diff options
Diffstat (limited to 'spec/features/security/project/internal_access_spec.rb')
-rw-r--r-- | spec/features/security/project/internal_access_spec.rb | 143 |
1 files changed, 109 insertions, 34 deletions
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index 6ecdc8cbb71..a7928857b7d 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -1,9 +1,9 @@ require 'spec_helper' -describe "Internal Project Access", feature: true do +describe "Internal Project Access" do include AccessMatchers - let(:project) { create(:project, :internal) } + set(:project) { create(:project, :internal, :repository) } describe "Project should be internal" do describe '#internal?' do @@ -13,7 +13,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path" do - subject { namespace_project_path(project.namespace, project) } + subject { project_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -27,7 +27,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/tree/master" do - subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } + subject { project_tree_path(project, project.repository.root_ref) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -41,7 +41,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/commits/master" do - subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } + subject { project_commits_path(project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -55,7 +55,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/commit/:sha" do - subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } + subject { project_commit_path(project, project.repository.commit) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -69,7 +69,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/compare" do - subject { namespace_project_compare_index_path(project.namespace, project) } + subject { project_compare_index_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -83,7 +83,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/settings/members" do - subject { namespace_project_settings_members_path(project.namespace, project) } + subject { project_settings_members_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -97,7 +97,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/settings/ci_cd" do - subject { namespace_project_settings_ci_cd_path(project.namespace, project) } + subject { project_settings_ci_cd_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -111,7 +111,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/settings/repository" do - subject { namespace_project_settings_repository_path(project.namespace, project) } + subject { project_settings_repository_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -126,7 +126,7 @@ describe "Internal Project Access", feature: true do describe "GET /:project_path/blob" do let(:commit) { project.repository.commit } - subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) } + subject { project_blob_path(project, File.join(commit.id, '.gitignore')) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -140,7 +140,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/edit" do - subject { edit_namespace_project_path(project.namespace, project) } + subject { edit_project_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -154,7 +154,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/deploy_keys" do - subject { namespace_project_deploy_keys_path(project.namespace, project) } + subject { project_deploy_keys_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -168,7 +168,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/issues" do - subject { namespace_project_issues_path(project.namespace, project) } + subject { project_issues_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -183,7 +183,7 @@ describe "Internal Project Access", feature: true do describe "GET /:project_path/issues/:id/edit" do let(:issue) { create(:issue, project: project) } - subject { edit_namespace_project_issue_path(project.namespace, project, issue) } + subject { edit_project_issue_path(project, issue) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -197,7 +197,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/snippets" do - subject { namespace_project_snippets_path(project.namespace, project) } + subject { project_snippets_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -211,7 +211,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/snippets/new" do - subject { new_namespace_project_snippet_path(project.namespace, project) } + subject { new_project_snippet_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -225,7 +225,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/merge_requests" do - subject { namespace_project_merge_requests_path(project.namespace, project) } + subject { project_merge_requests_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -239,7 +239,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/merge_requests/new" do - subject { new_namespace_project_merge_request_path(project.namespace, project) } + subject { project_new_merge_request_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -253,7 +253,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/branches" do - subject { namespace_project_branches_path(project.namespace, project) } + subject { project_branches_path(project) } before do # Speed increase @@ -272,7 +272,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/tags" do - subject { namespace_project_tags_path(project.namespace, project) } + subject { project_tags_path(project) } before do # Speed increase @@ -291,7 +291,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/settings/integrations" do - subject { namespace_project_settings_integrations_path(project.namespace, project) } + subject { project_settings_integrations_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -305,7 +305,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/pipelines" do - subject { namespace_project_pipelines_path(project.namespace, project) } + subject { project_pipelines_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -320,7 +320,7 @@ describe "Internal Project Access", feature: true do describe "GET /:project_path/pipelines/:id" do let(:pipeline) { create(:ci_pipeline, project: project) } - subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } + subject { project_pipeline_path(project, pipeline) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -334,10 +334,12 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/builds" do - subject { namespace_project_builds_path(project.namespace, project) } + subject { project_jobs_path(project) } context "when allowed for public and internal" do - before { project.update(public_builds: true) } + before do + project.update(public_builds: true) + end it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -351,7 +353,9 @@ describe "Internal Project Access", feature: true do end context "when disallowed for public and internal" do - before { project.update(public_builds: false) } + before do + project.update(public_builds: false) + end it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -368,10 +372,12 @@ describe "Internal Project Access", feature: true do describe "GET /:project_path/builds/:id" do let(:pipeline) { create(:ci_pipeline, project: project) } let(:build) { create(:ci_build, pipeline: pipeline) } - subject { namespace_project_build_path(project.namespace, project, build.id) } + subject { project_job_path(project, build.id) } context "when allowed for public and internal" do - before { project.update(public_builds: true) } + before do + project.update(public_builds: true) + end it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -385,7 +391,9 @@ describe "Internal Project Access", feature: true do end context "when disallowed for public and internal" do - before { project.update(public_builds: false) } + before do + project.update(public_builds: false) + end it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -399,8 +407,60 @@ describe "Internal Project Access", feature: true do end end + describe 'GET /:project_path/builds/:id/trace' do + let(:pipeline) { create(:ci_pipeline, project: project) } + let(:build) { create(:ci_build, pipeline: pipeline) } + subject { trace_project_job_path(project, build.id) } + + context 'when allowed for public and internal' do + before do + project.update(public_builds: true) + end + + it { is_expected.to be_allowed_for(:admin) } + it { is_expected.to be_allowed_for(:owner).of(project) } + it { is_expected.to be_allowed_for(:master).of(project) } + it { is_expected.to be_allowed_for(:developer).of(project) } + it { is_expected.to be_allowed_for(:reporter).of(project) } + it { is_expected.to be_allowed_for(:guest).of(project) } + it { is_expected.to be_allowed_for(:user) } + it { is_expected.to be_denied_for(:external) } + it { is_expected.to be_denied_for(:visitor) } + end + + context 'when disallowed for public and internal' do + before do + project.update(public_builds: false) + end + + it { is_expected.to be_allowed_for(:admin) } + it { is_expected.to be_allowed_for(:owner).of(project) } + it { is_expected.to be_allowed_for(:master).of(project) } + it { is_expected.to be_allowed_for(:developer).of(project) } + it { is_expected.to be_allowed_for(:reporter).of(project) } + it { is_expected.to be_denied_for(:guest).of(project) } + it { is_expected.to be_denied_for(:user) } + it { is_expected.to be_denied_for(:external) } + it { is_expected.to be_denied_for(:visitor) } + end + end + + describe "GET /:project_path/pipeline_schedules" do + subject { project_pipeline_schedules_path(project) } + + it { is_expected.to be_allowed_for(:admin) } + it { is_expected.to be_allowed_for(:owner).of(project) } + it { is_expected.to be_allowed_for(:master).of(project) } + it { is_expected.to be_allowed_for(:developer).of(project) } + it { is_expected.to be_allowed_for(:reporter).of(project) } + it { is_expected.to be_allowed_for(:guest).of(project) } + it { is_expected.to be_allowed_for(:user) } + it { is_expected.to be_denied_for(:external) } + it { is_expected.to be_denied_for(:visitor) } + end + describe "GET /:project_path/environments" do - subject { namespace_project_environments_path(project.namespace, project) } + subject { project_environments_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -415,7 +475,22 @@ describe "Internal Project Access", feature: true do describe "GET /:project_path/environments/:id" do let(:environment) { create(:environment, project: project) } - subject { namespace_project_environment_path(project.namespace, project, environment) } + subject { project_environment_path(project, environment) } + + it { is_expected.to be_allowed_for(:admin) } + it { is_expected.to be_allowed_for(:owner).of(project) } + it { is_expected.to be_allowed_for(:master).of(project) } + it { is_expected.to be_allowed_for(:developer).of(project) } + it { is_expected.to be_allowed_for(:reporter).of(project) } + it { is_expected.to be_denied_for(:guest).of(project) } + it { is_expected.to be_denied_for(:user) } + it { is_expected.to be_denied_for(:external) } + it { is_expected.to be_denied_for(:visitor) } + end + + describe "GET /:project_path/environments/:id/deployments" do + let(:environment) { create(:environment, project: project) } + subject { project_environment_deployments_path(project, environment) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -429,7 +504,7 @@ describe "Internal Project Access", feature: true do end describe "GET /:project_path/environments/new" do - subject { new_namespace_project_environment_path(project.namespace, project) } + subject { new_project_environment_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } @@ -451,7 +526,7 @@ describe "Internal Project Access", feature: true do project.container_repositories << container_repository end - subject { namespace_project_container_registry_index_path(project.namespace, project) } + subject { project_container_registry_index_path(project) } it { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } |