diff options
author | James Fargher <proglottis@gmail.com> | 2019-04-10 14:13:43 +1200 |
---|---|---|
committer | James Fargher <proglottis@gmail.com> | 2019-05-07 08:37:03 +1200 |
commit | 733da6d6a015e8c951dcc02250cfe1fab87789c0 (patch) | |
tree | 6be40311a4753767d7219f2cff21c4eccbe18a5f /spec/policies/clusters | |
parent | 863f2bcfb6ef7c6d3ce5726fa1a602e12f05ef57 (diff) | |
download | gitlab-ce-733da6d6a015e8c951dcc02250cfe1fab87789c0.tar.gz |
Instance level kubernetes clusters admin
Instance level clusters were already mostly supported, this change adds
admin area controllers for cluster CRUD
Diffstat (limited to 'spec/policies/clusters')
-rw-r--r-- | spec/policies/clusters/cluster_policy_spec.rb | 16 | ||||
-rw-r--r-- | spec/policies/clusters/instance_policy_spec.rb | 23 |
2 files changed, 39 insertions, 0 deletions
diff --git a/spec/policies/clusters/cluster_policy_spec.rb b/spec/policies/clusters/cluster_policy_spec.rb index b2f0ca1bc30..cc3dde154dc 100644 --- a/spec/policies/clusters/cluster_policy_spec.rb +++ b/spec/policies/clusters/cluster_policy_spec.rb @@ -66,5 +66,21 @@ describe Clusters::ClusterPolicy, :models do it { expect(policy).to be_disallowed :admin_cluster } end end + + context 'instance cluster' do + let(:cluster) { create(:cluster, :instance) } + + context 'when user' do + it { expect(policy).to be_disallowed :update_cluster } + it { expect(policy).to be_disallowed :admin_cluster } + end + + context 'when admin' do + let(:user) { create(:admin) } + + it { expect(policy).to be_allowed :update_cluster } + it { expect(policy).to be_allowed :admin_cluster } + end + end end end diff --git a/spec/policies/clusters/instance_policy_spec.rb b/spec/policies/clusters/instance_policy_spec.rb new file mode 100644 index 00000000000..ac0f9da5d19 --- /dev/null +++ b/spec/policies/clusters/instance_policy_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Clusters::InstancePolicy do + let(:cluster) { create(:cluster, :instance) } + let(:user) { create(:user) } + let(:policy) { described_class.new(user, cluster) } + + describe 'rules' do + context 'when user' do + it { expect(policy).to be_disallowed :update_cluster } + it { expect(policy).to be_disallowed :admin_cluster } + end + + context 'when admin' do + let(:user) { create(:admin) } + + it { expect(policy).to be_allowed :update_cluster } + it { expect(policy).to be_allowed :admin_cluster } + end + end +end |