diff options
| author | Jan Beckmann <king-jan1999@hotmail.de> | 2019-03-08 08:34:20 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2019-03-08 08:34:20 +0000 |
| commit | eba4b9404f152f6ad8c4be62116cbe5fd0662b0d (patch) | |
| tree | e2dd3ecdbf30d35eed819b5a6f71cd40f152b9d5 /spec/policies | |
| parent | 6648188121ba8c044f104ff491a3b20a53167c64 (diff) | |
| download | gitlab-ce-eba4b9404f152f6ad8c4be62116cbe5fd0662b0d.tar.gz | |
Disallow reopening of locked merge requests
Fixes #56864
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/issuable_policy_spec.rb | 6 | ||||
| -rw-r--r-- | spec/policies/merge_request_policy_spec.rb | 50 |
2 files changed, 53 insertions, 3 deletions
diff --git a/spec/policies/issuable_policy_spec.rb b/spec/policies/issuable_policy_spec.rb index db3df760472..6d34b0a8b4b 100644 --- a/spec/policies/issuable_policy_spec.rb +++ b/spec/policies/issuable_policy_spec.rb @@ -13,7 +13,7 @@ describe IssuablePolicy, models: true do context 'when user is able to read project' do it 'enables user to read and update issuables' do - expect(policies).to be_allowed(:read_issue, :update_issue, :reopen_issue, :read_merge_request, :update_merge_request) + expect(policies).to be_allowed(:read_issue, :update_issue, :reopen_issue, :read_merge_request, :update_merge_request, :reopen_merge_request) end end @@ -24,12 +24,12 @@ describe IssuablePolicy, models: true do it 'enables user to read and update issuables' do project.add_maintainer(user) - expect(policies).to be_allowed(:read_issue, :update_issue, :reopen_issue, :read_merge_request, :update_merge_request) + expect(policies).to be_allowed(:read_issue, :update_issue, :reopen_issue, :read_merge_request, :update_merge_request, :reopen_merge_request) end end it 'disallows user from reading and updating issuables from that project' do - expect(policies).to be_disallowed(:read_issue, :update_issue, :reopen_issue, :read_merge_request, :update_merge_request) + expect(policies).to be_disallowed(:read_issue, :update_issue, :reopen_issue, :read_merge_request, :update_merge_request, :reopen_merge_request) end end end diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb new file mode 100644 index 00000000000..1efa70addc2 --- /dev/null +++ b/spec/policies/merge_request_policy_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper' + +describe MergeRequestPolicy do + let(:guest) { create(:user) } + let(:author) { create(:user) } + let(:developer) { create(:user) } + let(:project) { create(:project, :public) } + + def permissions(user, merge_request) + described_class.new(user, merge_request) + end + + before do + project.add_guest(guest) + project.add_guest(author) + project.add_developer(developer) + end + + context 'when merge request is unlocked' do + let(:merge_request) { create(:merge_request, :closed, source_project: project, target_project: project, author: author) } + + it 'allows author to reopen merge request' do + expect(permissions(author, merge_request)).to be_allowed(:reopen_merge_request) + end + + it 'allows developer to reopen merge request' do + expect(permissions(developer, merge_request)).to be_allowed(:reopen_merge_request) + end + + it 'prevents guest from reopening merge request' do + expect(permissions(guest, merge_request)).to be_disallowed(:reopen_merge_request) + end + end + + context 'when merge request is locked' do + let(:merge_request_locked) { create(:merge_request, :closed, discussion_locked: true, source_project: project, target_project: project, author: author) } + + it 'prevents author from reopening merge request' do + expect(permissions(author, merge_request_locked)).to be_disallowed(:reopen_merge_request) + end + + it 'prevents developer from reopening merge request' do + expect(permissions(developer, merge_request_locked)).to be_disallowed(:reopen_merge_request) + end + + it 'prevents guests from reopening merge request' do + expect(permissions(guest, merge_request_locked)).to be_disallowed(:reopen_merge_request) + end + end +end |