diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-11-28 13:08:14 +0800 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-11-28 13:14:14 +0800 |
commit | 660eb94cc93e14231d24ddf6b33e440b6bdbfe6a (patch) | |
tree | eeb4c156fd872a66d96de0aea5651ce45511cb56 | |
parent | eff2404785f58241f947bd7388564f49119d517d (diff) | |
download | gitlab-ce-rs-project-security-spec-speed.tar.gz |
Speed up Project security access specsrs-project-security-spec-speed
Prior, every single test was creating four `ProjectMember` objects, each
of which created one `User` record, even though each test only used
_one_ of those Users, if any.
Now each test only creates the single user record it needs, if it needs
one. This shaves minutes off of each spec file changed here.
-rw-r--r-- | spec/features/security/project/internal_access_spec.rb | 293 | ||||
-rw-r--r-- | spec/features/security/project/private_access_spec.rb | 253 | ||||
-rw-r--r-- | spec/features/security/project/public_access_spec.rb | 293 | ||||
-rw-r--r-- | spec/support/matchers/access_matchers.rb | 35 |
4 files changed, 428 insertions, 446 deletions
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index b6acc509342..0f77c7b28f9 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -5,19 +5,6 @@ describe "Internal Project Access", feature: true do let(:project) { create(:project, :internal) } - let(:owner) { project.owner } - let(:master) { create(:user) } - let(:developer) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - - before do - project.team << [master, :master] - project.team << [developer, :developer] - project.team << [reporter, :reporter] - project.team << [guest, :guest] - end - describe "Project should be internal" do describe '#internal?' do subject { project.internal? } @@ -29,11 +16,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -43,11 +30,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -57,11 +44,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -71,11 +58,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -85,11 +72,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_compare_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -99,11 +86,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_project_members_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :external } @@ -114,11 +101,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -128,11 +115,11 @@ describe "Internal Project Access", feature: true do subject { edit_namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -142,11 +129,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_deploy_keys_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -156,11 +143,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_issues_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -171,11 +158,11 @@ describe "Internal Project Access", feature: true do subject { edit_namespace_project_issue_path(project.namespace, project, issue) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -185,11 +172,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_snippets_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -199,11 +186,11 @@ describe "Internal Project Access", feature: true do subject { new_namespace_project_snippet_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -213,11 +200,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_merge_requests_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -227,11 +214,11 @@ describe "Internal Project Access", feature: true do subject { new_namespace_project_merge_request_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -246,11 +233,11 @@ describe "Internal Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -265,11 +252,11 @@ describe "Internal Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -279,11 +266,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_hooks_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -293,11 +280,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_pipelines_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -308,11 +295,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -325,11 +312,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -339,11 +326,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -359,11 +346,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -373,11 +360,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -388,11 +375,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_environments_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -403,11 +390,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_environment_path(project.namespace, project, environment) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -417,11 +404,11 @@ describe "Internal Project Access", feature: true do subject { new_namespace_project_environment_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -436,11 +423,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_container_registry_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index 79417c769a8..a9a883c4019 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -5,19 +5,6 @@ describe "Private Project Access", feature: true do let(:project) { create(:project, :private) } - let(:owner) { project.owner } - let(:master) { create(:user) } - let(:developer) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - - before do - project.team << [master, :master] - project.team << [developer, :developer] - project.team << [reporter, :reporter] - project.team << [guest, :guest] - end - describe "Project should be private" do describe '#private?' do subject { project.private? } @@ -29,11 +16,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -43,11 +30,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -57,11 +44,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -71,11 +58,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -85,11 +72,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_compare_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -99,11 +86,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_project_members_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -114,11 +101,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore'))} it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -128,11 +115,11 @@ describe "Private Project Access", feature: true do subject { edit_namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -142,11 +129,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_deploy_keys_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -156,11 +143,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_issues_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -171,11 +158,11 @@ describe "Private Project Access", feature: true do subject { edit_namespace_project_issue_path(project.namespace, project, issue) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -185,11 +172,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_snippets_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -199,11 +186,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_merge_requests_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -218,11 +205,11 @@ describe "Private Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -237,11 +224,11 @@ describe "Private Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -251,11 +238,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_hooks_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -265,11 +252,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_pipelines_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -280,11 +267,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -294,11 +281,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_builds_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -310,11 +297,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_build_path(project.namespace, project, build.id) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -324,11 +311,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_environments_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -339,11 +326,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_environment_path(project.namespace, project, environment) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -353,11 +340,11 @@ describe "Private Project Access", feature: true do subject { new_namespace_project_environment_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -372,11 +359,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_container_registry_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index 985663e7c98..92b2194acf5 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -5,19 +5,6 @@ describe "Public Project Access", feature: true do let(:project) { create(:project, :public) } - let(:owner) { project.owner } - let(:master) { create(:user) } - let(:developer) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - - before do - project.team << [master, :master] - project.team << [developer, :developer] - project.team << [reporter, :reporter] - project.team << [guest, :guest] - end - describe "Project should be public" do describe '#public?' do subject { project.public? } @@ -29,11 +16,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -43,11 +30,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -57,11 +44,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -71,11 +58,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -85,11 +72,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_compare_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -99,11 +86,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_project_members_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :external } @@ -113,11 +100,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_pipelines_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -128,11 +115,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -145,11 +132,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -159,11 +146,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -179,11 +166,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -193,11 +180,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -208,11 +195,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_environments_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -223,11 +210,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_environment_path(project.namespace, project, environment) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -237,11 +224,11 @@ describe "Public Project Access", feature: true do subject { new_namespace_project_environment_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -253,11 +240,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :visitor } end @@ -266,11 +253,11 @@ describe "Public Project Access", feature: true do subject { edit_namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -280,11 +267,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_deploy_keys_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -294,11 +281,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_issues_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -309,11 +296,11 @@ describe "Public Project Access", feature: true do subject { edit_namespace_project_issue_path(project.namespace, project, issue) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -323,11 +310,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_snippets_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -337,11 +324,11 @@ describe "Public Project Access", feature: true do subject { new_namespace_project_snippet_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -351,11 +338,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_merge_requests_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -365,11 +352,11 @@ describe "Public Project Access", feature: true do subject { new_namespace_project_merge_request_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -384,11 +371,11 @@ describe "Public Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -403,11 +390,11 @@ describe "Public Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -417,11 +404,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_hooks_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -436,11 +423,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_container_registry_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } diff --git a/spec/support/matchers/access_matchers.rb b/spec/support/matchers/access_matchers.rb index 0497e391860..141c38e7bd3 100644 --- a/spec/support/matchers/access_matchers.rb +++ b/spec/support/matchers/access_matchers.rb @@ -7,7 +7,7 @@ module AccessMatchers extend RSpec::Matchers::DSL include Warden::Test::Helpers - def emulate_user(user) + def emulate_user(user, project = nil) case user when :user login_as(create(:user)) @@ -19,6 +19,18 @@ module AccessMatchers login_as(create(:user, external: true)) when User login_as(user) + when :owner + raise ArgumentError, "cannot emulate owner without project" unless project + + login_as(project.owner) + when *Gitlab::Access.sym_options.keys + raise ArgumentError, "cannot emulate user #{user} without project" unless project + + role = user + user = create(:user) + project.public_send(:"add_#{role}", user) + + login_as(user) else raise ArgumentError, "cannot emulate user #{user}" end @@ -26,8 +38,7 @@ module AccessMatchers def description_for(user, type) if user.kind_of?(User) - # User#inspect displays too much information for RSpec's description - # messages + # User#inspect displays too much information for RSpec's descriptions "be #{type} for the specified user" else "be #{type} for #{user}" @@ -36,21 +47,31 @@ module AccessMatchers matcher :be_allowed_for do |user| match do |url| - emulate_user(user) - visit url + emulate_user(user, @project) + visit(url) + status_code != 404 && current_path != new_user_session_path end + chain :on do |project| + @project = project + end + description { description_for(user, 'allowed') } end matcher :be_denied_for do |user| match do |url| - emulate_user(user) - visit url + emulate_user(user, @project) + visit(url) + status_code == 404 || current_path == new_user_session_path end + chain :on do |project| + @project = project + end + description { description_for(user, 'denied') } end end |