Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-20 08:43:02 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-20 08:43:02 +0000
commit: d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch)
tree: 2341ef426af70ad1e289c38036737e04b0aa5007 /spec/policies
parent: d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff)
download: gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz
5 files changed, 107 insertions, 2 deletions
diff --git a/spec/policies/clusters/agent_policy_spec.rb b/spec/policies/clusters/agent_policy_spec.rb
new file mode 100644
index 00000000000..307d751b78b
--- /dev/null
+++ b/spec/policies/clusters/agent_policy_spec.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Clusters::AgentPolicy do
+  let(:cluster_agent) { create(:cluster_agent, name: 'agent' )}
+  let(:user) { create(:admin) }
+  let(:policy) { described_class.new(user, cluster_agent) }
+  let(:project) { cluster_agent.project }
+
+  describe 'rules' do
+    context 'when developer' do
+      before do
+        project.add_developer(user)
+      end
+
+      it { expect(policy).to be_disallowed :admin_cluster }
+    end
+
+    context 'when maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it { expect(policy).to be_allowed :admin_cluster }
+    end
+  end
+end
diff --git a/spec/policies/clusters/agent_token_policy_spec.rb b/spec/policies/clusters/agent_token_policy_spec.rb
new file mode 100644
index 00000000000..9ae99e66f59
--- /dev/null
+++ b/spec/policies/clusters/agent_token_policy_spec.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Clusters::AgentTokenPolicy do
+  let_it_be(:token) { create(:cluster_agent_token) }
+
+  let(:user) { create(:user) }
+  let(:policy) { described_class.new(user, token) }
+  let(:project) { token.agent.project }
+
+  describe 'rules' do
+    context 'when developer' do
+      before do
+        project.add_developer(user)
+      end
+
+      it { expect(policy).to be_disallowed :admin_cluster }
+      it { expect(policy).to be_disallowed :read_cluster }
+    end
+
+    context 'when maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it { expect(policy).to be_allowed :admin_cluster }
+      it { expect(policy).to be_allowed :read_cluster }
+    end
+  end
+end
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 482e12c029d..201ccf0fc14 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -1005,7 +1005,7 @@ RSpec.describe GroupPolicy do
     context 'with maintainer' do
       let(:current_user) { maintainer }
 
-      it { is_expected.to be_allowed(:update_runners_registration_token) }
+      it { is_expected.to be_disallowed(:update_runners_registration_token) }
     end
 
     context 'with reporter' do
diff --git a/spec/policies/namespaces/project_namespace_policy_spec.rb b/spec/policies/namespaces/project_namespace_policy_spec.rb
new file mode 100644
index 00000000000..22f3ccec1f8
--- /dev/null
+++ b/spec/policies/namespaces/project_namespace_policy_spec.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe NamespacePolicy do
+  let_it_be(:parent) { create(:namespace) }
+  let_it_be(:namespace) { create(:project_namespace, parent: parent) }
+
+  let(:permissions) do
+    [:owner_access, :create_projects, :admin_namespace, :read_namespace,
+     :read_statistics, :transfer_projects, :create_package_settings,
+     :read_package_settings, :create_jira_connect_subscription]
+  end
+
+  subject { described_class.new(current_user, namespace) }
+
+  context 'with no user' do
+    let_it_be(:current_user) { nil }
+
+    it { is_expected.to be_disallowed(*permissions) }
+  end
+
+  context 'regular user' do
+    let_it_be(:current_user) { create(:user) }
+
+    it { is_expected.to be_disallowed(*permissions) }
+  end
+
+  context 'parent owner' do
+    let_it_be(:current_user) { parent.owner }
+
+    it { is_expected.to be_disallowed(*permissions) }
+  end
+
+  context 'admin' do
+    let_it_be(:current_user) { create(:admin) }
+
+    context 'when admin mode is enabled', :enable_admin_mode do
+      it { is_expected.to be_allowed(*permissions) }
+    end
+
+    context 'when admin mode is disabled' do
+      it { is_expected.to be_disallowed(*permissions) }
+    end
+  end
+end
diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespaces/user_namespace_policy_spec.rb
index b9823273de8..02eda31bfa7 100644
--- a/spec/policies/namespace_policy_spec.rb
+++ b/spec/policies/namespaces/user_namespace_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe NamespacePolicy do
+RSpec.describe Namespaces::UserNamespacePolicy do
   let(:user) { create(:user) }
   let(:owner) { create(:user) }
   let(:admin) { create(:admin) }
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-20 08:43:02 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-20 08:43:02 +0000
commit	d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch)
tree	2341ef426af70ad1e289c38036737e04b0aa5007 /spec/policies
parent	d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff)
download	gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz