Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-13 15:09:20 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-13 15:09:20 +0000
commit: b77fb04678a4e76d025048e9846adc2ac709414a (patch)
tree: c65f719e326e1d33d313b5e9d8b3f72366ad7bd2 /spec/support
parent: 75ee59f7a108cf0c57e1e66e3ef5e439bae24fcd (diff)
download: gitlab-ce-b77fb04678a4e76d025048e9846adc2ac709414a.tar.gz
2 files changed, 156 insertions, 3 deletions
diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb
index 4f81a71f586..c2797c49c02 100644
--- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb
+++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb
@@ -14,16 +14,17 @@ RSpec.shared_context 'GroupPolicy context' do
     %i[
       read_label read_group upload_file read_namespace read_group_activity
       read_group_issues read_group_boards read_group_labels read_group_milestones
-      read_group_merge_requests
+      read_group_merge_requests read_wiki
    ]
   end
   let(:read_group_permissions) { %i[read_label read_list read_milestone read_board] }
-  let(:reporter_permissions) { %i[admin_label read_container_image read_metrics_dashboard_annotation] }
-  let(:developer_permissions) { %i[admin_milestone create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation] }
+  let(:reporter_permissions) { %i[admin_label read_container_image read_metrics_dashboard_annotation download_wiki_code] }
+  let(:developer_permissions) { %i[admin_milestone create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation create_wiki] }
   let(:maintainer_permissions) do
     %i[
       create_projects
       read_cluster create_cluster update_cluster admin_cluster add_cluster
+      admin_wiki
     ]
   end
   let(:owner_permissions) do
diff --git a/spec/support/shared_examples/policies/wiki_policies_shared_examples.rb b/spec/support/shared_examples/policies/wiki_policies_shared_examples.rb
new file mode 100644
index 00000000000..b91500ffd9c
--- /dev/null
+++ b/spec/support/shared_examples/policies/wiki_policies_shared_examples.rb
@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'model with wiki policies' do
+  let(:container) { raise NotImplementedError }
+  let(:permissions) { %i(read_wiki create_wiki update_wiki admin_wiki download_wiki_code) }
+
+  # TODO: Remove this helper once we implement group features
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/208412
+  def set_access_level(access_level)
+    raise NotImplementedError
+  end
+
+  subject { described_class.new(owner, container) }
+
+  context 'when the feature is disabled' do
+    before do
+      set_access_level(ProjectFeature::DISABLED)
+    end
+
+    it 'does not include the wiki permissions' do
+      expect_disallowed(*permissions)
+    end
+
+    context 'when there is an external wiki' do
+      it 'does not include the wiki permissions' do
+        allow(container).to receive(:has_external_wiki?).and_return(true)
+
+        expect_disallowed(*permissions)
+      end
+    end
+  end
+
+  describe 'read_wiki' do
+    subject { described_class.new(user, container) }
+
+    member_roles = %i[guest developer]
+    stranger_roles = %i[anonymous non_member]
+
+    user_roles = stranger_roles + member_roles
+
+    # When a user is anonymous, their `current_user == nil`
+    let(:user) { create(:user) unless user_role == :anonymous }
+
+    before do
+      container.visibility = container_visibility
+      set_access_level(wiki_access_level)
+      container.add_user(user, user_role) if member_roles.include?(user_role)
+    end
+
+    title = ->(container_visibility, wiki_access_level, user_role) do
+      [
+        "container is #{Gitlab::VisibilityLevel.level_name container_visibility}",
+        "wiki is #{ProjectFeature.str_from_access_level wiki_access_level}",
+        "user is #{user_role}"
+      ].join(', ')
+    end
+
+    describe 'Situations where :read_wiki is always false' do
+      where(case_names: title,
+            container_visibility: Gitlab::VisibilityLevel.options.values,
+            wiki_access_level: [ProjectFeature::DISABLED],
+            user_role: user_roles)
+
+      with_them do
+        it { is_expected.to be_disallowed(:read_wiki) }
+      end
+    end
+
+    describe 'Situations where :read_wiki is always true' do
+      where(case_names: title,
+            container_visibility: [Gitlab::VisibilityLevel::PUBLIC],
+            wiki_access_level: [ProjectFeature::ENABLED],
+            user_role: user_roles)
+
+      with_them do
+        it { is_expected.to be_allowed(:read_wiki) }
+      end
+    end
+
+    describe 'Situations where :read_wiki requires membership' do
+      context 'the wiki is private, and the user is a member' do
+        where(case_names: title,
+              container_visibility: [Gitlab::VisibilityLevel::PUBLIC,
+                                     Gitlab::VisibilityLevel::INTERNAL],
+              wiki_access_level: [ProjectFeature::PRIVATE],
+              user_role: member_roles)
+
+        with_them do
+          it { is_expected.to be_allowed(:read_wiki) }
+        end
+      end
+
+      context 'the wiki is private, and the user is not member' do
+        where(case_names: title,
+              container_visibility: [Gitlab::VisibilityLevel::PUBLIC,
+                                     Gitlab::VisibilityLevel::INTERNAL],
+              wiki_access_level: [ProjectFeature::PRIVATE],
+              user_role: stranger_roles)
+
+        with_them do
+          it { is_expected.to be_disallowed(:read_wiki) }
+        end
+      end
+
+      context 'the wiki is enabled, and the user is a member' do
+        where(case_names: title,
+              container_visibility: [Gitlab::VisibilityLevel::PRIVATE],
+              wiki_access_level: [ProjectFeature::ENABLED],
+              user_role: member_roles)
+
+        with_them do
+          it { is_expected.to be_allowed(:read_wiki) }
+        end
+      end
+
+      context 'the wiki is enabled, and the user is not a member' do
+        where(case_names: title,
+              container_visibility: [Gitlab::VisibilityLevel::PRIVATE],
+              wiki_access_level: [ProjectFeature::ENABLED],
+              user_role: stranger_roles)
+
+        with_them do
+          it { is_expected.to be_disallowed(:read_wiki) }
+        end
+      end
+    end
+
+    describe 'Situations where :read_wiki prohibits anonymous access' do
+      context 'the user is not anonymous' do
+        where(case_names: title,
+              container_visibility: [Gitlab::VisibilityLevel::INTERNAL],
+              wiki_access_level: [ProjectFeature::ENABLED, ProjectFeature::PUBLIC],
+              user_role: user_roles.reject { |u| u == :anonymous })
+
+        with_them do
+          it { is_expected.to be_allowed(:read_wiki) }
+        end
+      end
+
+      context 'the user is anonymous' do
+        where(case_names: title,
+              container_visibility: [Gitlab::VisibilityLevel::INTERNAL],
+              wiki_access_level: [ProjectFeature::ENABLED, ProjectFeature::PUBLIC],
+              user_role: %i[anonymous])
+
+        with_them do
+          it { is_expected.to be_disallowed(:read_wiki) }
+        end
+      end
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-13 15:09:20 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-13 15:09:20 +0000
commit	b77fb04678a4e76d025048e9846adc2ac709414a (patch)
tree	c65f719e326e1d33d313b5e9d8b3f72366ad7bd2 /spec/support
parent	75ee59f7a108cf0c57e1e66e3ef5e439bae24fcd (diff)
download	gitlab-ce-b77fb04678a4e76d025048e9846adc2ac709414a.tar.gz