diff options
Diffstat (limited to 'spec/features/security/project/private_access_spec.rb')
-rw-r--r-- | spec/features/security/project/private_access_spec.rb | 93 |
1 files changed, 62 insertions, 31 deletions
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index e891e79db70..dda218c5de5 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -18,7 +18,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path" do subject { project_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -32,7 +33,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/tree/master" do subject { project_tree_path(project, project.repository.root_ref) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -46,7 +48,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/commits/master" do subject { project_commits_path(project, project.repository.root_ref, limit: 1) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -60,7 +63,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/commit/:sha" do subject { project_commit_path(project, project.repository.commit) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -74,7 +78,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/compare" do subject { project_compare_index_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -88,7 +93,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/project_members" do subject { project_project_members_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -102,7 +108,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/settings/ci_cd" do subject { project_settings_ci_cd_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -116,7 +123,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/settings/repository" do subject { project_settings_repository_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -132,7 +140,8 @@ RSpec.describe "Private Project Access" do subject { project_blob_path(project, File.join(commit.id, '.gitignore')) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -146,7 +155,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/edit" do subject { edit_project_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -160,7 +170,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/deploy_keys" do subject { project_deploy_keys_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -174,7 +185,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/issues" do subject { project_issues_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -190,7 +202,8 @@ RSpec.describe "Private Project Access" do subject { edit_project_issue_path(project, issue) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -204,7 +217,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/snippets" do subject { project_snippets_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -218,7 +232,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/merge_requests" do subject { project_merge_requests_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -239,7 +254,8 @@ RSpec.describe "Private Project Access" do end end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -260,7 +276,8 @@ RSpec.describe "Private Project Access" do end end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -274,7 +291,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/settings/integrations" do subject { project_settings_integrations_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -288,7 +306,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/pipelines" do subject { project_pipelines_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -316,7 +335,8 @@ RSpec.describe "Private Project Access" do subject { project_pipeline_path(project, pipeline) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -342,7 +362,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/builds" do subject { project_jobs_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -371,7 +392,8 @@ RSpec.describe "Private Project Access" do subject { project_job_path(project, build.id) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -405,7 +427,8 @@ RSpec.describe "Private Project Access" do subject { trace_project_job_path(project, build.id) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -435,7 +458,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/environments" do subject { project_environments_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -451,7 +475,8 @@ RSpec.describe "Private Project Access" do subject { project_environment_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -467,7 +492,8 @@ RSpec.describe "Private Project Access" do subject { project_environment_deployments_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -481,7 +507,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/environments/new" do subject { new_project_environment_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -495,7 +522,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/pipeline_schedules" do subject { project_pipeline_schedules_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -509,7 +537,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/pipeline_schedules/new" do subject { new_project_pipeline_schedule_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -523,7 +552,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/environments/new" do subject { new_project_pipeline_schedule_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -545,7 +575,8 @@ RSpec.describe "Private Project Access" do subject { project_container_registry_index_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } |