
:destroy_environment
}
end
end
end
end
end
end
end
...
...
spec/policies/global_policy_spec.rb
View file @
fa73571b
...
@@ -118,8 +118,15 @@ describe GlobalPolicy do
...
@@ -118,8 +118,15 @@ describe GlobalPolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
{
is_expected
.
to
be_allowed
(
:read_custom_attribute
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:update_custom_attribute
)
}
it
{
is_expected
.
to
be_allowed
(
:read_custom_attribute
)
}
it
{
is_expected
.
to
be_allowed
(
:update_custom_attribute
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_custom_attribute
)
}
it
{
is_expected
.
to
be_disallowed
(
:update_custom_attribute
)
}
end
end
end
end
end
...
@@ -368,7 +375,13 @@ describe GlobalPolicy do
...
@@ -368,7 +375,13 @@ describe GlobalPolicy do
stub_application_setting
(
instance_statistics_visibility_private:
true
)
stub_application_setting
(
instance_statistics_visibility_private:
true
)
end
end
it
{
is_expected
.
to
be_allowed
(
:read_instance_statistics
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:read_instance_statistics
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_instance_statistics
)
}
end
end
end
end
end
...
...
spec/policies/group_policy_spec.rb
View file @
fa73571b
...
@@ -644,7 +644,13 @@ describe GroupPolicy do
...
@@ -644,7 +644,13 @@ describe GroupPolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
expect_allowed
(
:update_max_artifacts_size
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect_allowed
(
:update_max_artifacts_size
)
}
end
context
'when admin mode is enabled'
do
it
{
expect_disallowed
(
:update_max_artifacts_size
)
}
end
end
end
%w(guest reporter developer maintainer owner)
.
each
do
|
role
|
%w(guest reporter developer maintainer owner)
.
each
do
|
role
|
...
...
spec/policies/issue_policy_spec.rb
View file @
fa73571b
...
@@ -206,11 +206,25 @@ describe IssuePolicy do
...
@@ -206,11 +206,25 @@ describe IssuePolicy do
it
'allows guests to comment'
do
it
'allows guests to comment'
do
expect
(
permissions
(
guest
,
issue
)).
to
be_allowed
(
:create_note
)
expect
(
permissions
(
guest
,
issue
)).
to
be_allowed
(
:create_note
)
end
end
it
'allows admins to view'
do
expect
(
permissions
(
admin
,
issue
)).
to
be_allowed
(
:read_issue
)
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'allows admins to view'
do
expect
(
permissions
(
admin
,
issue
)).
to
be_allowed
(
:read_issue
)
end
it
'allows admins to comment'
do
expect
(
permissions
(
admin
,
issue
)).
to
be_allowed
(
:create_note
)
end
end
end
it
'allows admins to comment'
do
expect
(
permissions
(
admin
,
issue
)).
to
be_allowed
(
:create_note
)
context
'when admin mode is disabled'
do
it
'forbids admins to view'
do
expect
(
permissions
(
admin
,
issue
)).
to
be_disallowed
(
:read_issue
)
end
it
'forbids admins to comment'
do
expect
(
permissions
(
admin
,
issue
)).
to
be_disallowed
(
:create_note
)
end
end
end
end
end
...
...
spec/policies/namespace_policy_spec.rb
View file @
fa73571b
...
@@ -40,6 +40,12 @@ describe NamespacePolicy do
...
@@ -40,6 +40,12 @@ describe NamespacePolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
*
owner_permissions
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
*
owner_permissions
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
*
owner_permissions
)
}
end
end
end
end
end
spec/policies/note_policy_spec.rb
View file @
fa73571b
...
@@ -295,8 +295,16 @@ describe NotePolicy do
...
@@ -295,8 +295,16 @@ describe NotePolicy do
expect
(
permissions
(
maintainer
,
confidential_note
)).
to
be_allowed
(
:read_note
,
:admin_note
,
:resolve_note
,
:award_emoji
)
expect
(
permissions
(
maintainer
,
confidential_note
)).
to
be_allowed
(
:read_note
,
:admin_note
,
:resolve_note
,
:award_emoji
)
end
end
it
'allows admins to read all notes and admin them'
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
expect
(
permissions
(
admin
,
confidential_note
)).
to
be_allowed
(
:read_note
,
:admin_note
,
:resolve_note
,
:award_emoji
)
it
'allows admins to read all notes and admin them'
do
expect
(
permissions
(
admin
,
confidential_note
)).
to
be_allowed
(
:read_note
,
:admin_note
,
:resolve_note
,
:award_emoji
)
end
end
context
'when admin mode is disabled'
do
it
'does not allow non members to read confidential notes and replies'
do
expect
(
permissions
(
admin
,
confidential_note
)).
to
be_disallowed
(
:read_note
,
:admin_note
,
:resolve_note
,
:award_emoji
)
end
end
end
it
'allows noteable author to read and resolve all notes'
do
it
'allows noteable author to read and resolve all notes'
do
...
...
spec/policies/personal_snippet_policy_spec.rb
View file @
fa73571b
...
@@ -19,8 +19,8 @@ describe PersonalSnippetPolicy do
...
@@ -19,8 +19,8 @@ describe PersonalSnippetPolicy do
described_class
.
new
(
user
,
snippet
)
described_class
.
new
(
user
,
snippet
)
end
end
shared_examples
'admin access'
do
shared_examples
'admin access
with admin mode
'
do
context
'admin user'
do
context
'admin user'
,
:enable_admin_mode
do
subject
{
permissions
(
admin_user
)
}
subject
{
permissions
(
admin_user
)
}
it
do
it
do
...
@@ -68,7 +68,7 @@ describe PersonalSnippetPolicy do
...
@@ -68,7 +68,7 @@ describe PersonalSnippetPolicy do
end
end
end
end
it_behaves_like
'admin access'
it_behaves_like
'admin access
with admin mode
'
end
end
context
'internal snippet'
do
context
'internal snippet'
do
...
@@ -118,7 +118,7 @@ describe PersonalSnippetPolicy do
...
@@ -118,7 +118,7 @@ describe PersonalSnippetPolicy do
end
end
end
end
it_behaves_like
'admin access'
it_behaves_like
'admin access
with admin mode
'
end
end
context
'private snippet'
do
context
'private snippet'
do
...
@@ -168,6 +168,6 @@ describe PersonalSnippetPolicy do
...
@@ -168,6 +168,6 @@ describe PersonalSnippetPolicy do
end
end
end
end
it_behaves_like
'admin access'
it_behaves_like
'admin access
with admin mode
'
end
end
end
end
spec/policies/project_policy_spec.rb
View file @
fa73571b
...
@@ -275,7 +275,8 @@ describe ProjectPolicy do
...
@@ -275,7 +275,8 @@ describe ProjectPolicy do
it_behaves_like
'project policies as developer'
it_behaves_like
'project policies as developer'
it_behaves_like
'project policies as maintainer'
it_behaves_like
'project policies as maintainer'
it_behaves_like
'project policies as owner'
it_behaves_like
'project policies as owner'
it_behaves_like
'project policies as admin'
it_behaves_like
'project policies as admin with admin mode'
it_behaves_like
'project policies as admin without admin mode'
context
'when a public project has merge requests allowing access'
do
context
'when a public project has merge requests allowing access'
do
include
ProjectForksHelper
include
ProjectForksHelper
...
@@ -306,7 +307,7 @@ describe ProjectPolicy do
...
@@ -306,7 +307,7 @@ describe ProjectPolicy do
expect_allowed
(
*
maintainer_abilities
)
expect_allowed
(
*
maintainer_abilities
)
end
end
it
'dis
s
allows abilities to a maintainer if the merge request was closed'
do
it
'disallows abilities to a maintainer if the merge request was closed'
do
target_project
.
add_developer
(
user
)
target_project
.
add_developer
(
user
)
merge_request
.
close!
merge_request
.
close!
...
@@ -350,10 +351,24 @@ describe ProjectPolicy do
...
@@ -350,10 +351,24 @@ describe ProjectPolicy do
expect
(
described_class
.
new
(
developer
,
project
)).
to
be_allowed
(
:read_project
)
expect
(
described_class
.
new
(
developer
,
project
)).
to
be_allowed
(
:read_project
)
end
end
it
'does not check the external service for admins and allows access'
do
context
'with an admin'
do
expect
(
::
Gitlab
::
ExternalAuthorization
).
not_to
receive
(
:access_allowed?
)
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
'does not check the external service and allows access'
do
expect
(
::
Gitlab
::
ExternalAuthorization
).
not_to
receive
(
:access_allowed?
)
expect
(
described_class
.
new
(
admin
,
project
)).
to
be_allowed
(
:read_project
)
expect
(
described_class
.
new
(
admin
,
project
)).
to
be_allowed
(
:read_project
)
end
end
context
'when admin mode is disabled'
do
it
'checks the external service and allows access'
do
external_service_allow_access
(
admin
,
project
)
expect
(
::
Gitlab
::
ExternalAuthorization
).
to
receive
(
:access_allowed?
)
expect
(
described_class
.
new
(
admin
,
project
)).
to
be_allowed
(
:read_project
)
end
end
end
end
it
'prevents all but seeing a public project in a list when access is denied'
do
it
'prevents all but seeing a public project in a list when access is denied'
do
...
@@ -416,7 +431,13 @@ describe ProjectPolicy do
...
@@ -416,7 +431,13 @@ describe ProjectPolicy do
context
'admin'
do
context
'admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
expect_allowed
(
:update_max_artifacts_size
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
expect_allowed
(
:update_max_artifacts_size
)
}
end
context
'when admin mode is disabled'
do
it
{
expect_disallowed
(
:update_max_artifacts_size
)
}
end
end
end
%w(guest reporter developer maintainer owner)
.
each
do
|
role
|
%w(guest reporter developer maintainer owner)
.
each
do
|
role
|
...
@@ -448,7 +469,13 @@ describe ProjectPolicy do
...
@@ -448,7 +469,13 @@ describe ProjectPolicy do
context
'with admin'
do
context
'with admin'
do
let
(
:current_user
)
{
admin
}
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_allowed
(
:read_prometheus_alerts
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
:read_prometheus_alerts
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
:read_prometheus_alerts
)
}
end
end
end
context
'with owner'
do
context
'with owner'
do
...
...
spec/policies/project_snippet_policy_spec.rb
View file @
fa73571b
...
@@ -235,9 +235,18 @@ describe ProjectSnippetPolicy do
...
@@ -235,9 +235,18 @@ describe ProjectSnippetPolicy do
let
(
:snippet_visibility
)
{
:private
}
let
(
:snippet_visibility
)
{
:private
}
let
(
:current_user
)
{
create
(
:admin
)
}
let
(
:current_user
)
{
create
(
:admin
)
}
it
do
context
'when admin mode is enabled'
,
:enable_admin_mode
do
expect_allowed
(
:read_snippet
,
:create_note
)
it
do
expect_allowed
(
*
author_permissions
)
expect_allowed
(
:read_snippet
,
:create_note
)
expect_allowed
(
*
author_permissions
)
end
end
context
'when admin mode is disabled'
do
it
do
expect_disallowed
(
:read_snippet
,
:create_note
)
expect_disallowed
(
*
author_permissions
)
end
end
end
end
end
end
end
...
...
spec/policies/user_policy_spec.rb
View file @
fa73571b
...
@@ -26,7 +26,13 @@ describe UserPolicy do
...
@@ -26,7 +26,13 @@ describe UserPolicy do
context
"when an admin user tries to destroy a regular user"
do
context
"when an admin user tries to destroy a regular user"
do
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
let
(
:current_user
)
{
create
(
:user
,
:admin
)
}
it
{
is_expected
.
to
be_allowed
(
ability
)
}
context
'when admin mode is enabled'
,
:enable_admin_mode
do
it
{
is_expected
.
to
be_allowed
(
ability
)
}
end
context
'when admin mode is disabled'
do
it
{
is_expected
.
to
be_disallowed
(
ability
)
}
end
end
end
context
"when an admin user tries to destroy a ghost user"
do
context
"when an admin user tries to destroy a ghost user"
do
...
...
spec/policies/wiki_page_policy_spec.rb
View file @
fa73571b
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
require
'spec_helper'
require
'spec_helper'
describe
WikiPagePolicy
do
describe
WikiPagePolicy
,
:enable_admin_mode
do
include_context
'ProjectPolicyTable context'
include_context
'ProjectPolicyTable context'
include
ProjectHelpers
include
ProjectHelpers
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
...
...
spec/spec_helper.rb
View file @
fa73571b
...
@@ -229,26 +229,25 @@ RSpec.configure do |config|
...
@@ -229,26 +229,25 @@ RSpec.configure do |config|
./ee/spec/features
./ee/spec/features
./ee/spec/finders
./ee/spec/finders
./ee/spec/lib
./ee/spec/lib
./ee/spec/models
./ee/spec/policies
./ee/spec/requests/admin
./ee/spec/requests/admin
./ee/spec/serializers
./ee/spec/serializers
./ee/spec/services
./ee/spec/services
./ee/spec/support/protected_tags
./ee/spec/support/protected_tags
./ee/spec/support/shared_examples
./ee/spec/support/shared_examples/features
./ee/spec/support/shared_examples/finders/geo
./ee/spec/support/shared_examples/graphql/geo
./ee/spec/support/shared_examples/services
./spec/features
./spec/features
./spec/finders
./spec/finders
./spec/frontend
./spec/frontend
./spec/helpers
./spec/helpers
./spec/lib
./spec/lib
./spec/models
./spec/policies
./spec/requests
./spec/requests
./spec/serializers
./spec/serializers
./spec/services
./spec/services
./spec/support/cycle_analytics_helpers
./spec/support/protected_tags
./spec/support/protected_tags
./spec/support/shared_examples
./spec/support/shared_examples/features
./spec/support/shared_examples/requests
./spec/views
./spec/views
./spec/workers
./spec/workers
)
)
...
...
spec/support/cycle_analytics_helpers/test_generation.rb
View file @
fa73571b
...
@@ -29,6 +29,10 @@ module CycleAnalyticsHelpers
...
@@ -29,6 +29,10 @@ module CycleAnalyticsHelpers
scenarios
.
each
do
|
start_time_conditions
,
end_time_conditions
|
scenarios
.
each
do
|
start_time_conditions
,
end_time_conditions
|
let_it_be
(
:other_project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:other_project
)
{
create
(
:project
,
:repository
)
}
before
do
other_project
.
add_developer
(
self
.
user
)
end
context
"start condition:
#{
start_time_conditions
.
map
(
&
:first
).
to_sentence
}
"
do
context
"start condition:
#{
start_time_conditions
.
map
(
&
:first
).
to_sentence
}
"
do
context
"end condition:
#{
end_time_conditions
.
map
(
&
:first
).
to_sentence
}
"
do
context
"end condition:
#{
end_time_conditions
.
map
(
&
:first
).
to_sentence
}
"
do
it
"finds the median of available durations between the two conditions"
,
:sidekiq_might_not_need_inline
do
it
"finds the median of available durations between the two conditions"
,
:sidekiq_might_not_need_inline
do
...
...
spec/support/helpers/admin_mode_helpers.rb
View file @
fa73571b
...
@@ -7,6 +7,9 @@ module AdminModeHelper
...
@@ -7,6 +7,9 @@ module AdminModeHelper
# mode for accessing any administrative functionality. This helper lets a user
# mode for accessing any administrative functionality. This helper lets a user
# be in admin mode without requiring a second authentication step (provided
# be in admin mode without requiring a second authentication step (provided
# the user is an admin)
# the user is an admin)
#
# See also tag :enable_admin_mode in spec/spec_helper.rb for a spec-wide
# alternative
def
enable_admin_mode!
(
user
)
def
enable_admin_mode!
(
user
)
fake_user_mode
=
instance_double
(
Gitlab
::
Auth
::
CurrentUserMode
)
fake_user_mode
=
instance_double
(
Gitlab
::
Auth
::
CurrentUserMode
)
...
...
spec/support/helpers/login_helpers.rb
View file @
fa73571b
...
@@ -50,9 +50,7 @@ module LoginHelpers
...
@@ -50,9 +50,7 @@ module LoginHelpers
def
gitlab_enable_admin_mode_sign_in
(
user
)
def
gitlab_enable_admin_mode_sign_in
(
user
)
visit
new_admin_session_path
visit
new_admin_session_path
fill_in
'user_password'
,
with:
user
.
password
fill_in
'user_password'
,
with:
user
.
password
click_button
'Enter Admin Mode'
click_button
'Enter Admin Mode'
end
end
...
...
spec/support/shared_examples/controllers/instance_statistics_controllers_shared_examples.rb
View file @
fa73571b
...
@@ -27,12 +27,24 @@ RSpec.shared_examples 'instance statistics availability' do
...
@@ -27,12 +27,24 @@ RSpec.shared_examples 'instance statistics availability' do
context
'for admins'
do
context
'for admins'
do
let
(
:user
)
{
create
(
:admin
)
}
let
(
:user
)
{
create
(
:admin
)
}
it
'allows access when the feature is not available publicly'
do
context
'when admin mode disabled'
do
stub_application_setting
(
instance_statistics_visibility_private:
true
)
it
'forbids access when the feature is not available publicly'
do
stub_application_setting
(
instance_statistics_visibility_private:
true
)
get
:index
get
:index
expect
(
response
).
to
have_gitlab_http_status
(
:success
)
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
context
'when admin mode enabled'
,
:enable_admin_mode
do
it
'allows access when the feature is not available publicly'
do
stub_application_setting
(
instance_statistics_visibility_private:
true
)
get
:index
expect
(
response
).
to
have_gitlab_http_status
(
:success
)
end
end
end
end
end
end
end
...
...
spec/support/shared_examples/policies/project_policy_shared_examples.rb
View file @
fa73571b
...
@@ -212,8 +212,8 @@ RSpec.shared_examples 'project policies as owner' do
...
@@ -212,8 +212,8 @@ RSpec.shared_examples 'project policies as owner' do
end
end
end
end
RSpec
.
shared_examples
'project policies as admin'
do
RSpec
.
shared_examples
'project policies as admin
with admin mode
'
do
context
'abilities for non-public projects'
do
context
'abilities for non-public projects'
,
:enable_admin_mode
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
admin
,
project
)
}
subject
{
described_class
.
new
(
admin
,
project
)
}
...
@@ -232,3 +232,13 @@ RSpec.shared_examples 'project policies as admin' do
...
@@ -232,3 +232,13 @@ RSpec.shared_examples 'project policies as admin' do
end
end
end
end
end
end
RSpec
.
shared_examples
'project policies as admin without admin mode'
do
context
'abilities for non-public projects'
do
let
(
:project
)
{
create
(
:project
,
namespace:
owner
.
namespace
)
}
subject
{
described_class
.
new
(
admin
,
project
)
}
it
{
is_expected
.
to
be_banned
}
end
end
spec/support/shared_examples/policies/wiki_policies_shared_examples.rb
View file @
fa73571b
...
@@ -2,6 +2,7 @@
...
@@ -2,6 +2,7 @@
RSpec
.
shared_examples
'model with wiki policies'
do
RSpec
.
shared_examples
'model with wiki policies'
do
include
ProjectHelpers
include
ProjectHelpers
include
AdminModeHelper
let
(
:container
)
{
raise
NotImplementedError
}
let
(
:container
)
{
raise
NotImplementedError
}
let
(
:user
)
{
raise
NotImplementedError
}
let
(
:user
)
{
raise
NotImplementedError
}
...
@@ -94,6 +95,7 @@ RSpec.shared_examples 'model with wiki policies' do
...
@@ -94,6 +95,7 @@ RSpec.shared_examples 'model with wiki policies' do
before
do
before
do
container
.
visibility
=
container_level
.
to_s
container
.
visibility
=
container_level
.
to_s
set_access_level
(
ProjectFeature
.
access_level_from_str
(
access_level
.
to_s
))
set_access_level
(
ProjectFeature
.
access_level_from_str
(
access_level
.
to_s
))
enable_admin_mode!
(
user
)
if
user
&
.
admin?
if
allowed_permissions
.
any?
&&
[
container_level
,
access_level
,
membership
]
!=
[
:private
,
:private
,
:guest
]
if
allowed_permissions
.
any?
&&
[
container_level
,
access_level
,
membership
]
!=
[
:private
,
:private
,
:guest
]
allowed_permissions
<<
:download_wiki_code
allowed_permissions
<<
:download_wiki_code
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment