1 files changed, 96 insertions, 11 deletions

diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 316bf153660..c5bfae47606 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe Group, models: true do
+describe Group do
   let!(:group) { create(:group, :access_requestable) }
 
   describe 'associations' do
@@ -13,6 +13,7 @@ describe Group, models: true do
     it { is_expected.to have_many(:shared_projects).through(:project_group_links) }
     it { is_expected.to have_many(:notification_settings).dependent(:destroy) }
     it { is_expected.to have_many(:labels).class_name('GroupLabel') }
+    it { is_expected.to have_many(:variables).class_name('Ci::GroupVariable') }
     it { is_expected.to have_many(:uploads).dependent(:destroy) }
     it { is_expected.to have_one(:chat_team) }
 
@@ -143,14 +144,20 @@ describe Group, models: true do
 
   describe '#add_user' do
     let(:user) { create(:user) }
-    before { group.add_user(user, GroupMember::MASTER) }
+
+    before do
+      group.add_user(user, GroupMember::MASTER)
+    end
 
     it { expect(group.group_members.masters.map(&:user)).to include(user) }
   end
 
   describe '#add_users' do
     let(:user) { create(:user) }
-    before { group.add_users([user.id], GroupMember::GUEST) }
+
+    before do
+      group.add_users([user.id], GroupMember::GUEST)
+    end
 
     it "updates the group permission" do
       expect(group.group_members.guests.map(&:user)).to include(user)
@@ -162,7 +169,10 @@ describe Group, models: true do
 
   describe '#avatar_type' do
     let(:user) { create(:user) }
-    before { group.add_user(user, GroupMember::MASTER) }
+
+    before do
+      group.add_user(user, GroupMember::MASTER)
+    end
 
     it "is true if avatar is image" do
       group.update_attribute(:avatar, 'uploads/avatar.png')
@@ -179,10 +189,12 @@ describe Group, models: true do
     let!(:group) { create(:group, :access_requestable, :with_avatar) }
     let(:user) { create(:user) }
     let(:gitlab_host) { "http://#{Gitlab.config.gitlab.host}" }
-    let(:avatar_path) { "/uploads/group/avatar/#{group.id}/dk.png" }
+    let(:avatar_path) { "/uploads/-/system/group/avatar/#{group.id}/dk.png" }
 
     context 'when avatar file is uploaded' do
-      before { group.add_master(user) }
+      before do
+        group.add_master(user)
+      end
 
       it 'shows correct avatar url' do
         expect(group.avatar_url).to eq(avatar_path)
@@ -222,7 +234,10 @@ describe Group, models: true do
   end
 
   describe '#has_owner?' do
-    before { @members = setup_group_members(group) }
+    before do
+      @members = setup_group_members(group)
+      create(:group_member, :invited, :owner, group: group)
+    end
 
     it { expect(group.has_owner?(@members[:owner])).to be_truthy }
     it { expect(group.has_owner?(@members[:master])).to be_falsey }
@@ -230,10 +245,14 @@ describe Group, models: true do
     it { expect(group.has_owner?(@members[:reporter])).to be_falsey }
     it { expect(group.has_owner?(@members[:guest])).to be_falsey }
     it { expect(group.has_owner?(@members[:requester])).to be_falsey }
+    it { expect(group.has_owner?(nil)).to be_falsey }
   end
 
   describe '#has_master?' do
-    before { @members = setup_group_members(group) }
+    before do
+      @members = setup_group_members(group)
+      create(:group_member, :invited, :master, group: group)
+    end
 
     it { expect(group.has_master?(@members[:owner])).to be_falsey }
     it { expect(group.has_master?(@members[:master])).to be_truthy }
@@ -241,6 +260,7 @@ describe Group, models: true do
     it { expect(group.has_master?(@members[:reporter])).to be_falsey }
     it { expect(group.has_master?(@members[:guest])).to be_falsey }
     it { expect(group.has_master?(@members[:requester])).to be_falsey }
+    it { expect(group.has_master?(nil)).to be_falsey }
   end
 
   describe '#lfs_enabled?' do
@@ -337,7 +357,7 @@ describe Group, models: true do
     subject { build(:group, :nested) }
 
     it { is_expected.to be_valid }
-    it { expect(subject.parent).to be_kind_of(Group) }
+    it { expect(subject.parent).to be_kind_of(described_class) }
   end
 
   describe '#members_with_parents', :nested_groups do
@@ -359,8 +379,8 @@ describe Group, models: true do
       group.add_user(master, GroupMember::MASTER)
       group.add_user(developer, GroupMember::DEVELOPER)
 
-      expect(group.user_ids_for_project_authorizations).
-        to include(master.id, developer.id)
+      expect(group.user_ids_for_project_authorizations)
+        .to include(master.id, developer.id)
     end
   end
 
@@ -403,4 +423,69 @@ describe Group, models: true do
       expect(calls).to eq 2
     end
   end
+
+  describe '#secret_variables_for' do
+    let(:project) { create(:project, group: group) }
+
+    let!(:secret_variable) do
+      create(:ci_group_variable, value: 'secret', group: group)
+    end
+
+    let!(:protected_variable) do
+      create(:ci_group_variable, :protected, value: 'protected', group: group)
+    end
+
+    subject { group.secret_variables_for('ref', project) }
+
+    shared_examples 'ref is protected' do
+      it 'contains all the variables' do
+        is_expected.to contain_exactly(secret_variable, protected_variable)
+      end
+    end
+
+    context 'when the ref is not protected' do
+      before do
+        stub_application_setting(
+          default_branch_protection: Gitlab::Access::PROTECTION_NONE)
+      end
+
+      it 'contains only the secret variables' do
+        is_expected.to contain_exactly(secret_variable)
+      end
+    end
+
+    context 'when the ref is a protected branch' do
+      before do
+        create(:protected_branch, name: 'ref', project: project)
+      end
+
+      it_behaves_like 'ref is protected'
+    end
+
+    context 'when the ref is a protected tag' do
+      before do
+        create(:protected_tag, name: 'ref', project: project)
+      end
+
+      it_behaves_like 'ref is protected'
+    end
+
+    context 'when group has children', :postgresql do
+      let(:group_child)      { create(:group, parent: group) }
+      let(:group_child_2)    { create(:group, parent: group_child) }
+      let(:group_child_3)    { create(:group, parent: group_child_2) }
+      let(:variable_child)   { create(:ci_group_variable, group: group_child) }
+      let(:variable_child_2) { create(:ci_group_variable, group: group_child_2) }
+      let(:variable_child_3) { create(:ci_group_variable, group: group_child_3) }
+
+      it 'returns all variables belong to the group and parent groups' do
+        expected_array1 = [protected_variable, secret_variable]
+        expected_array2 = [variable_child, variable_child_2, variable_child_3]
+        got_array = group_child_3.secret_variables_for('ref', project).to_a
+
+        expect(got_array.shift(2)).to contain_exactly(*expected_array1)
+        expect(got_array).to eq(expected_array2)
+      end
+    end
+  end
 end