diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 18:18:33 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 18:18:33 +0000 |
commit | f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch) | |
tree | a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /spec/features/security | |
parent | bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff) | |
download | gitlab-ce-f64a639bcfa1fc2bc89ca7db268f594306edfd7c.tar.gz |
Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40
Diffstat (limited to 'spec/features/security')
-rw-r--r-- | spec/features/security/group/internal_access_spec.rb | 35 | ||||
-rw-r--r-- | spec/features/security/group/private_access_spec.rb | 42 | ||||
-rw-r--r-- | spec/features/security/group/public_access_spec.rb | 35 |
3 files changed, 96 insertions, 16 deletions
diff --git a/spec/features/security/group/internal_access_spec.rb b/spec/features/security/group/internal_access_spec.rb index c146ac1e8ee..755f170a93e 100644 --- a/spec/features/security/group/internal_access_spec.rb +++ b/spec/features/security/group/internal_access_spec.rb @@ -24,7 +24,12 @@ RSpec.describe 'Internal Group access' do describe 'GET /groups/:path' do subject { group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -39,7 +44,12 @@ RSpec.describe 'Internal Group access' do describe 'GET /groups/:path/-/issues' do subject { issues_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -56,7 +66,12 @@ RSpec.describe 'Internal Group access' do subject { merge_requests_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -71,7 +86,12 @@ RSpec.describe 'Internal Group access' do describe 'GET /groups/:path/-/group_members' do subject { group_group_members_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -86,7 +106,12 @@ RSpec.describe 'Internal Group access' do describe 'GET /groups/:path/-/edit' do subject { edit_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_denied_for(:maintainer).of(group) } it { is_expected.to be_denied_for(:developer).of(group) } diff --git a/spec/features/security/group/private_access_spec.rb b/spec/features/security/group/private_access_spec.rb index de05b4d3d16..fc1fb3e3848 100644 --- a/spec/features/security/group/private_access_spec.rb +++ b/spec/features/security/group/private_access_spec.rb @@ -24,7 +24,12 @@ RSpec.describe 'Private Group access' do describe 'GET /groups/:path' do subject { group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -39,7 +44,12 @@ RSpec.describe 'Private Group access' do describe 'GET /groups/:path/-/issues' do subject { issues_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -56,7 +66,12 @@ RSpec.describe 'Private Group access' do subject { merge_requests_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -71,7 +86,12 @@ RSpec.describe 'Private Group access' do describe 'GET /groups/:path/-/group_members' do subject { group_group_members_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -86,7 +106,12 @@ RSpec.describe 'Private Group access' do describe 'GET /groups/:path/-/edit' do subject { edit_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_denied_for(:maintainer).of(group) } it { is_expected.to be_denied_for(:developer).of(group) } @@ -107,7 +132,12 @@ RSpec.describe 'Private Group access' do subject { group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } diff --git a/spec/features/security/group/public_access_spec.rb b/spec/features/security/group/public_access_spec.rb index ee72b84616a..90de2b58044 100644 --- a/spec/features/security/group/public_access_spec.rb +++ b/spec/features/security/group/public_access_spec.rb @@ -24,7 +24,12 @@ RSpec.describe 'Public Group access' do describe 'GET /groups/:path' do subject { group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -39,7 +44,12 @@ RSpec.describe 'Public Group access' do describe 'GET /groups/:path/-/issues' do subject { issues_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -56,7 +66,12 @@ RSpec.describe 'Public Group access' do subject { merge_requests_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -71,7 +86,12 @@ RSpec.describe 'Public Group access' do describe 'GET /groups/:path/-/group_members' do subject { group_group_members_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_allowed_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_allowed_for(:maintainer).of(group) } it { is_expected.to be_allowed_for(:developer).of(group) } @@ -86,7 +106,12 @@ RSpec.describe 'Public Group access' do describe 'GET /groups/:path/-/edit' do subject { edit_group_path(group) } - it { is_expected.to be_allowed_for(:admin) } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for(:admin) } + end + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for(:admin) } + end it { is_expected.to be_allowed_for(:owner).of(group) } it { is_expected.to be_denied_for(:maintainer).of(group) } it { is_expected.to be_denied_for(:developer).of(group) } |