diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-17 15:06:17 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-17 15:06:17 +0000 |
commit | 238d22c07218adf2b8f3db630ee8b74ca6f29df5 (patch) | |
tree | 23fd5f85efef0fb95eb73bf6395d5b7e8c0f1b9f /spec/policies | |
parent | 6b75320f525f841454f1ab162d141d3610f2e77b (diff) | |
download | gitlab-ce-238d22c07218adf2b8f3db630ee8b74ca6f29df5.tar.gz |
Add latest changes from gitlab-org/gitlab@masterlist
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/todo_policy_spec.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/policies/todo_policy_spec.rb b/spec/policies/todo_policy_spec.rb new file mode 100644 index 00000000000..be6fecd1045 --- /dev/null +++ b/spec/policies/todo_policy_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe TodoPolicy do + let_it_be(:author) { create(:user) } + + let_it_be(:user1) { create(:user) } + let_it_be(:user2) { create(:user) } + let_it_be(:user3) { create(:user) } + + let_it_be(:todo1) { create(:todo, author: author, user: user1) } + let_it_be(:todo2) { create(:todo, author: author, user: user2) } + let_it_be(:todo3) { create(:todo, author: author, user: user2) } + let_it_be(:todo4) { create(:todo, author: author, user: user3) } + + def permissions(user, todo) + described_class.new(user, todo) + end + + describe 'own_todo' do + it 'allows owners to access their own todos' do + [ + [user1, todo1], + [user2, todo2], + [user2, todo3], + [user3, todo4] + ].each do |user, todo| + expect(permissions(user, todo)).to be_allowed(:read_todo) + end + end + + it 'does not allow users to access todos of other users' do + [ + [user1, todo2], + [user1, todo3], + [user2, todo1], + [user2, todo4], + [user3, todo1], + [user3, todo2], + [user3, todo3] + ].each do |user, todo| + expect(permissions(user, todo)).to be_disallowed(:read_todo) + end + end + end +end |