diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-18 10:34:06 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-18 10:34:06 +0000 |
| commit | 859a6fb938bb9ee2a317c46dfa4fcc1af49608f0 (patch) | |
| tree | d7f2700abe6b4ffcb2dcfc80631b2d87d0609239 /spec/policies | |
| parent | 446d496a6d000c73a304be52587cd9bbc7493136 (diff) | |
| download | gitlab-ce-859a6fb938bb9ee2a317c46dfa4fcc1af49608f0.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-9-stable-eev13.9.0-rc42
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 8bd4a463f87..6ba3ab6aace 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -468,6 +468,49 @@ RSpec.describe ProjectPolicy do end end + context "project bots" do + let(:project_bot) { create(:user, :project_bot) } + let(:user) { create(:user) } + + context "project_bot_access" do + context "when regular user and part of the project" do + let(:current_user) { user } + + before do + project.add_developer(user) + end + + it { is_expected.not_to be_allowed(:project_bot_access)} + end + + context "when project bot and not part of the project" do + let(:current_user) { project_bot } + + it { is_expected.not_to be_allowed(:project_bot_access)} + end + + context "when project bot and part of the project" do + let(:current_user) { project_bot } + + before do + project.add_developer(project_bot) + end + + it { is_expected.to be_allowed(:project_bot_access)} + end + end + + context 'with resource access tokens' do + let(:current_user) { project_bot } + + before do + project.add_maintainer(project_bot) + end + + it { is_expected.not_to be_allowed(:admin_resource_access_tokens)} + end + end + describe 'read_prometheus_alerts' do context 'with admin' do let(:current_user) { admin } @@ -822,6 +865,28 @@ RSpec.describe ProjectPolicy do end end + context 'security configuration feature' do + %w(guest reporter).each do |role| + context role do + let(:current_user) { send(role) } + + it 'prevents reading security configuration' do + expect_disallowed(:read_security_configuration) + end + end + end + + %w(developer maintainer owner).each do |role| + context role do + let(:current_user) { send(role) } + + it 'allows reading security configuration' do + expect_allowed(:read_security_configuration) + end + end + end + end + describe 'design permissions' do let(:current_user) { guest } |