diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-15 15:42:17 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-15 15:42:17 +0000 |
commit | 44fdf983bd35328dd577d3d3650d14163ef3e2b6 (patch) | |
tree | 84ff300d056cfbabb5a0fe2a9cbaa80aaeab1cc5 /spec/lib/constraints | |
parent | bc9fa07b26184b5c94808f704db6ea1ac81bf4de (diff) | |
download | gitlab-ce-44fdf983bd35328dd577d3d3650d14163ef3e2b6.tar.gz |
Add latest changes from gitlab-org/gitlab@12-10-stable-ee
Diffstat (limited to 'spec/lib/constraints')
-rw-r--r-- | spec/lib/constraints/admin_constrainer_spec.rb | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/spec/lib/constraints/admin_constrainer_spec.rb b/spec/lib/constraints/admin_constrainer_spec.rb new file mode 100644 index 00000000000..da178f9e71a --- /dev/null +++ b/spec/lib/constraints/admin_constrainer_spec.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true +# +require 'spec_helper' + +describe Constraints::AdminConstrainer, :do_not_mock_admin_mode do + let(:user) { create(:user) } + + let(:session) { {} } + let(:env) { { 'warden' => double(:warden, authenticate?: true, user: user) } } + let(:request) { double(:request, session: session, env: env) } + + around do |example| + Gitlab::Session.with_session(session) do + example.run + end + end + + describe '#matches' do + context 'feature flag :user_mode_in_session is enabled' do + context 'when user is a regular user' do + it 'forbids access' do + expect(subject.matches?(request)).to be(false) + end + end + + context 'when user is an admin' do + let(:user) { create(:admin) } + + context 'admin mode is disabled' do + it 'forbids access' do + expect(subject.matches?(request)).to be(false) + end + end + + context 'admin mode is enabled' do + before do + current_user_mode = Gitlab::Auth::CurrentUserMode.new(user) + current_user_mode.request_admin_mode! + current_user_mode.enable_admin_mode!(password: user.password) + end + + it 'allows access' do + expect(subject.matches?(request)).to be(true) + end + end + end + end + + context 'feature flag :user_mode_in_session is disabled' do + before do + stub_feature_flags(user_mode_in_session: false) + end + + context 'when user is a regular user' do + it 'forbids access' do + expect(subject.matches?(request)).to be(false) + end + end + + context 'when user is an admin' do + let(:user) { create(:admin) } + + it 'allows access' do + expect(subject.matches?(request)).to be(true) + end + end + end + end +end |