Add latest changes from gitlab-org/gitlab@master

1 files changed, 88 insertions, 0 deletions

diff --git a/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb
new file mode 100644
index 00000000000..1bcebe2e2ac
--- /dev/null
+++ b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb
@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Clusters::Management::ValidateManagementProjectPermissionsService do
+  describe '#execute' do
+    subject { described_class.new(user).execute(cluster, management_project_id) }
+
+    let(:cluster) { build(:cluster, :project, projects: [create(:project)]) }
+    let(:user) { create(:user) }
+
+    context 'when management_project_id is nil' do
+      let(:management_project_id) { nil }
+
+      it { is_expected.to be true }
+    end
+
+    context 'when management_project_id is not nil' do
+      let(:management_project_id) { management_project.id }
+      let(:management_project_namespace) { create(:group) }
+      let(:management_project) { create(:project, namespace: management_project_namespace) }
+
+      context 'when management_project does not exist' do
+        let(:management_project_id) { 0 }
+
+        it 'adds errors to the cluster and returns false' do
+          is_expected.to eq false
+
+          expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+        end
+      end
+
+      shared_examples 'management project is in scope' do
+        context 'when user is authorized to administer manangement_project' do
+          before do
+            management_project.add_maintainer(user)
+          end
+
+          it 'adds no error and returns true' do
+            is_expected.to eq true
+
+            expect(cluster.errors).to be_empty
+          end
+        end
+
+        context 'when user is not authorized to adminster manangement_project' do
+          it 'adds an error and returns false' do
+            is_expected.to eq false
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+          end
+        end
+      end
+
+      shared_examples 'management project is out of scope' do
+        context 'when manangement_project is outside of the namespace scope' do
+          let(:management_project_namespace) { create(:group) }
+
+          it 'adds an error and returns false' do
+            is_expected.to eq false
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+          end
+        end
+      end
+
+      context 'project cluster' do
+        let(:cluster) { build(:cluster, :project, projects: [create(:project, namespace: management_project_namespace)]) }
+
+        include_examples 'management project is in scope'
+        include_examples 'management project is out of scope'
+      end
+
+      context 'group cluster' do
+        let(:cluster) { build(:cluster, :group, groups: [management_project_namespace]) }
+
+        include_examples 'management project is in scope'
+        include_examples 'management project is out of scope'
+      end
+
+      context 'instance cluster' do
+        let(:cluster) { build(:cluster, :instance) }
+
+        include_examples 'management project is in scope'
+      end
+    end
+  end
+end