summaryrefslogtreecommitdiff
path: root/spec/services
diff options
context:
space:
mode:
authorImre Farkas <ifarkas@gitlab.com>2019-04-09 15:38:58 +0000
committerAndreas Brandl <abrandl@gitlab.com>2019-04-09 15:38:58 +0000
commit9bc5ed14fe97fe63cd5be30c013c6af978715621 (patch)
tree74e1548a29b4683e94720b346a4fc41a068b2583 /spec/services
parenta6218f1bcd78f656d57330e764d3f98e1fb1f3f3 (diff)
downloadgitlab-ce-9bc5ed14fe97fe63cd5be30c013c6af978715621.tar.gz
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
Diffstat (limited to 'spec/services')
-rw-r--r--spec/services/application_settings/update_service_spec.rb35
-rw-r--r--spec/services/notification_service_spec.rb41
-rw-r--r--spec/services/projects/create_service_spec.rb37
-rw-r--r--spec/services/projects/update_service_spec.rb41
4 files changed, 154 insertions, 0 deletions
diff --git a/spec/services/application_settings/update_service_spec.rb b/spec/services/application_settings/update_service_spec.rb
index a4a733eff77..258e5635113 100644
--- a/spec/services/application_settings/update_service_spec.rb
+++ b/spec/services/application_settings/update_service_spec.rb
@@ -1,6 +1,8 @@
require 'spec_helper'
describe ApplicationSettings::UpdateService do
+ include ExternalAuthorizationServiceHelpers
+
let(:application_settings) { create(:application_setting) }
let(:admin) { create(:user, :admin) }
let(:params) { {} }
@@ -143,4 +145,37 @@ describe ApplicationSettings::UpdateService do
end
end
end
+
+ context 'when external authorization is enabled' do
+ before do
+ enable_external_authorization_service_check
+ end
+
+ it 'does not save the settings with an error if the service denies access' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(admin, 'new-label') { false }
+
+ described_class.new(application_settings, admin, { external_authorization_service_default_label: 'new-label' }).execute
+
+ expect(application_settings.errors[:external_authorization_service_default_label]).to be_present
+ end
+
+ it 'saves the setting when the user has access to the label' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(admin, 'new-label') { true }
+
+ described_class.new(application_settings, admin, { external_authorization_service_default_label: 'new-label' }).execute
+
+ # Read the attribute directly to avoid the stub from
+ # `enable_external_authorization_service_check`
+ expect(application_settings[:external_authorization_service_default_label]).to eq('new-label')
+ end
+
+ it 'does not validate the label if it was not passed' do
+ expect(::Gitlab::ExternalAuthorization)
+ .not_to receive(:access_allowed?)
+
+ described_class.new(application_settings, admin, { home_page_url: 'http://foo.bar' }).execute
+ end
+ end
end
diff --git a/spec/services/notification_service_spec.rb b/spec/services/notification_service_spec.rb
index 14c73852e65..ac4aabf3fbd 100644
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
@@ -2,6 +2,7 @@ require 'spec_helper'
describe NotificationService, :mailer do
include EmailSpec::Matchers
+ include ExternalAuthorizationServiceHelpers
include NotificationHelpers
let(:notification) { described_class.new }
@@ -2218,6 +2219,46 @@ describe NotificationService, :mailer do
end
end
+ context 'with external authorization service' do
+ let(:issue) { create(:issue) }
+ let(:project) { issue.project }
+ let(:note) { create(:note, noteable: issue, project: project) }
+ let(:member) { create(:user) }
+
+ subject { NotificationService.new }
+
+ before do
+ project.add_maintainer(member)
+ member.global_notification_setting.update!(level: :watch)
+ end
+
+ it 'sends email when the service is not enabled' do
+ expect(Notify).to receive(:new_issue_email).at_least(:once).with(member.id, issue.id, nil).and_call_original
+
+ subject.new_issue(issue, member)
+ end
+
+ context 'when the service is enabled' do
+ before do
+ enable_external_authorization_service_check
+ end
+
+ it 'does not send an email' do
+ expect(Notify).not_to receive(:new_issue_email)
+
+ subject.new_issue(issue, member)
+ end
+
+ it 'still delivers email to admins' do
+ member.update!(admin: true)
+
+ expect(Notify).to receive(:new_issue_email).at_least(:once).with(member.id, issue.id, nil).and_call_original
+
+ subject.new_issue(issue, member)
+ end
+ end
+ end
+
def build_team(project)
@u_watcher = create_global_setting_for(create(:user), :watch)
@u_participating = create_global_setting_for(create(:user), :participating)
diff --git a/spec/services/projects/create_service_spec.rb b/spec/services/projects/create_service_spec.rb
index e8418b09dc2..e1ec932918e 100644
--- a/spec/services/projects/create_service_spec.rb
+++ b/spec/services/projects/create_service_spec.rb
@@ -1,6 +1,7 @@
require 'spec_helper'
describe Projects::CreateService, '#execute' do
+ include ExternalAuthorizationServiceHelpers
include GitHelpers
let(:gitlab_shell) { Gitlab::Shell.new }
@@ -344,6 +345,42 @@ describe Projects::CreateService, '#execute' do
expect(rugged.config['gitlab.fullpath']).to eq project.full_path
end
+ context 'with external authorization enabled' do
+ before do
+ enable_external_authorization_service_check
+ end
+
+ it 'does not save the project with an error if the service denies access' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(user, 'new-label', any_args) { false }
+
+ project = create_project(user, opts.merge({ external_authorization_classification_label: 'new-label' }))
+
+ expect(project.errors[:external_authorization_classification_label]).to be_present
+ expect(project).not_to be_persisted
+ end
+
+ it 'saves the project when the user has access to the label' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(user, 'new-label', any_args) { true }
+
+ project = create_project(user, opts.merge({ external_authorization_classification_label: 'new-label' }))
+
+ expect(project).to be_persisted
+ expect(project.external_authorization_classification_label).to eq('new-label')
+ end
+
+ it 'does not save the project when the user has no access to the default label and no label is provided' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(user, 'default_label', any_args) { false }
+
+ project = create_project(user, opts)
+
+ expect(project.errors[:external_authorization_classification_label]).to be_present
+ expect(project).not_to be_persisted
+ end
+ end
+
def create_project(user, opts)
Projects::CreateService.new(user, opts).execute
end
diff --git a/spec/services/projects/update_service_spec.rb b/spec/services/projects/update_service_spec.rb
index 90eaea9c872..95eb17b5e3a 100644
--- a/spec/services/projects/update_service_spec.rb
+++ b/spec/services/projects/update_service_spec.rb
@@ -1,6 +1,7 @@
require 'spec_helper'
describe Projects::UpdateService do
+ include ExternalAuthorizationServiceHelpers
include ProjectForksHelper
let(:user) { create(:user) }
@@ -361,6 +362,46 @@ describe Projects::UpdateService do
call_service
end
end
+
+ context 'with external authorization enabled' do
+ before do
+ enable_external_authorization_service_check
+ end
+
+ it 'does not save the project with an error if the service denies access' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(user, 'new-label') { false }
+
+ result = update_project(project, user, { external_authorization_classification_label: 'new-label' })
+
+ expect(result[:message]).to be_present
+ expect(result[:status]).to eq(:error)
+ end
+
+ it 'saves the new label if the service allows access' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(user, 'new-label') { true }
+
+ result = update_project(project, user, { external_authorization_classification_label: 'new-label' })
+
+ expect(result[:status]).to eq(:success)
+ expect(project.reload.external_authorization_classification_label).to eq('new-label')
+ end
+
+ it 'checks the default label when the classification label was cleared' do
+ expect(::Gitlab::ExternalAuthorization)
+ .to receive(:access_allowed?).with(user, 'default_label') { true }
+
+ update_project(project, user, { external_authorization_classification_label: '' })
+ end
+
+ it 'does not check the label when it does not change' do
+ expect(::Gitlab::ExternalAuthorization)
+ .not_to receive(:access_allowed?)
+
+ update_project(project, user, { name: 'New name' })
+ end
+ end
end
describe '#run_auto_devops_pipeline?' do