Merge remote-tracking branch 'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'

author: John T Skarbek <jskarbek@gitlab.com> 2019-08-14 14:11:04 -0400
committer: John T Skarbek <jskarbek@gitlab.com> 2019-08-14 14:11:04 -0400
commit: 2b2efbc609a85093238ee3bec94358670021d0e5 (patch)
tree: 671ff737363c10b61e4a970e1c108319cc07e37d /spec/policies
parent: affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff)
parent: 7b52cff4896c8f681aea34fb273209400cf3e06e (diff)
download: gitlab-ce-2b2efbc609a85093238ee3bec94358670021d0e5.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index 12be3927e18..df6cc526eb0 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -226,4 +226,32 @@ describe GlobalPolicy do
       it { is_expected.not_to be_allowed(:read_instance_statistics) }
     end
   end
+
+  describe 'slash commands' do
+    context 'regular user' do
+      it { is_expected.to be_allowed(:use_slash_commands) }
+    end
+
+    context 'when internal' do
+      let(:current_user) { User.ghost }
+
+      it { is_expected.not_to be_allowed(:use_slash_commands) }
+    end
+
+    context 'when blocked' do
+      before do
+        current_user.block
+      end
+
+      it { is_expected.not_to be_allowed(:use_slash_commands) }
+    end
+
+    context 'when access locked' do
+      before do
+        current_user.lock_access!
+      end
+
+      it { is_expected.not_to be_allowed(:use_slash_commands) }
+    end
+  end
 end
author	John T Skarbek <jskarbek@gitlab.com>	2019-08-14 14:11:04 -0400
committer	John T Skarbek <jskarbek@gitlab.com>	2019-08-14 14:11:04 -0400
commit	2b2efbc609a85093238ee3bec94358670021d0e5 (patch)
tree	671ff737363c10b61e4a970e1c108319cc07e37d /spec/policies
parent	affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff)
parent	7b52cff4896c8f681aea34fb273209400cf3e06e (diff)
download	gitlab-ce-2b2efbc609a85093238ee3bec94358670021d0e5.tar.gz