Update policies to make archived projects completely read-only

author: Douwe Maan <douwe@selenight.nl> 2018-04-02 20:38:47 +0200
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-04-10 15:46:20 +0200
commit: 8272ec9a7683863c43d217c97bdf7bf165cb3cf2 (patch)
tree: ae4fba36f47e12514789a309049af230da7135f4 /spec/policies
parent: 267a909600e02f0728fec1765adf817acc03d813 (diff)
download: gitlab-ce-8272ec9a7683863c43d217c97bdf7bf165cb3cf2.tar.gz
1 files changed, 65 insertions, 2 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 7843af839df..f20e4a021da 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -136,13 +136,49 @@ describe ProjectPolicy do
     end
   end
 
+  shared_examples 'archived project policies' do
+    let(:feature_write_abilities) do
+      described_class::READONLY_FEATURES_WHEN_ARCHIVED.flat_map do |feature|
+        described_class.create_update_admin_destroy(feature)
+      end
+    end
+
+    let(:other_write_abilities) do
+      %i[
+        push_to_delete_protected_branch
+        push_code
+        request_access
+        upload_file
+        resolve_note
+      ]
+    end
+
+    context 'when the project is archived' do
+      before do
+        project.archived = true
+      end
+
+      it 'disables write actions on all relevant project features' do
+        expect_disallowed(*feature_write_abilities)
+      end
+
+      it 'disables some other important write actions' do
+        expect_disallowed(*other_write_abilities)
+      end
+
+      it 'does not disable other other abilities' do
+        expect_allowed(*(regular_abilities - feature_write_abilities - other_write_abilities))
+      end
+    end
+  end
+
   shared_examples 'project policies as anonymous' do
     context 'abilities for public projects' do
       context 'when a project has pending invites' do
         let(:group) { create(:group, :public) }
         let(:project) { create(:project, :public, namespace: group) }
         let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
-        let(:anonymous_permissions) { guest_permissions - user_permissions }
+        let(:anonymous_permissions) { guest_permissions - user_permissions  }
 
         subject { described_class.new(nil, project) }
 
@@ -154,6 +190,10 @@ describe ProjectPolicy do
           expect_allowed(*anonymous_permissions)
           expect_disallowed(*user_permissions)
         end
+
+        it_behaves_like 'archived project policies' do
+          let(:regular_abilities) { anonymous_permissions }
+        end
       end
     end
 
@@ -184,6 +224,10 @@ describe ProjectPolicy do
         expect_disallowed(*owner_permissions)
       end
 
+      it_behaves_like 'archived project policies' do
+        let(:regular_abilities) { guest_permissions }
+      end
+
       context 'public builds enabled' do
         it do
           expect_allowed(*guest_permissions)
@@ -224,12 +268,15 @@ describe ProjectPolicy do
       it do
         expect_allowed(*guest_permissions)
         expect_allowed(*reporter_permissions)
-        expect_allowed(*reporter_permissions)
         expect_allowed(*team_member_reporter_permissions)
         expect_disallowed(*developer_permissions)
         expect_disallowed(*master_permissions)
         expect_disallowed(*owner_permissions)
       end
+
+      it_behaves_like 'archived project policies' do
+        let(:regular_abilities) { reporter_permissions }
+      end
     end
   end
 
@@ -247,6 +294,10 @@ describe ProjectPolicy do
         expect_disallowed(*master_permissions)
         expect_disallowed(*owner_permissions)
       end
+
+      it_behaves_like 'archived project policies' do
+        let(:regular_abilities) { developer_permissions }
+      end
     end
   end
 
@@ -264,6 +315,10 @@ describe ProjectPolicy do
         expect_allowed(*master_permissions)
         expect_disallowed(*owner_permissions)
       end
+
+      it_behaves_like 'archived project policies' do
+        let(:regular_abilities) { master_permissions }
+      end
     end
   end
 
@@ -281,6 +336,10 @@ describe ProjectPolicy do
         expect_allowed(*master_permissions)
         expect_allowed(*owner_permissions)
       end
+
+      it_behaves_like 'archived project policies' do
+        let(:regular_abilities) { owner_permissions }
+      end
     end
   end
 
@@ -298,6 +357,10 @@ describe ProjectPolicy do
         expect_allowed(*master_permissions)
         expect_allowed(*owner_permissions)
       end
+
+      it_behaves_like 'archived project policies' do
+        let(:regular_abilities) { owner_permissions }
+      end
     end
   end
author	Douwe Maan <douwe@selenight.nl>	2018-04-02 20:38:47 +0200
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-04-10 15:46:20 +0200
commit	8272ec9a7683863c43d217c97bdf7bf165cb3cf2 (patch)
tree	ae4fba36f47e12514789a309049af230da7135f4 /spec/policies
parent	267a909600e02f0728fec1765adf817acc03d813 (diff)
download	gitlab-ce-8272ec9a7683863c43d217c97bdf7bf165cb3cf2.tar.gz