diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-08 15:07:55 +0200 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-10 17:02:27 +0200 |
commit | f7f13f9db0da92c7b43481dfe5559f317711e533 (patch) | |
tree | 59359aecb555f844de1a81a0aebbd70336fbb8c1 /spec/policies | |
parent | f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff) | |
download | gitlab-ce-f7f13f9db0da92c7b43481dfe5559f317711e533.tar.gz |
Block access to API & git when terms are enforced
When terms are enforced, but the user has not accepted the terms
access to the API & git is rejected with a message directing the user
to the web app to accept the terms.
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/global_policy_spec.rb | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index ec26810e371..91d37db035a 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -90,4 +90,68 @@ describe GlobalPolicy do it { is_expected.to be_allowed(:update_custom_attribute) } end end + + describe 'API access' do + describe 'regular user' do + it { is_expected.to be_allowed(:access_api) } + end + + describe 'admin' do + let(:current_user) { create(:admin) } + + it { is_expected.to be_allowed(:access_api) } + end + + describe 'anonymous' do + let(:current_user) { nil } + + it { is_expected.not_to be_allowed(:access_api) } + end + + context 'when terms are enforced' do + before do + enforce_terms + end + + it { is_expected.not_to be_allowed(:access_api) } + + it 'allows access to the API when the user accepted the terms' do + accept_terms(current_user) + + is_expected.to be_allowed(:access_api) + end + end + end + + describe 'git access' do + describe 'regular user' do + it { is_expected.to be_allowed(:access_git) } + end + + describe 'admin' do + let(:current_user) { create(:admin) } + + it { is_expected.to be_allowed(:access_git) } + end + + describe 'anonymous' do + let(:current_user) { nil } + + it { is_expected.not_to be_allowed(:access_git) } + end + + context 'when terms are enforced' do + before do + enforce_terms + end + + it { is_expected.not_to be_allowed(:access_git) } + + it 'allows access to git when terms are accepted' do + accept_terms(current_user) + + is_expected.to be_allowed(:access_git) + end + end + end end |