diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-19 12:08:42 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-19 12:08:42 +0000 |
| commit | 0eea37aefa31ed22e32eadbe6164dd92e3c64ec2 (patch) | |
| tree | e1ec47e8160c6c36a8ae08ba1d39902be068ef05 /spec/policies | |
| parent | 3fbfc0075a306ad85c70c006b978a2e96bd4283a (diff) | |
| download | gitlab-ce-0eea37aefa31ed22e32eadbe6164dd92e3c64ec2.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index ca4ca2eb7a0..ce97fc0c77e 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -433,6 +433,80 @@ RSpec.describe ProjectPolicy do end end + context 'owner access' do + let!(:owner_user) { create(:user) } + let!(:owner_of_different_thing) { create(:user) } + let(:stranger) { create(:user) } + + shared_examples 'owner access for personal and group projects' do + before do + stub_feature_flags(faster_owner_access: faster_owner_access_enabled) + end + + context 'personal project' do + let!(:project) { create(:project) } + let!(:project2) { create(:project) } + + before do + project.add_guest(guest) + project.add_reporter(reporter) + project.add_developer(developer) + project.add_maintainer(maintainer) + project2.add_owner(owner_of_different_thing) + end + + it 'allows owner access', :aggregate_failures do + expect(described_class.new(owner_of_different_thing, project)).to be_disallowed(:owner_access) + expect(described_class.new(stranger, project)).to be_disallowed(:owner_access) + expect(described_class.new(guest, project)).to be_disallowed(:owner_access) + expect(described_class.new(reporter, project)).to be_disallowed(:owner_access) + expect(described_class.new(developer, project)).to be_disallowed(:owner_access) + expect(described_class.new(maintainer, project)).to be_disallowed(:owner_access) + expect(described_class.new(project.owner, project)).to be_allowed(:owner_access) + end + end + + context 'group project' do + let(:group) { create(:group) } + let!(:group2) { create(:group) } + let!(:project) { create(:project, group: group) } + + context 'group members' do + before do + group.add_guest(guest) + group.add_reporter(reporter) + group.add_developer(developer) + group.add_maintainer(maintainer) + group.add_owner(owner_user) + group2.add_owner(owner_of_different_thing) + end + + it 'allows owner access', :aggregate_failures do + expect(described_class.new(owner_of_different_thing, project)).to be_disallowed(:owner_access) + expect(described_class.new(stranger, project)).to be_disallowed(:owner_access) + expect(described_class.new(guest, project)).to be_disallowed(:owner_access) + expect(described_class.new(reporter, project)).to be_disallowed(:owner_access) + expect(described_class.new(developer, project)).to be_disallowed(:owner_access) + expect(described_class.new(maintainer, project)).to be_disallowed(:owner_access) + expect(described_class.new(owner_user, project)).to be_allowed(:owner_access) + end + end + end + end + + context 'when faster_owner_access feature is enabled' do + let(:faster_owner_access_enabled) { true } + + it_behaves_like 'owner access for personal and group projects' + end + + context 'when faster_owner_access feature is not enabled' do + let(:faster_owner_access_enabled) { false } + + it_behaves_like 'owner access for personal and group projects' + end + end + context 'reading a project' do it 'allows access when a user has read access to the repo' do expect(described_class.new(owner, project)).to be_allowed(:read_project) |