diff options
author | Mark Chao <mchao@gitlab.com> | 2019-11-08 14:47:50 +0800 |
---|---|---|
committer | Dylan Griffith <dyl.griffith@gmail.com> | 2019-11-15 20:58:41 +1100 |
commit | 1805f42b56f697d628b59f173d8813917eca974e (patch) | |
tree | dc70bccaf6521bc4941f7f48c1f0be30ab3aa503 | |
parent | b320251af02e252bd45ea296ecba6569da541094 (diff) | |
download | gitlab-ce-1805f42b56f697d628b59f173d8813917eca974e.tar.gz |
ES: update permission spec table
Remove impossible cases due to private project's features can only be
private or disabled.
Fix spec due to sidekiq indexing not triggered.
Update guest use cases: some features has additional constraint that
"Guest users are able to perform action on public/internal projects,
but not private ones."
-rw-r--r-- | spec/support/helpers/project_helpers.rb | 10 | ||||
-rw-r--r-- | spec/support/shared_contexts/policies/project_policy_table_shared_context.rb | 190 |
2 files changed, 185 insertions, 15 deletions
diff --git a/spec/support/helpers/project_helpers.rb b/spec/support/helpers/project_helpers.rb index 61056b47aed..3cc84d935d2 100644 --- a/spec/support/helpers/project_helpers.rb +++ b/spec/support/helpers/project_helpers.rb @@ -16,10 +16,10 @@ module ProjectHelpers end def update_feature_access_level(project, access_level) - project.update!( - repository_access_level: access_level, - merge_requests_access_level: access_level, - builds_access_level: access_level - ) + features = ProjectFeature::FEATURES.dup + features.delete(:pages) + params = features.each_with_object({}) { |feature, h| h["#{feature}_access_level"] = access_level } + + project.update!(params) end end diff --git a/spec/support/shared_contexts/policies/project_policy_table_shared_context.rb b/spec/support/shared_contexts/policies/project_policy_table_shared_context.rb index e666b346b8b..2ca8c8d739c 100644 --- a/spec/support/shared_contexts/policies/project_policy_table_shared_context.rb +++ b/spec/support/shared_contexts/policies/project_policy_table_shared_context.rb @@ -3,7 +3,20 @@ RSpec.shared_context 'ProjectPolicyTable context' do using RSpec::Parameterized::TableSyntax + let(:pendings) { {} } + let(:pending?) do + pendings.include?( + { + project_level: project_level, + feature_access_level: feature_access_level, + membership: membership, + expected_count: expected_count + } + ) + end + # rubocop:disable Metrics/AbcSize + # project_level, :feature_access_level, :membership, :expected_count def permission_table_for_reporter_feature_access :public | :enabled | :reporter | 1 :public | :enabled | :guest | 1 @@ -35,11 +48,6 @@ RSpec.shared_context 'ProjectPolicyTable context' do :internal | :disabled | :non_member | 0 :internal | :disabled | :anonymous | 0 - :private | :enabled | :reporter | 1 - :private | :enabled | :guest | 1 - :private | :enabled | :non_member | 0 - :private | :enabled | :anonymous | 0 - :private | :private | :reporter | 1 :private | :private | :guest | 0 :private | :private | :non_member | 0 @@ -51,6 +59,7 @@ RSpec.shared_context 'ProjectPolicyTable context' do :private | :disabled | :anonymous | 0 end + # project_level, :feature_access_level, :membership, :expected_count def permission_table_for_guest_feature_access :public | :enabled | :reporter | 1 :public | :enabled | :guest | 1 @@ -82,11 +91,6 @@ RSpec.shared_context 'ProjectPolicyTable context' do :internal | :disabled | :non_member | 0 :internal | :disabled | :anonymous | 0 - :private | :enabled | :reporter | 1 - :private | :enabled | :guest | 1 - :private | :enabled | :non_member | 0 - :private | :enabled | :anonymous | 0 - :private | :private | :reporter | 1 :private | :private | :guest | 1 :private | :private | :non_member | 0 @@ -98,6 +102,172 @@ RSpec.shared_context 'ProjectPolicyTable context' do :private | :disabled | :anonymous | 0 end + # This table is based on permission_table_for_guest_feature_access, + # but with a slight twist. + # Some features can be hidden away to GUEST, when project is private. + # (see ProjectFeature::PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT) + # This is the table for such features. + # + # e.g. `repository` feature has minimum requirement of GUEST, + # but a GUEST are prohibited from reading code if project is private. + # + # project_level, :feature_access_level, :membership, :expected_count + def permission_table_for_guest_feature_access_and_non_private_project_only + :public | :enabled | :reporter | 1 + :public | :enabled | :guest | 1 + :public | :enabled | :non_member | 1 + :public | :enabled | :anonymous | 1 + + :public | :private | :reporter | 1 + :public | :private | :guest | 1 + :public | :private | :non_member | 0 + :public | :private | :anonymous | 0 + + :public | :disabled | :reporter | 0 + :public | :disabled | :guest | 0 + :public | :disabled | :non_member | 0 + :public | :disabled | :anonymous | 0 + + :internal | :enabled | :reporter | 1 + :internal | :enabled | :guest | 1 + :internal | :enabled | :non_member | 1 + :internal | :enabled | :anonymous | 0 + + :internal | :private | :reporter | 1 + :internal | :private | :guest | 1 + :internal | :private | :non_member | 0 + :internal | :private | :anonymous | 0 + + :internal | :disabled | :reporter | 0 + :internal | :disabled | :guest | 0 + :internal | :disabled | :non_member | 0 + :internal | :disabled | :anonymous | 0 + + :private | :private | :reporter | 1 + :private | :private | :guest | 0 + :private | :private | :non_member | 0 + :private | :private | :anonymous | 0 + + :private | :disabled | :reporter | 0 + :private | :disabled | :guest | 0 + :private | :disabled | :non_member | 0 + :private | :disabled | :anonymous | 0 + end + + # :project_level, :issues_access_level, :merge_requests_access_level, :membership, :expected_count + def permission_table_for_milestone_access + :public | :enabled | :enabled | :reporter | 1 + :public | :enabled | :enabled | :guest | 1 + :public | :enabled | :enabled | :non_member | 1 + :public | :enabled | :enabled | :anonymous | 1 + + :public | :enabled | :private | :reporter | 1 + :public | :enabled | :private | :guest | 1 + :public | :enabled | :private | :non_member | 1 + :public | :enabled | :private | :anonymous | 1 + + :public | :enabled | :disabled | :reporter | 1 + :public | :enabled | :disabled | :guest | 1 + :public | :enabled | :disabled | :non_member | 1 + :public | :enabled | :disabled | :anonymous | 1 + + :public | :private | :enabled | :reporter | 1 + :public | :private | :enabled | :guest | 1 + :public | :private | :enabled | :non_member | 1 + :public | :private | :enabled | :anonymous | 1 + + :public | :private | :private | :reporter | 1 + :public | :private | :private | :guest | 1 + :public | :private | :private | :non_member | 0 + :public | :private | :private | :anonymous | 0 + + :public | :private | :disabled | :reporter | 1 + :public | :private | :disabled | :guest | 1 + :public | :private | :disabled | :non_member | 0 + :public | :private | :disabled | :anonymous | 0 + + :public | :disabled | :enabled | :reporter | 1 + :public | :disabled | :enabled | :guest | 1 + :public | :disabled | :enabled | :non_member | 1 + :public | :disabled | :enabled | :anonymous | 1 + + :public | :disabled | :private | :reporter | 1 + :public | :disabled | :private | :guest | 0 + :public | :disabled | :private | :non_member | 0 + :public | :disabled | :private | :anonymous | 0 + + :public | :disabled | :disabled | :reporter | 0 + :public | :disabled | :disabled | :guest | 0 + :public | :disabled | :disabled | :non_member | 0 + :public | :disabled | :disabled | :anonymous | 0 + + :internal | :enabled | :enabled | :reporter | 1 + :internal | :enabled | :enabled | :guest | 1 + :internal | :enabled | :enabled | :non_member | 1 + :internal | :enabled | :enabled | :anonymous | 0 + + :internal | :enabled | :private | :reporter | 1 + :internal | :enabled | :private | :guest | 1 + :internal | :enabled | :private | :non_member | 1 + :internal | :enabled | :private | :anonymous | 0 + + :internal | :enabled | :disabled | :reporter | 1 + :internal | :enabled | :disabled | :guest | 1 + :internal | :enabled | :disabled | :non_member | 1 + :internal | :enabled | :disabled | :anonymous | 0 + + :internal | :private | :enabled | :reporter | 1 + :internal | :private | :enabled | :guest | 1 + :internal | :private | :enabled | :non_member | 1 + :internal | :private | :enabled | :anonymous | 0 + + :internal | :private | :private | :reporter | 1 + :internal | :private | :private | :guest | 1 + :internal | :private | :private | :non_member | 0 + :internal | :private | :private | :anonymous | 0 + + :internal | :private | :disabled | :reporter | 1 + :internal | :private | :disabled | :guest | 1 + :internal | :private | :disabled | :non_member | 0 + :internal | :private | :disabled | :anonymous | 0 + + :internal | :disabled | :enabled | :reporter | 1 + :internal | :disabled | :enabled | :guest | 1 + :internal | :disabled | :enabled | :non_member | 1 + :internal | :disabled | :enabled | :anonymous | 0 + + :internal | :disabled | :private | :reporter | 1 + :internal | :disabled | :private | :guest | 0 + :internal | :disabled | :private | :non_member | 0 + :internal | :disabled | :private | :anonymous | 0 + + :internal | :disabled | :disabled | :reporter | 0 + :internal | :disabled | :disabled | :guest | 0 + :internal | :disabled | :disabled | :non_member | 0 + :internal | :disabled | :disabled | :anonymous | 0 + + :private | :private | :private | :reporter | 1 + :private | :private | :private | :guest | 1 + :private | :private | :private | :non_member | 0 + :private | :private | :private | :anonymous | 0 + + :private | :private | :disabled | :reporter | 1 + :private | :private | :disabled | :guest | 1 + :private | :private | :disabled | :non_member | 0 + :private | :private | :disabled | :anonymous | 0 + + :private | :disabled | :private | :reporter | 1 + :private | :disabled | :private | :guest | 0 + :private | :disabled | :private | :non_member | 0 + :private | :disabled | :private | :anonymous | 0 + + :private | :disabled | :disabled | :reporter | 0 + :private | :disabled | :disabled | :guest | 0 + :private | :disabled | :disabled | :non_member | 0 + :private | :disabled | :disabled | :anonymous | 0 + end + + # :project_level, :membership, :expected_count def permission_table_for_project_access :public | :reporter | 1 :public | :guest | 1 |