diff options
| author | Felipe Artur <felipefac@gmail.com> | 2016-03-08 21:01:33 -0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2016-03-10 10:38:36 -0300 |
| commit | c3e70280dffe7ee0859ebd73b902d424ca5f809a (patch) | |
| tree | 06b83a5ab13d19803332253cf50a941501b29317 /spec/finders | |
| parent | bd59e59d01c5e845c7f7d451feaa1488670f20de (diff) | |
| download | gitlab-ce-c3e70280dffe7ee0859ebd73b902d424ca5f809a.tar.gz | |
Prevent projects to have higher visibility than groups
Prevent Groups to have smaller visibility than projects
Add default_group_visibility_level to configuration
Code improvements
Diffstat (limited to 'spec/finders')
| -rw-r--r-- | spec/finders/joined_groups_finder_spec.rb | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/finders/joined_groups_finder_spec.rb b/spec/finders/joined_groups_finder_spec.rb new file mode 100644 index 00000000000..e2f6c593638 --- /dev/null +++ b/spec/finders/joined_groups_finder_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe JoinedGroupsFinder do + describe '#execute' do + let!(:profile_owner) { create(:user) } + let!(:profile_visitor) { create(:user) } + + let!(:private_group) { create(:group, visibility_level: Gitlab::VisibilityLevel::PRIVATE) } + let!(:private_group_2) { create(:group, visibility_level: Gitlab::VisibilityLevel::PRIVATE) } + let!(:internal_group) { create(:group, visibility_level: Gitlab::VisibilityLevel::INTERNAL) } + let!(:internal_group_2) { create(:group, visibility_level: Gitlab::VisibilityLevel::INTERNAL) } + let!(:public_group) { create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) } + let!(:public_group_2) { create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) } + let!(:finder) { described_class.new(profile_owner) } + + describe 'execute' do + context 'without a user only shows public groups from profile owner' do + before { public_group.add_user(profile_owner, Gitlab::Access::MASTER)} + subject { finder.execute } + + it { is_expected.to eq([public_group]) } + end + + context 'only shows groups where both users are authorized to see' do + subject { finder.execute(profile_visitor) } + + before do + private_group.add_user(profile_owner, Gitlab::Access::MASTER) + private_group.add_user(profile_visitor, Gitlab::Access::DEVELOPER) + internal_group.add_user(profile_owner, Gitlab::Access::MASTER) + public_group.add_user(profile_owner, Gitlab::Access::MASTER) + end + + it { is_expected.to eq([public_group, internal_group, private_group]) } + end + + context 'shows group if profile visitor is in one of its projects' do + before do + public_group.add_user(profile_owner, Gitlab::Access::MASTER) + private_group.add_user(profile_owner, Gitlab::Access::MASTER) + project = create(:project, :private, group: private_group, name: 'B', path: 'B') + project.team.add_user(profile_visitor, Gitlab::Access::DEVELOPER) + end + + subject { finder.execute(profile_visitor) } + + it { is_expected.to eq([public_group, private_group]) } + end + end + end +end |