diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /spec/policies/design_management/design_policy_spec.rb | |
parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) | |
download | gitlab-ce-9f46488805e86b1bc341ea1620b866016c2ce5ed.tar.gz |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'spec/policies/design_management/design_policy_spec.rb')
-rw-r--r-- | spec/policies/design_management/design_policy_spec.rb | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/spec/policies/design_management/design_policy_spec.rb b/spec/policies/design_management/design_policy_spec.rb new file mode 100644 index 00000000000..a566aecc4b7 --- /dev/null +++ b/spec/policies/design_management/design_policy_spec.rb @@ -0,0 +1,181 @@ +# frozen_string_literal: true +require 'spec_helper' + +describe DesignManagement::DesignPolicy do + include DesignManagementTestHelpers + + include_context 'ProjectPolicy context' + + let(:guest_design_abilities) { %i[read_design] } + let(:developer_design_abilities) do + %i[create_design destroy_design] + end + let(:design_abilities) { guest_design_abilities + developer_design_abilities } + + let(:issue) { create(:issue, project: project) } + let(:design) { create(:design, issue: issue) } + + subject(:design_policy) { described_class.new(current_user, design) } + + shared_examples_for "design abilities not available" do + context "for owners" do + let(:current_user) { owner } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for admins" do + let(:current_user) { admin } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for maintainers" do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for developers" do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for reporters" do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for guests" do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for anonymous users" do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(*design_abilities) } + end + end + + shared_examples_for "design abilities available for members" do + context "for owners" do + let(:current_user) { owner } + + it { is_expected.to be_allowed(*design_abilities) } + end + + context "for admins" do + let(:current_user) { admin } + + context 'when admin mode enabled', :enable_admin_mode do + it { is_expected.to be_allowed(*design_abilities) } + end + + context 'when admin mode disabled' do + it { is_expected.to be_allowed(*guest_design_abilities) } + it { is_expected.to be_disallowed(*developer_design_abilities) } + end + end + + context "for maintainers" do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(*design_abilities) } + end + + context "for developers" do + let(:current_user) { developer } + + it { is_expected.to be_allowed(*design_abilities) } + end + + context "for reporters" do + let(:current_user) { reporter } + + it { is_expected.to be_allowed(*guest_design_abilities) } + it { is_expected.to be_disallowed(*developer_design_abilities) } + end + end + + shared_examples_for "read-only design abilities" do + it { is_expected.to be_allowed(:read_design) } + it { is_expected.to be_disallowed(:create_design, :destroy_design) } + end + + context "when DesignManagement is not enabled" do + before do + enable_design_management(false) + end + + it_behaves_like "design abilities not available" + end + + context "when the feature is available" do + before do + enable_design_management + end + + it_behaves_like "design abilities available for members" + + context "for guests in private projects" do + let(:project) { create(:project, :private) } + let(:current_user) { guest } + + it { is_expected.to be_allowed(*guest_design_abilities) } + it { is_expected.to be_disallowed(*developer_design_abilities) } + end + + context "for anonymous users in public projects" do + let(:current_user) { nil } + + it { is_expected.to be_allowed(*guest_design_abilities) } + it { is_expected.to be_disallowed(*developer_design_abilities) } + end + + context "when the issue is confidential" do + let(:issue) { create(:issue, :confidential, project: project) } + + it_behaves_like "design abilities available for members" + + context "for guests" do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(*design_abilities) } + end + + context "for anonymous users" do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(*design_abilities) } + end + end + + context "when the issue is locked" do + let(:current_user) { owner } + let(:issue) { create(:issue, :locked, project: project) } + + it_behaves_like "read-only design abilities" + end + + context "when the issue has moved" do + let(:current_user) { owner } + let(:issue) { create(:issue, project: project, moved_to: create(:issue)) } + + it_behaves_like "read-only design abilities" + end + + context "when the project is archived" do + let(:current_user) { owner } + + before do + project.update!(archived: true) + end + + it_behaves_like "read-only design abilities" + end + end +end |