Add examples specing the setting to choose who can create subgroups

This setting is at the group level only. The default is specified to be maintainers and owners. **Specs only**, all failing.
author: Fabio Papa <fabtheman@gmail.com> 2019-06-25 21:59:10 -0700
committer: Fabio Papa <fabtheman@gmail.com> 2019-07-19 11:55:45 -0700
commit: 7d061212b12a400acfa9c8f34e022e352e77cb64 (patch)
tree: d5fcfa6d322456099a5c5780ce3b616265c1b570 /spec/policies/group_policy_spec.rb
parent: e6e672f049aa887cc4765eb9dfd9f7ac320d5188 (diff)
download: gitlab-ce-7d061212b12a400acfa9c8f34e022e352e77cb64.tar.gz
1 files changed, 70 insertions, 0 deletions
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 59f3a961d50..aed9a8e34ff 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -163,6 +163,18 @@ describe GroupPolicy do
         expect_allowed(*updated_owner_permissions)
       end
     end
+
+    context 'maintainer' do
+      let(:current_user) { maintainer }
+
+      it 'allows every maintainer permission except creating subgroups' do
+        create_subgroup_permission = [:create_subgroup]
+        updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission
+
+        expect_disallowed(*create_subgroup_permission)
+        expect_allowed(*updated_maintainer_permissions)
+      end
+    end
   end
 
   describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do
@@ -461,6 +473,64 @@ describe GroupPolicy do
     end
   end
 
+  context "create_subgroup" do
+    context 'when group has subgroup creation level set to owner' do
+      let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) }
+
+      context 'reporter' do
+        let(:current_user) { reporter }
+
+        it { is_expected.to be_disallowed(:create_subgroup) }
+      end
+
+      context 'developer' do
+        let(:current_user) { developer }
+
+        it { is_expected.to be_disallowed(:create_subgroup) }
+      end
+
+      context 'maintainer' do
+        let(:current_user) { maintainer }
+
+        it { is_expected.to be_disallowed(:create_subgroup) }
+      end
+
+      context 'owner' do
+        let(:current_user) { owner }
+
+        it { is_expected.to be_allowed(:create_subgroup) }
+      end
+    end
+
+    context 'when group has subgroup creation level set to maintainer' do
+      let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) }
+
+      context 'reporter' do
+        let(:current_user) { reporter }
+
+        it { is_expected.to be_disallowed(:create_subgroup) }
+      end
+
+      context 'developer' do
+        let(:current_user) { developer }
+
+        it { is_expected.to be_disallowed(:create_subgroup) }
+      end
+
+      context 'maintainer' do
+        let(:current_user) { maintainer }
+
+        it { is_expected.to be_allowed(:create_subgroup) }
+      end
+
+      context 'owner' do
+        let(:current_user) { owner }
+
+        it { is_expected.to be_allowed(:create_subgroup) }
+      end
+    end
+  end
+
   it_behaves_like 'clusterable policies' do
     let(:clusterable) { create(:group) }
     let(:cluster) do
author	Fabio Papa <fabtheman@gmail.com>	2019-06-25 21:59:10 -0700
committer	Fabio Papa <fabtheman@gmail.com>	2019-07-19 11:55:45 -0700
commit	7d061212b12a400acfa9c8f34e022e352e77cb64 (patch)
tree	d5fcfa6d322456099a5c5780ce3b616265c1b570 /spec/policies/group_policy_spec.rb
parent	e6e672f049aa887cc4765eb9dfd9f7ac320d5188 (diff)
download	gitlab-ce-7d061212b12a400acfa9c8f34e022e352e77cb64.tar.gz