summaryrefslogtreecommitdiff
path: root/spec/features/security/project/private_access_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/features/security/project/private_access_spec.rb')
-rw-r--r--spec/features/security/project/private_access_spec.rb93
1 files changed, 62 insertions, 31 deletions
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index e891e79db70..dda218c5de5 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -18,7 +18,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path" do
subject { project_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -32,7 +33,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/tree/master" do
subject { project_tree_path(project, project.repository.root_ref) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -46,7 +48,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/commits/master" do
subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -60,7 +63,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/commit/:sha" do
subject { project_commit_path(project, project.repository.commit) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -74,7 +78,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/compare" do
subject { project_compare_index_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -88,7 +93,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/project_members" do
subject { project_project_members_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -102,7 +108,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/settings/ci_cd" do
subject { project_settings_ci_cd_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_denied_for(:developer).of(project) }
@@ -116,7 +123,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/settings/repository" do
subject { project_settings_repository_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_denied_for(:developer).of(project) }
@@ -132,7 +140,8 @@ RSpec.describe "Private Project Access" do
subject { project_blob_path(project, File.join(commit.id, '.gitignore')) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -146,7 +155,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/edit" do
subject { edit_project_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_denied_for(:developer).of(project) }
@@ -160,7 +170,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/deploy_keys" do
subject { project_deploy_keys_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_denied_for(:developer).of(project) }
@@ -174,7 +185,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/issues" do
subject { project_issues_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -190,7 +202,8 @@ RSpec.describe "Private Project Access" do
subject { edit_project_issue_path(project, issue) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -204,7 +217,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/snippets" do
subject { project_snippets_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -218,7 +232,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/merge_requests" do
subject { project_merge_requests_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -239,7 +254,8 @@ RSpec.describe "Private Project Access" do
end
end
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -260,7 +276,8 @@ RSpec.describe "Private Project Access" do
end
end
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -274,7 +291,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/settings/integrations" do
subject { project_settings_integrations_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_denied_for(:developer).of(project) }
@@ -288,7 +306,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/pipelines" do
subject { project_pipelines_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -316,7 +335,8 @@ RSpec.describe "Private Project Access" do
subject { project_pipeline_path(project, pipeline) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -342,7 +362,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/builds" do
subject { project_jobs_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -371,7 +392,8 @@ RSpec.describe "Private Project Access" do
subject { project_job_path(project, build.id) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -405,7 +427,8 @@ RSpec.describe "Private Project Access" do
subject { trace_project_job_path(project, build.id) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -435,7 +458,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/environments" do
subject { project_environments_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -451,7 +475,8 @@ RSpec.describe "Private Project Access" do
subject { project_environment_path(project, environment) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -467,7 +492,8 @@ RSpec.describe "Private Project Access" do
subject { project_environment_deployments_path(project, environment) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -481,7 +507,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/environments/new" do
subject { new_project_environment_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -495,7 +522,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/pipeline_schedules" do
subject { project_pipeline_schedules_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -509,7 +537,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/pipeline_schedules/new" do
subject { new_project_pipeline_schedule_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -523,7 +552,8 @@ RSpec.describe "Private Project Access" do
describe "GET /:project_path/-/environments/new" do
subject { new_project_pipeline_schedule_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
@@ -545,7 +575,8 @@ RSpec.describe "Private Project Access" do
subject { project_container_registry_index_path(project) }
- it { is_expected.to be_allowed_for(:admin) }
+ it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
+ it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for(:maintainer).of(project) }
it { is_expected.to be_allowed_for(:developer).of(project) }
View Lorry Controller Status