summaryrefslogtreecommitdiff
path: root/spec/policies/global_policy_spec.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2023-02-20 13:49:51 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2023-02-20 13:49:51 +0000
commit71786ddc8e28fbd3cb3fcc4b3ff15e5962a1c82e (patch)
tree6a2d93ef3fb2d353bb7739e4b57e6541f51cdd71 /spec/policies/global_policy_spec.rb
parenta7253423e3403b8c08f8a161e5937e1488f5f407 (diff)
downloadgitlab-ce-71786ddc8e28fbd3cb3fcc4b3ff15e5962a1c82e.tar.gz
Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42
Diffstat (limited to 'spec/policies/global_policy_spec.rb')
-rw-r--r--spec/policies/global_policy_spec.rb100
1 files changed, 99 insertions, 1 deletions
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index 1538f8a70c8..0575ba3237b 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe GlobalPolicy, feature_category: :security_policies do
+RSpec.describe GlobalPolicy, feature_category: :shared do
include TermsHelper
let_it_be(:admin_user) { create(:admin) }
@@ -591,4 +591,102 @@ RSpec.describe GlobalPolicy, feature_category: :security_policies do
it { is_expected.to be_disallowed(:log_in) }
end
end
+
+ describe 'create_instance_runners' do
+ context 'create_runner_workflow flag enabled' do
+ before do
+ stub_feature_flags(create_runner_workflow: true)
+ end
+
+ context 'admin' do
+ let(:current_user) { admin_user }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it { is_expected.to be_allowed(:create_instance_runners) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+ end
+
+ context 'with project_bot' do
+ let(:current_user) { project_bot }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with migration_bot' do
+ let(:current_user) { migration_bot }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with security_bot' do
+ let(:current_user) { security_bot }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with regular user' do
+ let(:current_user) { user }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with anonymous' do
+ let(:current_user) { nil }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+ end
+
+ context 'create_runner_workflow flag disabled' do
+ before do
+ stub_feature_flags(create_runner_workflow: false)
+ end
+
+ context 'admin' do
+ let(:current_user) { admin_user }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+ end
+
+ context 'with project_bot' do
+ let(:current_user) { project_bot }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with migration_bot' do
+ let(:current_user) { migration_bot }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with security_bot' do
+ let(:current_user) { security_bot }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with regular user' do
+ let(:current_user) { user }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+
+ context 'with anonymous' do
+ let(:current_user) { nil }
+
+ it { is_expected.to be_disallowed(:create_instance_runners) }
+ end
+ end
+ end
end
View Lorry Controller Status