diff options
| author | Luke "Jared" Bennett <lbennett@gitlab.com> | 2016-11-26 10:46:48 +0000 |
|---|---|---|
| committer | Luke "Jared" Bennett <lbennett@gitlab.com> | 2016-11-26 11:16:16 +0000 |
| commit | d3fa049749a634f313777336a3aa35e6ebbe8078 (patch) | |
| tree | a354e884e1cc853c5eead893587dad1d375281e8 | |
| parent | fc0350118385df28e435488cbf4be35e5cfbe70b (diff) | |
| download | gitlab-ce-19737-frontend-for-allow-global-read-only-user-like-admin.tar.gz | |
Added audit user for frontend groundwork that mimics an external user19737-frontend-for-allow-global-read-only-user-like-admin
Updated specs and added todos for backend checks
35 files changed, 344 insertions, 16 deletions
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index b81842e319b..f2514d51947 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -92,6 +92,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :admin_notification_email, :user_oauth_applications, :user_default_external, + :user_default_audit, :shared_runners_enabled, :shared_runners_text, :max_artifacts_size, diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index bb912ed10cc..5bd55b9d506 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -169,7 +169,7 @@ class Admin::UsersController < Admin::ApplicationController :email, :remember_me, :bio, :name, :username, :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password, :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password, - :projects_limit, :can_create_group, :admin, :key_id, :external + :projects_limit, :can_create_group, :admin, :key_id, :external, :audit ) end diff --git a/app/models/ability.rb b/app/models/ability.rb index fa8f8bc3a5f..29ae8f25502 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -11,6 +11,9 @@ class Ability true elsif project.internal? && !user.external? true + # TODO: Backend check + elsif user.audit? + true elsif project.owner == user true elsif project.team.members.include?(user) diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index bf463a3b6bb..da30158b31b 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -190,6 +190,7 @@ class ApplicationSetting < ActiveRecord::Base container_registry_token_expire_delay: 5, repository_storages: ['default'], user_default_external: false, + user_default_audit: false, sidekiq_throttling_enabled: false, housekeeping_enabled: true, housekeeping_bitmaps_enabled: true, diff --git a/app/models/issue.rb b/app/models/issue.rb index dd0cb75f9a8..b8caee39ec2 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -295,8 +295,10 @@ class Issue < ActiveRecord::Base assignee == user || project.team.member?(user, Gitlab::Access::REPORTER) else + # TODO: Backend check project.public? || project.internal? && !user.external? || + user.audit? || project.team.member?(user) end end diff --git a/app/models/user.rb b/app/models/user.rb index 513a19d81d2..6c6ccfa5a61 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -17,6 +17,7 @@ class User < ActiveRecord::Base default_value_for :admin, false default_value_for(:external) { current_application_settings.user_default_external } + default_value_for(:audit) { current_application_settings.user_default_audit } default_value_for :can_create_group, gitlab_config.default_can_create_group default_value_for :can_create_team, false default_value_for :hide_no_ssh_key, false @@ -124,7 +125,7 @@ class User < ActiveRecord::Base after_update :update_emails_with_primary_email, if: ->(user) { user.email_changed? } before_save :ensure_authentication_token, :ensure_incoming_email_token - before_save :ensure_external_user_rights + before_save :ensure_external_user_rights, :ensure_audit_user_rights after_save :ensure_namespace_correct after_initialize :set_projects_limit before_create :check_confirmation_email @@ -174,6 +175,7 @@ class User < ActiveRecord::Base scope :admins, -> { where(admin: true) } scope :blocked, -> { with_states(:blocked, :ldap_blocked) } scope :external, -> { where(external: true) } + scope :audit, -> { where(audit: true) } scope :active, -> { with_state(:active) } scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all } scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members WHERE user_id IS NOT NULL AND requested_at IS NULL)') } @@ -240,6 +242,8 @@ class User < ActiveRecord::Base without_projects when 'external' external + when 'audit' + audit else active end @@ -960,6 +964,14 @@ class User < ActiveRecord::Base self.projects_limit = 0 end + # TODO: Update with audit-specific logic + def ensure_audit_user_rights + return unless audit? + + self.can_create_group = false + self.projects_limit = 0 + end + def signup_domain_valid? valid = true error = nil diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index b65fb68cd88..b7f71f74f26 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -2,8 +2,8 @@ class GroupPolicy < BasePolicy def rules can! :read_group if @subject.public? return unless @user - - globally_viewable = @subject.public? || (@subject.internal? && !@user.external?) + # TODO: Backend check + globally_viewable = @subject.public? || (@subject.internal? && !@user.external?) || @user.audit? member = @subject.users.include?(@user) owner = @user.admin? || @subject.has_owner?(@user) master = owner || @subject.has_master?(@user) @@ -39,6 +39,7 @@ class GroupPolicy < BasePolicy return true if @subject.public? return true if @user.admin? return true if @subject.internal? && !@user.external? + return true if @user.audit? return true if @subject.users.include?(@user) GroupProjectsFinder.new(@subject).execute(@user).any? diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb index 46c5aa1a5be..be8e8b3b3fa 100644 --- a/app/policies/personal_snippet_policy.rb +++ b/app/policies/personal_snippet_policy.rb @@ -8,8 +8,8 @@ class PersonalSnippetPolicy < BasePolicy can! :update_personal_snippet can! :admin_personal_snippet end - - if @subject.internal? && !@user.external? + # TODO: Backend check + if @subject.internal? && !@user.external? || @user.audit? can! :read_personal_snippet end end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 1ee31023e26..d801ff5e83c 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -7,8 +7,8 @@ class ProjectPolicy < BasePolicy owner_access! if user.admin? || owner team_member_owner_access! if owner - - if project.public? || (project.internal? && !user.external?) + # TODO: Backend check + if project.public? || (project.internal? && !user.external?) || user.audit? guest_access! public_access! diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb index 57acccfafd9..3a95d990d0d 100644 --- a/app/policies/project_snippet_policy.rb +++ b/app/policies/project_snippet_policy.rb @@ -8,8 +8,8 @@ class ProjectSnippetPolicy < BasePolicy can! :update_project_snippet can! :admin_project_snippet end - - if @subject.internal? && !@user.external? + # TODO: Backend check + if @subject.internal? && !@user.external? || @user.audit? can! :read_project_snippet end diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index ce803f329f9..40c301a57c1 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -82,6 +82,13 @@ = f.label :user_default_external do = f.check_box :user_default_external Newly registered users will by default be external + .form-group + = f.label :user_default_audit, 'New users set to audit', class: 'control-label col-sm-2' + .col-sm-10 + .checkbox + = f.label :user_default_audit do + = f.check_box :user_default_audit + Newly registered users will by default be audit users %fieldset %legend Sign-up Restrictions diff --git a/app/views/admin/users/_form.html.haml b/app/views/admin/users/_form.html.haml index 3145212728f..ab7ebe59819 100644 --- a/app/views/admin/users/_form.html.haml +++ b/app/views/admin/users/_form.html.haml @@ -59,6 +59,11 @@ .col-sm-10= f.check_box :admin .form-group + = f.label :audit, class: 'control-label' + .col-sm-10= f.check_box :audit + -# .col-sm-10 TODO: Add description on audit user + + .form-group = f.label :external, class: 'control-label' .col-sm-10= f.check_box :external .col-sm-10 External users cannot see internal or private projects unless access is explicitly granted. Also, external users cannot create projects or groups. diff --git a/app/views/admin/users/_user.html.haml b/app/views/admin/users/_user.html.haml index 4bf1c9cde3c..e7e478e1d77 100644 --- a/app/views/admin/users/_user.html.haml +++ b/app/views/admin/users/_user.html.haml @@ -10,6 +10,8 @@ %span.label.label-success Admin - if user.external? %span.label.label-default External + - if user.audit? + %span.label.label-default Audit - if user == current_user %span It's you! .user-email diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml index d3038ae644f..ace318d980b 100644 --- a/app/views/admin/users/index.html.haml +++ b/app/views/admin/users/index.html.haml @@ -58,6 +58,11 @@ = link_to admin_users_path(filter: 'external') do External %small.badge= number_with_delimiter(User.external.count) + = nav_link(html_options: { class: ('active' if params[:filter] == 'audit') }) do + = link_to admin_users_path(filter: "audit") do + Audit + -# TODO: User.audit.count + %small.badge= number_with_delimiter(User.audit.count) = nav_link(html_options: { class: ('active' if params[:filter] == 'blocked') }) do = link_to admin_users_path(filter: "blocked") do Blocked diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml index 76c9ed0ee8b..6b8cca04def 100644 --- a/app/views/admin/users/show.html.haml +++ b/app/views/admin/users/show.html.haml @@ -52,6 +52,10 @@ %strong = @user.external? ? "Yes" : "No" %li + %span.light Audit User: + %strong + = @user.audit? ? "Yes" : "No" + %li %span.light Can create groups: %strong = @user.can_create_group ? "Yes" : "No" diff --git a/db/schema.rb b/db/schema.rb index b3c49b52597..f07fb593156 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -88,6 +88,7 @@ ActiveRecord::Schema.define(version: 20161118183841) do t.integer "container_registry_token_expire_delay", default: 5 t.text "after_sign_up_text" t.boolean "user_default_external", default: false, null: false + t.boolean "user_default_audit", default: false, null: false t.string "repository_storages", default: "default" t.string "enabled_git_access_protocol" t.boolean "domain_blacklist_enabled", default: false @@ -1213,6 +1214,7 @@ ActiveRecord::Schema.define(version: 20161118183841) do t.datetime "otp_grace_period_started_at" t.boolean "ldap_email", default: false, null: false t.boolean "external", default: false + t.boolean "audit", default: false t.string "organization" t.string "incoming_email_token" t.boolean "authorized_projects_populated" diff --git a/doc/README.md b/doc/README.md index 66c8c26e4f0..5b4b9be353f 100644 --- a/doc/README.md +++ b/doc/README.md @@ -12,7 +12,7 @@ - [Importing and exporting projects between instances](user/project/settings/import_export.md). - [Markdown](user/markdown.md) GitLab's advanced formatting system. - [Migrating from SVN](workflow/importing/migrating_from_svn.md) Convert a SVN repository to Git and GitLab. -- [Permissions](user/permissions.md) Learn what each role in a project (external/guest/reporter/developer/master/owner) can do. +- [Permissions](user/permissions.md) Learn what each role in a project (external/guest/reporter/developer/master/owner/audit) can do. - [Profile Settings](profile/README.md) - [Project Services](project_services/project_services.md) Integrate a project with external services, such as CI and chat. - [Public access](public_access/public_access.md) Learn how you can allow public and internal access to projects. diff --git a/doc/api/users.md b/doc/api/users.md index b38c335490a..217871ca9af 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -84,7 +84,8 @@ GET /users "can_create_group": true, "can_create_project": true, "two_factor_enabled": true, - "external": false + "external": false, + "audit": false }, { "id": 2, @@ -113,7 +114,8 @@ GET /users "can_create_group": true, "can_create_project": true, "two_factor_enabled": true, - "external": false + "external": false, + "audit": false } ] ``` @@ -242,6 +244,7 @@ Parameters: - `can_create_group` (optional) - User can create groups - true or false - `confirm` (optional) - Require confirmation - true (default) or false - `external` (optional) - Flags the user as external - true or false(default) +- `audit` (optional) - Flags the user as audit - true or false(default) ## User modification @@ -270,6 +273,7 @@ Parameters: - `admin` (optional) - User is admin - true or false (default) - `can_create_group` (optional) - User can create groups - true or false - `external` (optional) - Flags the user as external - true or false(default) +- `audit` (optional) - Flags the user as audit - true or false(default) Note, at the moment this method does only return a 404 error, even in cases where a 409 (Conflict) would be more appropriate, @@ -331,7 +335,8 @@ GET /user "can_create_group": true, "can_create_project": true, "two_factor_enabled": true, - "external": false + "external": false, + "audit": false } ``` diff --git a/doc/user/permissions.md b/doc/user/permissions.md index cea78864df2..ccc81bfdee9 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -106,6 +106,18 @@ will find the option to flag the user as external. By default new users are not set as external users. This behavior can be changed by an administrator under **Admin > Application Settings**. +## Audit Users + +<!-- TODO: Add description of audit users --> + +An administrator can flag a user as audit [through the API](../api/users.md) +or by checking the checkbox on the admin panel. As an administrator, navigate +to **Admin > Users** to create a new user or edit an existing one. There, you +will find the option to flag the user as audit. + +By default new users are not set as audit users. This behavior can be changed +by an administrator under **Admin > Application Settings**. + ## Project features Project features like wiki and issues can be hidden from users depending on diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 7a724487e02..5db3a5dc367 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -32,6 +32,7 @@ module API expose :can_create_project?, as: :can_create_project expose :two_factor_enabled?, as: :two_factor_enabled expose :external + expose :audit end class UserLogin < UserFull diff --git a/lib/api/users.rb b/lib/api/users.rb index a73650dc361..d27b277ac49 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -20,6 +20,7 @@ module API optional :can_create_group, type: Boolean, desc: 'Flag indicating the user can create groups' optional :confirm, type: Boolean, desc: 'Flag indicating the account needs to be confirmed' optional :external, type: Boolean, desc: 'Flag indicating the user is an external user' + optional :audit, type: Boolean, desc: 'Flag indicating the user is an audit user' all_or_none_of :extern_uid, :provider end end @@ -32,6 +33,7 @@ module API optional :search, type: String, desc: 'Search for a username' optional :active, type: Boolean, default: false, desc: 'Filters only active users' optional :external, type: Boolean, default: false, desc: 'Filters only external users' + optional :audit, type: Boolean, default: false, desc: 'Filters only audit users' optional :blocked, type: Boolean, default: false, desc: 'Filters only blocked users' end get do @@ -47,6 +49,7 @@ module API users = users.search(params[:search]) if params[:search].present? users = users.blocked if params[:blocked] users = users.external if params[:external] && current_user.is_admin? + users = users.audit if params[:audit] && current_user.is_admin? end entity = current_user.is_admin? ? Entities::UserFull : Entities::UserBasic @@ -124,7 +127,7 @@ module API at_least_one_of :email, :password, :name, :username, :skype, :linkedin, :twitter, :website_url, :organization, :projects_limit, :extern_uid, :provider, :bio, :location, :admin, - :can_create_group, :confirm, :external + :can_create_group, :confirm, :external, :audit end put ":id" do authenticated_as_admin! diff --git a/lib/gitlab/current_settings.rb b/lib/gitlab/current_settings.rb index c6bb8f9c8ed..4a6efb0c027 100644 --- a/lib/gitlab/current_settings.rb +++ b/lib/gitlab/current_settings.rb @@ -54,6 +54,7 @@ module Gitlab repository_checks_enabled: true, container_registry_token_expire_delay: 5, user_default_external: false, + user_default_audit: false, sidekiq_throttling_enabled: false, ) end diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb index f253dc7477e..515c6299986 100644 --- a/lib/gitlab/saml/user.rb +++ b/lib/gitlab/saml/user.rb @@ -35,6 +35,8 @@ module Gitlab end end + # TODO: Backend check + @user end diff --git a/spec/features/security/group/internal_access_spec.rb b/spec/features/security/group/internal_access_spec.rb index 35fcef7a712..a5112fd60f3 100644 --- a/spec/features/security/group/internal_access_spec.rb +++ b/spec/features/security/group/internal_access_spec.rb @@ -43,6 +43,8 @@ describe 'Internal Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -58,6 +60,8 @@ describe 'Internal Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -73,6 +77,8 @@ describe 'Internal Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -87,6 +93,8 @@ describe 'Internal Group access', feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } end @@ -103,6 +111,8 @@ describe 'Internal Group access', feature: true do it { is_expected.to be_denied_for project_guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :visitor } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :external } end end diff --git a/spec/features/security/group/private_access_spec.rb b/spec/features/security/group/private_access_spec.rb index 75a93342628..d857521c288 100644 --- a/spec/features/security/group/private_access_spec.rb +++ b/spec/features/security/group/private_access_spec.rb @@ -43,6 +43,8 @@ describe 'Private Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -58,6 +60,8 @@ describe 'Private Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -73,6 +77,8 @@ describe 'Private Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -88,6 +94,8 @@ describe 'Private Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -104,5 +112,7 @@ describe 'Private Group access', feature: true do it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } end end diff --git a/spec/features/security/group/public_access_spec.rb b/spec/features/security/group/public_access_spec.rb index 6c5ee93970b..90aafb63750 100644 --- a/spec/features/security/group/public_access_spec.rb +++ b/spec/features/security/group/public_access_spec.rb @@ -20,7 +20,7 @@ describe 'Public Group access', feature: true do group.add_developer(developer) group.add_reporter(reporter) group.add_guest(guest) - + project.team << [project_guest, :guest] end @@ -43,6 +43,8 @@ describe 'Public Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -58,6 +60,8 @@ describe 'Public Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -73,6 +77,8 @@ describe 'Public Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -88,6 +94,8 @@ describe 'Public Group access', feature: true do it { is_expected.to be_allowed_for project_guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -104,5 +112,7 @@ describe 'Public Group access', feature: true do it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } end end diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index b6acc509342..acf1778ad40 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -36,6 +36,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -50,6 +52,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -64,6 +68,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -78,6 +84,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -92,6 +100,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -107,6 +117,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } end describe "GET /:project_path/blob" do @@ -121,6 +133,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -135,6 +149,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -149,6 +165,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -163,6 +181,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -178,6 +198,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -192,6 +214,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -206,6 +230,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -220,6 +246,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -234,6 +262,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -253,6 +283,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -272,6 +304,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -286,6 +320,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -300,6 +336,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -315,6 +353,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -332,6 +372,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -346,6 +388,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end @@ -366,6 +410,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -380,6 +426,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end @@ -395,6 +443,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -410,6 +460,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -424,6 +476,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -443,6 +497,8 @@ describe "Internal Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index 79417c769a8..53f5dcc0076 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -36,6 +36,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -50,6 +52,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -64,6 +68,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -78,6 +84,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -92,6 +100,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -106,6 +116,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -121,6 +133,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -135,6 +149,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -149,6 +165,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -163,6 +181,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -178,6 +198,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -192,6 +214,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -206,6 +230,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -225,6 +251,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -244,6 +272,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -258,6 +288,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -272,6 +304,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -287,6 +321,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -301,6 +337,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -317,6 +355,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -331,6 +371,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -346,6 +388,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -360,6 +404,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -379,6 +425,8 @@ describe "Private Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index 985663e7c98..55c9100eede 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -36,6 +36,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -50,6 +52,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -64,6 +68,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -78,6 +84,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -92,6 +100,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -107,6 +117,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } end describe "GET /:project_path/pipelines" do @@ -120,6 +132,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -135,6 +149,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -152,6 +168,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -166,6 +184,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end @@ -186,6 +206,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -200,6 +222,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end @@ -215,6 +239,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -230,6 +256,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -244,6 +272,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -273,6 +303,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -287,6 +319,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -301,6 +335,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -316,6 +352,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -330,6 +368,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -344,6 +384,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -358,6 +400,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -372,6 +416,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -391,6 +437,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -410,6 +458,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -424,6 +474,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -443,6 +495,8 @@ describe "Public Project Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end end diff --git a/spec/features/security/project/snippet/internal_access_spec.rb b/spec/features/security/project/snippet/internal_access_spec.rb index 49deacc5c74..e711723046e 100644 --- a/spec/features/security/project/snippet/internal_access_spec.rb +++ b/spec/features/security/project/snippet/internal_access_spec.rb @@ -31,6 +31,8 @@ describe "Internal Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -45,6 +47,8 @@ describe "Internal Project Snippets Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -60,6 +64,8 @@ describe "Internal Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -74,6 +80,8 @@ describe "Internal Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end @@ -90,6 +98,8 @@ describe "Internal Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -104,6 +114,8 @@ describe "Internal Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end diff --git a/spec/features/security/project/snippet/private_access_spec.rb b/spec/features/security/project/snippet/private_access_spec.rb index a1bfc076d99..1ae14452d25 100644 --- a/spec/features/security/project/snippet/private_access_spec.rb +++ b/spec/features/security/project/snippet/private_access_spec.rb @@ -30,6 +30,8 @@ describe "Private Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -44,6 +46,8 @@ describe "Private Project Snippets Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -58,6 +62,8 @@ describe "Private Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -72,6 +78,8 @@ describe "Private Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end diff --git a/spec/features/security/project/snippet/public_access_spec.rb b/spec/features/security/project/snippet/public_access_spec.rb index 30bcd87ef04..588dee417c6 100644 --- a/spec/features/security/project/snippet/public_access_spec.rb +++ b/spec/features/security/project/snippet/public_access_spec.rb @@ -32,6 +32,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -46,6 +48,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -61,6 +65,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -75,6 +81,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -89,6 +97,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end @@ -105,6 +115,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } + # TODO: Backend check + it { is_expected.to be_allowed_for :audit } it { is_expected.to be_allowed_for :visitor } end @@ -119,6 +131,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end @@ -133,6 +147,8 @@ describe "Public Project Snippets Access", feature: true do it { is_expected.to be_allowed_for guest } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } + # TODO: Backend check + it { is_expected.to be_denied_for :audit } it { is_expected.to be_denied_for :visitor } end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 91826e5884d..e49a09aace8 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -278,6 +278,7 @@ describe User, models: true do it { is_expected.to respond_to(:name) } it { is_expected.to respond_to(:private_token) } it { is_expected.to respond_to(:external?) } + it { is_expected.to respond_to(:audit?) } end describe 'before save hook' do @@ -533,6 +534,7 @@ describe User, models: true do it { expect(user.can_create_project?).to be_truthy } it { expect(user.first_name).to eq('John') } it { expect(user.external).to be_falsey } + it { expect(user.audit).to be_falsey } end describe 'with defaults' do @@ -543,6 +545,7 @@ describe User, models: true do expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group) expect(user.theme_id).to eq(Gitlab.config.gitlab.default_theme) expect(user.external).to be_falsey + expect(user.audit).to be_falsey end end @@ -575,6 +578,26 @@ describe User, models: true do end end end + + context 'when current_application_settings.user_default_audit is true' do + before do + stub_application_setting(user_default_audit: true) + end + + it "creates audit user by default" do + user = build(:user) + + expect(user.audit).to be_truthy + end + + describe 'with default overrides' do + it "creates a non-audit user" do + user = build(:user, audit: false) + + expect(user.audit).to be_falsey + end + end + end end describe '.find_by_any_email' do diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 1a6e7716b2f..5961adb8503 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -90,6 +90,16 @@ describe API::API, api: true do expect(json_response).to be_an Array expect(json_response).to all(include('external' => true)) end + + it "returns an array of audit users" do + create(:user, audit: true) + + get api("/users?audit=true", admin) + + expect(response).to have_http_status(200) + expect(json_response).to be_an Array + expect(json_response).to all(include('audit' => true)) + end end end diff --git a/spec/support/matchers/access_matchers.rb b/spec/support/matchers/access_matchers.rb index 0497e391860..848e7df5ef5 100644 --- a/spec/support/matchers/access_matchers.rb +++ b/spec/support/matchers/access_matchers.rb @@ -17,6 +17,8 @@ module AccessMatchers login_as(create(:admin)) when :external login_as(create(:user, external: true)) + when :audit + login_as(create(:user, audit: true)) when User login_as(user) else |