Merge branch 'rs-security-spec-speed' into 'master'

Speed up security feature specs Before: `rspec spec/features/security/ 0.12s user 0.04s system 0% cpu 3:38.00 total` After: `rspec spec/features/security/ 0.12s user 0.04s system 0% cpu 1:40.58 total` The majority of the speed improvements is from two things: 1. Instead of using our standard `login_as` helper in the matchers, we take advantage of the `Warden::Test::Helpers` version of the method which bypasses the login form and logs the user in directly. We were essentially testing that filling out the login form works hundreds of times. 2. There were many tests that verified if a user of a certain access level (master, owner, reporter, guest) had access to a resource. Unfortunately we were creating every type of user for each test even though a test was only verifying one of them at a time. Now the tests only create the one user role they're testing. See merge request !1023
author: Douwe Maan <douwe@gitlab.com> 2015-07-22 09:22:43 +0000
committer: Douwe Maan <douwe@gitlab.com> 2015-07-22 09:22:43 +0000
commit: 546731244a80fb44a7b1792615f2ccda767ad947 (patch)
tree: 05eb1aa1c6bd0876a1781cff93ae737d3d21dda4 /spec
parent: 39dc39e33529ac3632e5d5a6fa06bf6908fb4fa4 (diff)
parent: b42422a7a97d376fb5f78e8dfa614857d6b8d1fa (diff)
download: gitlab-ce-546731244a80fb44a7b1792615f2ccda767ad947.tar.gz
15 files changed, 371 insertions, 425 deletions
diff --git a/spec/features/admin/security_spec.rb b/spec/features/security/admin_access_spec.rb
index 175fa9d4647..fe8cd7b7602 100644
--- a/spec/features/admin/security_spec.rb
+++ b/spec/features/security/admin_access_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe "Admin::Projects", feature: true  do
+  include AccessMatchers
+
   describe "GET /admin/projects" do
     subject { admin_namespaces_projects_path }
 
diff --git a/spec/features/security/dashboard_access_spec.rb b/spec/features/security/dashboard_access_spec.rb
index 67238e3ab76..c38cddbb904 100644
--- a/spec/features/security/dashboard_access_spec.rb
+++ b/spec/features/security/dashboard_access_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe "Dashboard access", feature: true  do
+  include AccessMatchers
+
   describe "GET /dashboard" do
     subject { dashboard_path }
 
diff --git a/spec/features/security/group/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb
deleted file mode 100644
index 63793149459..00000000000
--- a/spec/features/security/group/group_access_spec.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true  do
-  describe "GET /projects/new" do
-    it { expect(new_group_path).to be_allowed_for :admin }
-    it { expect(new_group_path).to be_allowed_for :user }
-    it { expect(new_group_path).to be_denied_for :visitor }
-  end
-
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/projects" do
-      subject { projects_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb
deleted file mode 100644
index d17a7412e43..00000000000
--- a/spec/features/security/group/internal_group_access_spec.rb
+++ /dev/null
@@ -1,82 +0,0 @@
-require 'spec_helper'
-
-describe "Group with internal project access", feature: true  do
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-
-      create(:project, :internal, group: group)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb
deleted file mode 100644
index b3db7b5dea4..00000000000
--- a/spec/features/security/group/mixed_group_access_spec.rb
+++ /dev/null
@@ -1,83 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true  do
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-
-      create(:project, :internal, path: "internal_project", group: group)
-      create(:project, :public, path: "public_project", group: group)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb
deleted file mode 100644
index c16f0c0d1e1..00000000000
--- a/spec/features/security/group/public_group_access_spec.rb
+++ /dev/null
@@ -1,82 +0,0 @@
-require 'spec_helper'
-
-describe "Group with public project access", feature: true  do
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-
-      create(:project, :public, group: group)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb
new file mode 100644
index 00000000000..0f36e474989
--- /dev/null
+++ b/spec/features/security/group_access_spec.rb
@@ -0,0 +1,284 @@
+require 'rails_helper'
+
+describe 'Group access', feature: true do
+  include AccessMatchers
+
+  def group
+    @group ||= create(:group)
+  end
+
+  def create_project(access_level)
+    if access_level == :mixed
+      create(:empty_project, :public, group: group)
+      create(:empty_project, :internal, group: group)
+    else
+      create(:empty_project, access_level, group: group)
+    end
+  end
+
+  def group_member(access_level, group = group)
+    level = Object.const_get("Gitlab::Access::#{access_level.upcase}")
+
+    create(:user).tap do |user|
+      group.add_user(user, level)
+    end
+  end
+
+  describe 'GET /groups/new' do
+    subject { new_group_path }
+
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_allowed_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
+  describe 'GET /groups/:path' do
+    subject { group_path(group) }
+
+    context 'with public projects' do
+      before(:all) { create_project(:public) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with mixed projects' do
+      before(:all) { create_project(:mixed) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with internal projects' do
+      before(:all) { create_project(:internal) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with no projects' do
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+
+  describe 'GET /groups/:path/issues' do
+    subject { issues_group_path(group) }
+
+    context 'with public projects' do
+      before(:all) { create_project(:public) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with mixed projects' do
+      before(:all) { create_project(:mixed) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with internal projects' do
+      before(:all) { create_project(:internal) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with no projects' do
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+
+  describe 'GET /groups/:path/merge_requests' do
+    subject { merge_requests_group_path(group) }
+
+    context 'with public projects' do
+      before(:all) { create_project(:public) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with mixed projects' do
+      before(:all) { create_project(:mixed) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with internal projects' do
+      before(:all) { create_project(:internal) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with no projects' do
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+
+  describe 'GET /groups/:path/group_members' do
+    subject { group_group_members_path(group) }
+
+    context 'with public projects' do
+      before(:all) { create_project(:public) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with mixed projects' do
+      before(:all) { create_project(:mixed) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_allowed_for :visitor }
+    end
+
+    context 'with internal projects' do
+      before(:all) { create_project(:internal) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_allowed_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with no projects' do
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_allowed_for group_member(:master) }
+      it { is_expected.to be_allowed_for group_member(:reporter) }
+      it { is_expected.to be_allowed_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+
+  describe 'GET /groups/:path/edit' do
+    subject { edit_group_path(group) }
+
+    context 'with public projects' do
+      before(:all) { create_project(:public) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_denied_for group_member(:master) }
+      it { is_expected.to be_denied_for group_member(:reporter) }
+      it { is_expected.to be_denied_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with mixed projects' do
+      before(:all) { create_project(:mixed) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_denied_for group_member(:master) }
+      it { is_expected.to be_denied_for group_member(:reporter) }
+      it { is_expected.to be_denied_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with internal projects' do
+      before(:all) { create_project(:internal) }
+
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_denied_for group_member(:master) }
+      it { is_expected.to be_denied_for group_member(:reporter) }
+      it { is_expected.to be_denied_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+
+    context 'with no projects' do
+      it { is_expected.to be_allowed_for group_member(:owner) }
+      it { is_expected.to be_denied_for group_member(:master) }
+      it { is_expected.to be_denied_for group_member(:reporter) }
+      it { is_expected.to be_denied_for group_member(:guest) }
+      it { is_expected.to be_allowed_for :admin }
+      it { is_expected.to be_denied_for :user }
+      it { is_expected.to be_denied_for :visitor }
+    end
+  end
+end
diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb
index bcabc2d53ac..c19678ab381 100644
--- a/spec/features/security/profile_access_spec.rb
+++ b/spec/features/security/profile_access_spec.rb
@@ -1,18 +1,11 @@
 require 'spec_helper'
 
 describe "Profile access", feature: true  do
-  before do
-    @u1 = create(:user)
-  end
-
-  describe "GET /login" do
-    it { expect(new_user_session_path).not_to be_not_found_for :visitor }
-  end
+  include AccessMatchers
 
   describe "GET /profile/keys" do
     subject { profile_keys_path }
 
-    it { is_expected.to be_allowed_for @u1 }
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
@@ -21,7 +14,6 @@ describe "Profile access", feature: true  do
   describe "GET /profile" do
     subject { profile_path }
 
-    it { is_expected.to be_allowed_for @u1 }
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
@@ -30,7 +22,6 @@ describe "Profile access", feature: true  do
   describe "GET /profile/account" do
     subject { profile_account_path }
 
-    it { is_expected.to be_allowed_for @u1 }
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
@@ -39,7 +30,6 @@ describe "Profile access", feature: true  do
   describe "GET /profile/preferences" do
     subject { profile_preferences_path }
 
-    it { is_expected.to be_allowed_for @u1 }
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
@@ -48,7 +38,6 @@ describe "Profile access", feature: true  do
   describe "GET /profile/audit_log" do
     subject { audit_log_profile_path }
 
-    it { is_expected.to be_allowed_for @u1 }
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
@@ -57,7 +46,6 @@ describe "Profile access", feature: true  do
   describe "GET /profile/notifications" do
     subject { profile_notifications_path }
 
-    it { is_expected.to be_allowed_for @u1 }
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
index 4649e58cb1a..57563add74c 100644
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe "Internal Project Access", feature: true  do
+  include AccessMatchers
+
   let(:project) { create(:project, :internal) }
 
   let(:master) { create(:user) }
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index 2866bf0355b..a1e111c6cab 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe "Private Project Access", feature: true  do
+  include AccessMatchers
+
   let(:project) { create(:project) }
 
   let(:master)   { create(:user) }
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index 554c96bcdc5..655d2c8b7d9 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe "Public Project Access", feature: true  do
+  include AccessMatchers
+
   let(:project) { create(:project) }
 
   let(:master) { create(:user) }
@@ -17,7 +19,6 @@ describe "Public Project Access", feature: true  do
 
     # readonly
     project.team << [reporter, :reporter]
-
   end
 
   describe "Project should be public" do
diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb
deleted file mode 100644
index a2f853e3e70..00000000000
--- a/spec/support/matchers.rb
+++ /dev/null
@@ -1,66 +0,0 @@
-RSpec::Matchers.define :be_valid_commit do
-  match do |actual|
-    actual &&
-      actual.id == ValidCommit::ID &&
-      actual.message == ValidCommit::MESSAGE &&
-      actual.author_name == ValidCommit::AUTHOR_FULL_NAME
-  end
-end
-
-def emulate_user(user)
-  user = case user
-         when :user then create(:user)
-         when :visitor then nil
-         when :admin then create(:admin)
-         else user
-         end
-  login_with(user) if user
-end
-
-RSpec::Matchers.define :be_allowed_for do |user|
-  match do |url|
-    emulate_user(user)
-    visit url
-    status_code != 404 && current_path != new_user_session_path
-  end
-end
-
-RSpec::Matchers.define :be_denied_for do |user|
-  match do |url|
-    emulate_user(user)
-    visit url
-    status_code == 404 || current_path == new_user_session_path
-  end
-end
-
-RSpec::Matchers.define :be_not_found_for do |user|
-  match do |url|
-    emulate_user(user)
-    visit url
-    status_code == 404
-  end
-end
-
-RSpec::Matchers.define :include_module do |expected|
-  match do
-    described_class.included_modules.include?(expected)
-  end
-
-  description do
-    "includes the #{expected} module"
-  end
-
-  failure_message do
-    "expected #{described_class} to include the #{expected} module"
-  end
-end
-
-# Extend shoulda-matchers
-module Shoulda::Matchers::ActiveModel
-  class ValidateLengthOfMatcher
-    # Shortcut for is_at_least and is_at_most
-    def is_within(range)
-      is_at_least(range.min) && is_at_most(range.max)
-    end
-  end
-end
diff --git a/spec/support/matchers/access_matchers.rb b/spec/support/matchers/access_matchers.rb
new file mode 100644
index 00000000000..558e8b1612f
--- /dev/null
+++ b/spec/support/matchers/access_matchers.rb
@@ -0,0 +1,54 @@
+# AccessMatchers
+#
+# The custom matchers contained in this module are used to test a user's access
+# to a URL by emulating a specific user or type of user account, visiting the
+# URL, and then checking the response status code and resulting path.
+module AccessMatchers
+  extend RSpec::Matchers::DSL
+  include Warden::Test::Helpers
+
+  def emulate_user(user)
+    case user
+    when :user
+      login_as(create(:user))
+    when :visitor
+      logout
+    when :admin
+      login_as(create(:admin))
+    when User
+      login_as(user)
+    else
+      raise ArgumentError, "cannot emulate user #{user}"
+    end
+  end
+
+  def description_for(user, type)
+    if user.kind_of?(User)
+      # User#inspect displays too much information for RSpec's description
+      # messages
+      "be #{type} for supplied User"
+    else
+      "be #{type} for #{user}"
+    end
+  end
+
+  matcher :be_allowed_for do |user|
+    match do |url|
+      emulate_user(user)
+      visit url
+      status_code != 404 && current_path != new_user_session_path
+    end
+
+    description { description_for(user, 'allowed') }
+  end
+
+  matcher :be_denied_for do |user|
+    match do |url|
+      emulate_user(user)
+      visit url
+      status_code == 404 || current_path == new_user_session_path
+    end
+
+    description { description_for(user, 'denied') }
+  end
+end
diff --git a/spec/support/matchers/include_module.rb b/spec/support/matchers/include_module.rb
new file mode 100644
index 00000000000..0a78af1e90e
--- /dev/null
+++ b/spec/support/matchers/include_module.rb
@@ -0,0 +1,13 @@
+RSpec::Matchers.define :include_module do |expected|
+  match do
+    described_class.included_modules.include?(expected)
+  end
+
+  description do
+    "includes the #{expected} module"
+  end
+
+  failure_message do
+    "expected #{described_class} to include the #{expected} module"
+  end
+end
diff --git a/spec/support/matchers/is_within.rb b/spec/support/matchers/is_within.rb
new file mode 100644
index 00000000000..0c35fc7e899
--- /dev/null
+++ b/spec/support/matchers/is_within.rb
@@ -0,0 +1,9 @@
+# Extend shoulda-matchers
+module Shoulda::Matchers::ActiveModel
+  class ValidateLengthOfMatcher
+    # Shortcut for is_at_least and is_at_most
+    def is_within(range)
+      is_at_least(range.min) && is_at_most(range.max)
+    end
+  end
+end
author	Douwe Maan <douwe@gitlab.com>	2015-07-22 09:22:43 +0000
committer	Douwe Maan <douwe@gitlab.com>	2015-07-22 09:22:43 +0000
commit	546731244a80fb44a7b1792615f2ccda767ad947 (patch)
tree	05eb1aa1c6bd0876a1781cff93ae737d3d21dda4 /spec
parent	39dc39e33529ac3632e5d5a6fa06bf6908fb4fa4 (diff)
parent	b42422a7a97d376fb5f78e8dfa614857d6b8d1fa (diff)
download	gitlab-ce-546731244a80fb44a7b1792615f2ccda767ad947.tar.gz