diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-06-29 13:11:46 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-06-29 13:11:46 +0000 |
| commit | adf792f1f7288e8c10bf01efa0b78e30243889fe (patch) | |
| tree | f92b9ac9f70b927ea7aee0e3c5cd948fdd3f85dc /spec/controllers | |
| parent | 83ae38f6523c8628444de18e0a432349b6813909 (diff) | |
| parent | d9d5600711426d280cc1768820e809357293f14d (diff) | |
| download | gitlab-ce-adf792f1f7288e8c10bf01efa0b78e30243889fe.tar.gz | |
Merge branch '33082-use-update_pipeline_schedule-for-edit-and-take_ownership-in-pipelineschedulescontroller' into 'master'
Use authorize_update_pipeline_schedule in PipelineSchedulesController
Closes #33082
See merge request !11846
Diffstat (limited to 'spec/controllers')
| -rw-r--r-- | spec/controllers/projects/pipeline_schedules_controller_spec.rb | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/spec/controllers/projects/pipeline_schedules_controller_spec.rb b/spec/controllers/projects/pipeline_schedules_controller_spec.rb index f8f95dd9bc8..a8c44d5c313 100644 --- a/spec/controllers/projects/pipeline_schedules_controller_spec.rb +++ b/spec/controllers/projects/pipeline_schedules_controller_spec.rb @@ -84,4 +84,57 @@ describe Projects::PipelineSchedulesController do end end end + + describe 'security' do + include AccessMatchersForController + + describe 'GET edit' do + it { expect { go }.to be_allowed_for(:admin) } + it { expect { go }.to be_allowed_for(:owner).of(project) } + it { expect { go }.to be_allowed_for(:master).of(project) } + it { expect { go }.to be_allowed_for(:developer).of(project) } + it { expect { go }.to be_denied_for(:reporter).of(project) } + it { expect { go }.to be_denied_for(:guest).of(project) } + it { expect { go }.to be_denied_for(:user) } + it { expect { go }.to be_denied_for(:external) } + it { expect { go }.to be_denied_for(:visitor) } + + def go + get :edit, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id + end + end + + describe 'GET take_ownership' do + it { expect { go }.to be_allowed_for(:admin) } + it { expect { go }.to be_allowed_for(:owner).of(project) } + it { expect { go }.to be_allowed_for(:master).of(project) } + it { expect { go }.to be_allowed_for(:developer).of(project) } + it { expect { go }.to be_denied_for(:reporter).of(project) } + it { expect { go }.to be_denied_for(:guest).of(project) } + it { expect { go }.to be_denied_for(:user) } + it { expect { go }.to be_denied_for(:external) } + it { expect { go }.to be_denied_for(:visitor) } + + def go + post :take_ownership, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id + end + end + + describe 'PUT update' do + it { expect { go }.to be_allowed_for(:admin) } + it { expect { go }.to be_allowed_for(:owner).of(project) } + it { expect { go }.to be_allowed_for(:master).of(project) } + it { expect { go }.to be_allowed_for(:developer).of(project) } + it { expect { go }.to be_denied_for(:reporter).of(project) } + it { expect { go }.to be_denied_for(:guest).of(project) } + it { expect { go }.to be_denied_for(:user) } + it { expect { go }.to be_denied_for(:external) } + it { expect { go }.to be_denied_for(:visitor) } + + def go + put :update, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id, + schedule: { description: 'a' } + end + end + end end |