Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 12:26:25 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-20 12:26:25 +0000
commit: a09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree: 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/policies
parent: 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)
download: gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz
42 files changed, 291 insertions, 129 deletions
diff --git a/spec/policies/alert_management/alert_policy_spec.rb b/spec/policies/alert_management/alert_policy_spec.rb
index 0d7624a0142..3e08d8b4ccc 100644
--- a/spec/policies/alert_management/alert_policy_spec.rb
+++ b/spec/policies/alert_management/alert_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe AlertManagement::AlertPolicy, :models do
+RSpec.describe AlertManagement::AlertPolicy, :models do
   let(:alert) { create(:alert_management_alert) }
   let(:project) { alert.project }
   let(:user) { create(:user) }
diff --git a/spec/policies/application_setting/term_policy_spec.rb b/spec/policies/application_setting/term_policy_spec.rb
index 2b5b9758ec2..00b48402fa6 100644
--- a/spec/policies/application_setting/term_policy_spec.rb
+++ b/spec/policies/application_setting/term_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe ApplicationSetting::TermPolicy do
+RSpec.describe ApplicationSetting::TermPolicy do
   include TermsHelper
 
   let_it_be(:term) { create(:term) }
diff --git a/spec/policies/award_emoji_policy_spec.rb b/spec/policies/award_emoji_policy_spec.rb
index 2e3693c58d7..bd34a656e12 100644
--- a/spec/policies/award_emoji_policy_spec.rb
+++ b/spec/policies/award_emoji_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe AwardEmojiPolicy do
+RSpec.describe AwardEmojiPolicy do
   let(:user) { create(:user) }
   let(:award_emoji) { create(:award_emoji, awardable: awardable) }
 
diff --git a/spec/policies/base_policy_spec.rb b/spec/policies/base_policy_spec.rb
index 67f7452528a..103f2e9bc39 100644
--- a/spec/policies/base_policy_spec.rb
+++ b/spec/policies/base_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe BasePolicy do
+RSpec.describe BasePolicy do
   include ExternalAuthorizationServiceHelpers
   include AdminModeHelper
 
diff --git a/spec/policies/blob_policy_spec.rb b/spec/policies/blob_policy_spec.rb
index e48dd751a8f..fc46b25f25c 100644
--- a/spec/policies/blob_policy_spec.rb
+++ b/spec/policies/blob_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe BlobPolicy, :enable_admin_mode do
+RSpec.describe BlobPolicy, :enable_admin_mode do
   include_context 'ProjectPolicyTable context'
   include ProjectHelpers
   using RSpec::Parameterized::TableSyntax
diff --git a/spec/policies/board_policy_spec.rb b/spec/policies/board_policy_spec.rb
index 35eac8a02c4..6940e75ec37 100644
--- a/spec/policies/board_policy_spec.rb
+++ b/spec/policies/board_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe BoardPolicy do
+RSpec.describe BoardPolicy do
   let(:user) { create(:user) }
   let(:project) { create(:project, :private) }
   let(:group) { create(:group, :private) }
diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 5857369a550..d2547338855 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Ci::BuildPolicy do
+RSpec.describe Ci::BuildPolicy do
   let(:user) { create(:user) }
   let(:build) { create(:ci_build, pipeline: pipeline) }
   let(:pipeline) { create(:ci_empty_pipeline, project: project) }
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb
index 293fe1fc5b9..fcd96bc6653 100644
--- a/spec/policies/ci/pipeline_policy_spec.rb
+++ b/spec/policies/ci/pipeline_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Ci::PipelinePolicy, :models do
+RSpec.describe Ci::PipelinePolicy, :models do
   let(:user) { create(:user) }
   let(:pipeline) { create(:ci_empty_pipeline, project: project) }
 
diff --git a/spec/policies/ci/pipeline_schedule_policy_spec.rb b/spec/policies/ci/pipeline_schedule_policy_spec.rb
index d503401f7cf..b455384d17a 100644
--- a/spec/policies/ci/pipeline_schedule_policy_spec.rb
+++ b/spec/policies/ci/pipeline_schedule_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Ci::PipelineSchedulePolicy, :models do
+RSpec.describe Ci::PipelineSchedulePolicy, :models do
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project, :repository) }
   let_it_be(:pipeline_schedule, reload: true) { create(:ci_pipeline_schedule, :nightly, project: project) }
diff --git a/spec/policies/ci/trigger_policy_spec.rb b/spec/policies/ci/trigger_policy_spec.rb
index 28e5a2b2cd6..b8b54e57035 100644
--- a/spec/policies/ci/trigger_policy_spec.rb
+++ b/spec/policies/ci/trigger_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Ci::TriggerPolicy do
+RSpec.describe Ci::TriggerPolicy do
   let(:user) { create(:user) }
   let(:project) { create(:project) }
   let(:trigger) { create(:ci_trigger, project: project, owner: create(:user)) }
diff --git a/spec/policies/clusters/cluster_policy_spec.rb b/spec/policies/clusters/cluster_policy_spec.rb
index 26cfc19862a..0b931c6f927 100644
--- a/spec/policies/clusters/cluster_policy_spec.rb
+++ b/spec/policies/clusters/cluster_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Clusters::ClusterPolicy, :models do
+RSpec.describe Clusters::ClusterPolicy, :models do
   let(:cluster) { create(:cluster, :project) }
   let(:project) { cluster.project }
   let(:user) { create(:user) }
diff --git a/spec/policies/clusters/instance_policy_spec.rb b/spec/policies/clusters/instance_policy_spec.rb
index dfe480d7fa4..f90841fc311 100644
--- a/spec/policies/clusters/instance_policy_spec.rb
+++ b/spec/policies/clusters/instance_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Clusters::InstancePolicy do
+RSpec.describe Clusters::InstancePolicy do
   let(:user) { create(:user) }
   let(:policy) { described_class.new(user, Clusters::Instance.new) }
 
diff --git a/spec/policies/commit_policy_spec.rb b/spec/policies/commit_policy_spec.rb
index 40183f51e9e..0d3dcc97565 100644
--- a/spec/policies/commit_policy_spec.rb
+++ b/spec/policies/commit_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe CommitPolicy do
+RSpec.describe CommitPolicy do
   describe '#rules' do
     let(:user) { create(:user) }
     let(:commit) { project.repository.head_commit }
diff --git a/spec/policies/concerns/policy_actor_spec.rb b/spec/policies/concerns/policy_actor_spec.rb
index 27db9710a38..7271cbb4a9d 100644
--- a/spec/policies/concerns/policy_actor_spec.rb
+++ b/spec/policies/concerns/policy_actor_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe PolicyActor do
+RSpec.describe PolicyActor do
   it 'implements all the methods from user' do
     methods = subject.instance_methods
 
diff --git a/spec/policies/deploy_key_policy_spec.rb b/spec/policies/deploy_key_policy_spec.rb
index 545647e2c67..d84b80a8738 100644
--- a/spec/policies/deploy_key_policy_spec.rb
+++ b/spec/policies/deploy_key_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe DeployKeyPolicy do
+RSpec.describe DeployKeyPolicy do
   subject { described_class.new(current_user, deploy_key) }
 
   describe 'updating a deploy_key' do
diff --git a/spec/policies/deploy_keys_project_policy_spec.rb b/spec/policies/deploy_keys_project_policy_spec.rb
index 952da86b7a7..3be55e9238c 100644
--- a/spec/policies/deploy_keys_project_policy_spec.rb
+++ b/spec/policies/deploy_keys_project_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe DeployKeysProjectPolicy do
+RSpec.describe DeployKeysProjectPolicy do
   subject { described_class.new(current_user, deploy_key.deploy_keys_project_for(project)) }
 
   describe 'updating a deploy_keys_project' do
diff --git a/spec/policies/deploy_token_policy_spec.rb b/spec/policies/deploy_token_policy_spec.rb
index 43e23ee55ac..f218828052e 100644
--- a/spec/policies/deploy_token_policy_spec.rb
+++ b/spec/policies/deploy_token_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe DeployTokenPolicy do
+RSpec.describe DeployTokenPolicy do
   let(:current_user) { create(:user) }
   let(:project) { create(:project) }
   let(:deploy_token) { create(:deploy_token, projects: [project]) }
diff --git a/spec/policies/design_management/design_policy_spec.rb b/spec/policies/design_management/design_policy_spec.rb
index a566aecc4b7..5dde5f896c9 100644
--- a/spec/policies/design_management/design_policy_spec.rb
+++ b/spec/policies/design_management/design_policy_spec.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require 'spec_helper'
 
-describe DesignManagement::DesignPolicy do
+RSpec.describe DesignManagement::DesignPolicy do
   include DesignManagementTestHelpers
 
   include_context 'ProjectPolicy context'
diff --git a/spec/policies/environment_policy_spec.rb b/spec/policies/environment_policy_spec.rb
index 75fca464ec8..649b1a770c0 100644
--- a/spec/policies/environment_policy_spec.rb
+++ b/spec/policies/environment_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe EnvironmentPolicy do
+RSpec.describe EnvironmentPolicy do
   using RSpec::Parameterized::TableSyntax
 
   let(:user) { create(:user) }
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index e8ba4eed4ec..4954eafe338 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe GlobalPolicy do
+RSpec.describe GlobalPolicy do
   include TermsHelper
 
   let_it_be(:project_bot) { create(:user, :project_bot) }
@@ -130,6 +130,24 @@ describe GlobalPolicy do
     end
   end
 
+  describe 'using project statistics filters' do
+    context 'regular user' do
+      it { is_expected.not_to be_allowed(:use_project_statistics_filters) }
+    end
+
+    context 'admin' do
+      let(:current_user) { create(:user, :admin) }
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it { is_expected.to be_allowed(:use_project_statistics_filters) }
+      end
+
+      context 'when admin mode is disabled' do
+        it { is_expected.to be_disallowed(:use_project_statistics_filters) }
+      end
+    end
+  end
+
   shared_examples 'access allowed when terms accepted' do |ability|
     it { is_expected.not_to be_allowed(ability) }
 
diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb
index a4f3301a064..4215fa09301 100644
--- a/spec/policies/group_member_policy_spec.rb
+++ b/spec/policies/group_member_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe GroupMemberPolicy do
+RSpec.describe GroupMemberPolicy do
   let(:guest) { create(:user) }
   let(:owner) { create(:user) }
   let(:group) { create(:group, :private) }
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 6b17a8285a2..733cc9bd9cb 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe GroupPolicy do
+RSpec.describe GroupPolicy do
   include_context 'GroupPolicy context'
 
   context 'public group with no user' do
@@ -154,7 +154,7 @@ describe GroupPolicy do
   context 'admin' do
     let(:current_user) { admin }
 
-    it do
+    specify do
       expect_allowed(*read_group_permissions)
       expect_allowed(*guest_permissions)
       expect_allowed(*reporter_permissions)
@@ -162,6 +162,10 @@ describe GroupPolicy do
       expect_allowed(*maintainer_permissions)
       expect_allowed(*owner_permissions)
     end
+
+    context 'with admin mode', :enable_admin_mode do
+      specify { expect_allowed(*admin_permissions) }
+    end
   end
 
   describe 'private nested group use the highest access level from the group and inherited permissions' do
@@ -661,4 +665,61 @@ describe GroupPolicy do
       end
     end
   end
+
+  describe 'design activity' do
+    let_it_be(:group) { create(:group, :public) }
+    let(:current_user) { nil }
+
+    subject { described_class.new(current_user, group) }
+
+    context 'when design management is not available' do
+      it { is_expected.not_to be_allowed(:read_design_activity) }
+
+      context 'even when there are projects in the group' do
+        before do
+          create_list(:project_group_link, 2, group: group)
+        end
+
+        it { is_expected.not_to be_allowed(:read_design_activity) }
+      end
+    end
+
+    context 'when design management is available globally' do
+      include DesignManagementTestHelpers
+
+      before do
+        enable_design_management
+      end
+
+      context 'the group has no projects' do
+        it { is_expected.not_to be_allowed(:read_design_activity) }
+      end
+
+      context 'the group has a project' do
+        let(:project) { create(:project, :public) }
+
+        before do
+          create(:project_group_link, project: project, group: group)
+        end
+
+        it { is_expected.to be_allowed(:read_design_activity) }
+
+        context 'which does not have design management enabled' do
+          before do
+            project.update(lfs_enabled: false)
+          end
+
+          it { is_expected.not_to be_allowed(:read_design_activity) }
+
+          context 'but another project does' do
+            before do
+              create(:project_group_link, project: create(:project, :public), group: group)
+            end
+
+            it { is_expected.to be_allowed(:read_design_activity) }
+          end
+        end
+      end
+    end
+  end
 end
diff --git a/spec/policies/identity_provider_policy_spec.rb b/spec/policies/identity_provider_policy_spec.rb
index 52b6d2c89ba..f6b4e15cff9 100644
--- a/spec/policies/identity_provider_policy_spec.rb
+++ b/spec/policies/identity_provider_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe IdentityProviderPolicy do
+RSpec.describe IdentityProviderPolicy do
   subject(:policy) { described_class.new(user, provider) }
 
   let(:user) { User.new }
diff --git a/spec/policies/issuable_policy_spec.rb b/spec/policies/issuable_policy_spec.rb
index 18e35308ecd..20eb09e11c9 100644
--- a/spec/policies/issuable_policy_spec.rb
+++ b/spec/policies/issuable_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe IssuablePolicy, models: true do
+RSpec.describe IssuablePolicy, models: true do
   let(:user) { create(:user) }
   let(:project) { create(:project, :public) }
   let(:issue) { create(:issue, project: project) }
diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb
index 9d52079e4be..b3ca37b17c2 100644
--- a/spec/policies/issue_policy_spec.rb
+++ b/spec/policies/issue_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe IssuePolicy do
+RSpec.describe IssuePolicy do
   include ExternalAuthorizationServiceHelpers
 
   let(:guest) { create(:user) }
diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb
index 31ced5db953..2f3cb2e998a 100644
--- a/spec/policies/merge_request_policy_spec.rb
+++ b/spec/policies/merge_request_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe MergeRequestPolicy do
+RSpec.describe MergeRequestPolicy do
   include ExternalAuthorizationServiceHelpers
 
   let(:guest) { create(:user) }
@@ -24,6 +24,7 @@ describe MergeRequestPolicy do
   mr_perms = %i[create_merge_request_in
                 create_merge_request_from
                 read_merge_request
+                approve_merge_request
                 create_note].freeze
 
   shared_examples_for 'a denied user' do
diff --git a/spec/policies/metrics/dashboard/annotation_policy_spec.rb b/spec/policies/metrics/dashboard/annotation_policy_spec.rb
index 4dc5f4cd0b4..0c59b39ae3e 100644
--- a/spec/policies/metrics/dashboard/annotation_policy_spec.rb
+++ b/spec/policies/metrics/dashboard/annotation_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Metrics::Dashboard::AnnotationPolicy, :models do
+RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do
   shared_examples 'metrics dashboard annotation policy' do
     context 'when guest' do
       before do
diff --git a/spec/policies/namespace/root_storage_statistics_policy_spec.rb b/spec/policies/namespace/root_storage_statistics_policy_spec.rb
index 8d53050fffb..e6b58bca4a8 100644
--- a/spec/policies/namespace/root_storage_statistics_policy_spec.rb
+++ b/spec/policies/namespace/root_storage_statistics_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Namespace::RootStorageStatisticsPolicy do
+RSpec.describe Namespace::RootStorageStatisticsPolicy do
   using RSpec::Parameterized::TableSyntax
 
   describe '#rules' do
diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespace_policy_spec.rb
index 01162dc0fc4..f2f411e48d6 100644
--- a/spec/policies/namespace_policy_spec.rb
+++ b/spec/policies/namespace_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe NamespacePolicy do
+RSpec.describe NamespacePolicy do
   let(:user) { create(:user) }
   let(:owner) { create(:user) }
   let(:admin) { create(:admin) }
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb
index 1e3bd0d9147..a4cc3a1e9af 100644
--- a/spec/policies/note_policy_spec.rb
+++ b/spec/policies/note_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe NotePolicy do
+RSpec.describe NotePolicy do
   describe '#rules' do
     let(:user) { create(:user) }
     let(:project) { create(:project, :public) }
diff --git a/spec/policies/packages/package_policy_spec.rb b/spec/policies/packages/package_policy_spec.rb
new file mode 100644
index 00000000000..13935974b44
--- /dev/null
+++ b/spec/policies/packages/package_policy_spec.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Packages::PackagePolicy do
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project) { create(:project) }
+  let_it_be(:package) { create(:package, project: project) }
+
+  subject(:policy) { described_class.new(user, package) }
+
+  context 'when the user is part of the project' do
+    before do
+      project.add_reporter(user)
+    end
+
+    it 'allows read_package' do
+      expect(policy).to be_allowed(:read_package)
+    end
+  end
+
+  context 'when the user is not part of the project' do
+    it 'disallows read_package for any Package' do
+      expect(policy).to be_disallowed(:read_package)
+    end
+  end
+end
diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb
index 5fc48717d86..d546805ce01 100644
--- a/spec/policies/personal_snippet_policy_spec.rb
+++ b/spec/policies/personal_snippet_policy_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 # Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb
-describe PersonalSnippetPolicy do
+RSpec.describe PersonalSnippetPolicy do
   let(:regular_user) { create(:user) }
   let(:external_user) { create(:user, :external) }
   let(:admin_user) { create(:user, :admin) }
diff --git a/spec/policies/project_member_policy_spec.rb b/spec/policies/project_member_policy_spec.rb
new file mode 100644
index 00000000000..ab8f8b83e7f
--- /dev/null
+++ b/spec/policies/project_member_policy_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ProjectMemberPolicy do
+  let(:project) { create(:project) }
+  let(:maintainer_user) { create(:user) }
+  let(:member) { create(:project_member, project: project, user: member_user) }
+
+  subject { described_class.new(maintainer_user, member) }
+
+  before do
+    create(:project_member, :maintainer, project: project, user: maintainer_user)
+  end
+
+  context 'with regular member' do
+    let(:member_user) { create(:user) }
+
+    it { is_expected.to be_allowed(:update_project_member) }
+    it { is_expected.to be_allowed(:destroy_project_member) }
+
+    it { is_expected.not_to be_allowed(:destroy_project_bot_member) }
+  end
+
+  context 'with a bot member' do
+    let(:member_user) { create(:user, :project_bot) }
+
+    it { is_expected.to be_allowed(:destroy_project_bot_member) }
+
+    it { is_expected.not_to be_allowed(:update_project_member) }
+    it { is_expected.not_to be_allowed(:destroy_project_member) }
+  end
+end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 6ec63ba61ca..dc6ed94309b 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe ProjectPolicy do
+RSpec.describe ProjectPolicy do
   include ExternalAuthorizationServiceHelpers
   include_context 'ProjectPolicy context'
   let_it_be(:other_user) { create(:user) }
@@ -30,7 +30,7 @@ describe ProjectPolicy do
       admin_issue admin_label admin_list read_commit_status read_build
       read_container_image read_pipeline read_environment read_deployment
       read_merge_request download_wiki_code read_sentry_issue read_metrics_dashboard_annotation
-      metrics_dashboard
+      metrics_dashboard read_confidential_issues
     ]
   end
 
@@ -46,6 +46,7 @@ describe ProjectPolicy do
       resolve_note create_container_image update_container_image destroy_container_image daily_statistics
       create_environment update_environment create_deployment update_deployment create_release update_release
       create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation
+      read_terraform_state
     ]
   end
 
@@ -496,6 +497,33 @@ describe ProjectPolicy do
     end
   end
 
+  context 'support bot' do
+    let(:current_user) { User.support_bot }
+
+    subject { described_class.new(current_user, project) }
+
+    context 'with service desk disabled' do
+      it { expect_allowed(:guest_access) }
+      it { expect_disallowed(:create_note, :read_project) }
+    end
+
+    context 'with service desk enabled' do
+      before do
+        allow(project).to receive(:service_desk_enabled?).and_return(true)
+      end
+
+      it { expect_allowed(:reporter_access, :create_note, :read_issue) }
+
+      context 'when issues are protected members only' do
+        before do
+          project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
+        end
+
+        it { expect_allowed(:reporter_access, :create_note, :read_issue) }
+      end
+    end
+  end
+
   describe 'read_prometheus_alerts' do
     subject { described_class.new(current_user, project) }
 
@@ -855,6 +883,28 @@ describe ProjectPolicy do
     end
   end
 
+  describe 'design permissions' do
+    subject { described_class.new(guest, project) }
+
+    let(:design_permissions) do
+      %i[read_design_activity read_design]
+    end
+
+    context 'when design management is not available' do
+      it { is_expected.not_to be_allowed(*design_permissions) }
+    end
+
+    context 'when design management is available' do
+      include DesignManagementTestHelpers
+
+      before do
+        enable_design_management
+      end
+
+      it { is_expected.to be_allowed(*design_permissions) }
+    end
+  end
+
   describe 'read_build_report_results' do
     subject { described_class.new(guest, project) }
 
@@ -892,4 +942,64 @@ describe ProjectPolicy do
       it { is_expected.to be_disallowed(:read_build_report_results) }
     end
   end
+
+  describe 'read_package' do
+    subject { described_class.new(current_user, project) }
+
+    context 'with admin' do
+      let(:current_user) { admin }
+
+      it { is_expected.to be_allowed(:read_package) }
+
+      context 'when repository is disabled' do
+        before do
+          project.project_feature.update(repository_access_level: ProjectFeature::DISABLED)
+        end
+
+        it { is_expected.to be_disallowed(:read_package) }
+      end
+    end
+
+    context 'with owner' do
+      let(:current_user) { owner }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+
+    context 'with maintainer' do
+      let(:current_user) { maintainer }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+
+    context 'with developer' do
+      let(:current_user) { developer }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+
+    context 'with reporter' do
+      let(:current_user) { reporter }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+
+    context 'with guest' do
+      let(:current_user) { guest }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+
+    context 'with non member' do
+      let(:current_user) { create(:user) }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+
+    context 'with anonymous' do
+      let(:current_user) { nil }
+
+      it { is_expected.to be_allowed(:read_package) }
+    end
+  end
 end
diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb
index 3864666f587..bdf9eaedbf1 100644
--- a/spec/policies/project_snippet_policy_spec.rb
+++ b/spec/policies/project_snippet_policy_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 # Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb
-describe ProjectSnippetPolicy do
+RSpec.describe ProjectSnippetPolicy do
   let_it_be(:regular_user) { create(:user) }
   let_it_be(:other_user) { create(:user) }
   let_it_be(:external_user) { create(:user, :external) }
diff --git a/spec/policies/project_statistics_policy_spec.rb b/spec/policies/project_statistics_policy_spec.rb
index 50dfbf7291b..74630dc38ad 100644
--- a/spec/policies/project_statistics_policy_spec.rb
+++ b/spec/policies/project_statistics_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe ProjectStatisticsPolicy do
+RSpec.describe ProjectStatisticsPolicy do
   using RSpec::Parameterized::TableSyntax
 
   describe '#rules' do
diff --git a/spec/policies/protected_branch_policy_spec.rb b/spec/policies/protected_branch_policy_spec.rb
index ea7fd093e38..bb6dbff18a0 100644
--- a/spec/policies/protected_branch_policy_spec.rb
+++ b/spec/policies/protected_branch_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe ProtectedBranchPolicy do
+RSpec.describe ProtectedBranchPolicy do
   let(:user) { create(:user) }
   let(:name) { 'feature' }
   let(:protected_branch) { create(:protected_branch, name: name) }
diff --git a/spec/policies/releases/source_policy_spec.rb b/spec/policies/releases/source_policy_spec.rb
deleted file mode 100644
index 1bc6d5415d3..00000000000
--- a/spec/policies/releases/source_policy_spec.rb
+++ /dev/null
@@ -1,88 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Releases::SourcePolicy do
-  using RSpec::Parameterized::TableSyntax
-
-  let(:policy) { described_class.new(user, source) }
-
-  let_it_be(:public_user) { create(:user) }
-  let_it_be(:guest) { create(:user) }
-  let_it_be(:reporter) { create(:user) }
-
-  let(:release) { create(:release, project: project) }
-  let(:source) { release.sources.first }
-
-  shared_examples 'source code access' do
-    it "allows access a release's source code" do
-      expect(policy).to be_allowed(:read_release_sources)
-    end
-  end
-
-  shared_examples 'no source code access' do
-    it "does not allow access a release's source code" do
-      expect(policy).to be_disallowed(:read_release_sources)
-    end
-  end
-
-  context 'a private project' do
-    let_it_be(:project) { create(:project, :private) }
-
-    context 'accessed by a public user' do
-      let(:user) { public_user }
-
-      it_behaves_like 'no source code access'
-    end
-
-    context 'accessed by a user with Guest permissions' do
-      let(:user) { guest }
-
-      before do
-        project.add_guest(user)
-      end
-
-      it_behaves_like 'no source code access'
-    end
-
-    context 'accessed by a user with Reporter permissions' do
-      let(:user) { reporter }
-
-      before do
-        project.add_reporter(user)
-      end
-
-      it_behaves_like 'source code access'
-    end
-  end
-
-  context 'a public project' do
-    let_it_be(:project) { create(:project, :public) }
-
-    context 'accessed by a public user' do
-      let(:user) { public_user }
-
-      it_behaves_like 'source code access'
-    end
-
-    context 'accessed by a user with Guest permissions' do
-      let(:user) { guest }
-
-      before do
-        project.add_guest(user)
-      end
-
-      it_behaves_like 'source code access'
-    end
-
-    context 'accessed by a user with Reporter permissions' do
-      let(:user) { reporter }
-
-      before do
-        project.add_reporter(user)
-      end
-
-      it_behaves_like 'source code access'
-    end
-  end
-end
diff --git a/spec/policies/resource_label_event_policy_spec.rb b/spec/policies/resource_label_event_policy_spec.rb
index 4db2390c818..eff2b0e1af5 100644
--- a/spec/policies/resource_label_event_policy_spec.rb
+++ b/spec/policies/resource_label_event_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe ResourceLabelEventPolicy do
+RSpec.describe ResourceLabelEventPolicy do
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project, :private) }
   let_it_be(:issue) { create(:issue, project: project) }
diff --git a/spec/policies/todo_policy_spec.rb b/spec/policies/todo_policy_spec.rb
index be6fecd1045..b4876baa504 100644
--- a/spec/policies/todo_policy_spec.rb
+++ b/spec/policies/todo_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe TodoPolicy do
+RSpec.describe TodoPolicy do
   let_it_be(:author) { create(:user) }
 
   let_it_be(:user1) { create(:user) }
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
index 63c4bd05836..1cc3581ebdd 100644
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe UserPolicy do
+RSpec.describe UserPolicy do
   let(:current_user) { create(:user) }
   let(:user) { create(:user) }
 
diff --git a/spec/policies/wiki_page_policy_spec.rb b/spec/policies/wiki_page_policy_spec.rb
index 0dedccb6e88..093db9f8374 100644
--- a/spec/policies/wiki_page_policy_spec.rb
+++ b/spec/policies/wiki_page_policy_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe WikiPagePolicy, :enable_admin_mode do
+RSpec.describe WikiPagePolicy, :enable_admin_mode do
   include_context 'ProjectPolicyTable context'
   include ProjectHelpers
   using RSpec::Parameterized::TableSyntax
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 12:26:25 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-20 12:26:25 +0000
commit	a09983ae35713f5a2bbb100981116d31ce99826e (patch)
tree	2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/policies
parent	18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff)
download	gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz