diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-06-17 10:34:37 +0200 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-06-17 13:03:19 +0200 |
| commit | e71ce77e39837f3e18403ceb07d27a0497b7196c (patch) | |
| tree | dff1628a9b8d507fc93507b33747da9901358a85 /spec/helpers | |
| parent | b2dc9176018729efc1969035b30017c2ed81a708 (diff) | |
| download | gitlab-ce-e71ce77e39837f3e18403ceb07d27a0497b7196c.tar.gz | |
Ensure group/project owners can see their members' access_level
When you are the last owner of a group or the owner of a project,
you don't have the :update_<source>_member / :destroy_<source>_member
abilities, but you do have the :admin_<source>_member so you should
be able to see your members access levels.
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec/helpers')
| -rw-r--r-- | spec/helpers/members_helper_spec.rb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/spec/helpers/members_helper_spec.rb b/spec/helpers/members_helper_spec.rb index 7998209b7b0..f75fdb739f6 100644 --- a/spec/helpers/members_helper_spec.rb +++ b/spec/helpers/members_helper_spec.rb @@ -9,6 +9,54 @@ describe MembersHelper do it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member } end + describe '#default_show_roles' do + let(:user) { double } + let(:member) { build(:project_member) } + + before do + allow(helper).to receive(:current_user).and_return(user) + allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(false) + allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(false) + allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(false) + end + + context 'when the current cannot update, destroy or admin the passed member' do + it 'returns false' do + expect(helper.default_show_roles(member)).to be_falsy + end + end + + context 'when the current can update the passed member' do + before do + allow(helper).to receive(:can?).with(user, :update_project_member, member).and_return(true) + end + + it 'returns true' do + expect(helper.default_show_roles(member)).to be_truthy + end + end + + context 'when the current can destroy the passed member' do + before do + allow(helper).to receive(:can?).with(user, :destroy_project_member, member).and_return(true) + end + + it 'returns true' do + expect(helper.default_show_roles(member)).to be_truthy + end + end + + context 'when the current can admin the passed member source' do + before do + allow(helper).to receive(:can?).with(user, :admin_project_member, member.source).and_return(true) + end + + it 'returns true' do + expect(helper.default_show_roles(member)).to be_truthy + end + end + end + describe '#remove_member_message' do let(:requester) { build(:user) } let(:project) { create(:project) } |