1 files changed, 84 insertions, 23 deletions

diff --git a/spec/policies/commit_policy_spec.rb b/spec/policies/commit_policy_spec.rb
index 0d3dcc97565..cf2798b9ef3 100644
--- a/spec/policies/commit_policy_spec.rb
+++ b/spec/policies/commit_policy_spec.rb
@@ -4,6 +4,7 @@ require 'spec_helper'
 
 RSpec.describe CommitPolicy do
   describe '#rules' do
+    let(:group) { create(:group, :public) }
     let(:user) { create(:user) }
     let(:commit) { project.repository.head_commit }
     let(:policy) { described_class.new(user, commit) }
@@ -19,59 +20,119 @@ RSpec.describe CommitPolicy do
     end
 
     shared_examples 'cannot read commit nor create a note' do
-      it 'can not read commit' do
+      it 'cannot read commit' do
         expect(policy).to be_disallowed(:read_commit)
       end
 
-      it 'can not create a note' do
+      it 'cannot create a note' do
         expect(policy).to be_disallowed(:create_note)
       end
     end
 
     context 'when project is public' do
-      let(:project) { create(:project, :public, :repository) }
+      let(:project) { create(:project, :public, :repository, group: group) }
 
-      it_behaves_like 'can read commit and create a note'
+      context 'when the user is not a project member' do
+        it_behaves_like 'can read commit and create a note'
+      end
 
       context 'when repository access level is private' do
-        let(:project) { create(:project, :public, :repository, :repository_private) }
+        let(:project) { create(:project, :public, :repository, :repository_private, group: group) }
 
-        it_behaves_like 'cannot read commit nor create a note'
+        context 'when the user is not a project member' do
+          it_behaves_like 'cannot read commit nor create a note'
+        end
 
-        context 'when the user is a project member' do
-          before do
-            project.add_developer(user)
+        context 'when the user is a direct project member' do
+          context 'and the user is a developer' do
+            before do
+              project.add_developer(user)
+            end
+
+            it_behaves_like 'can read commit and create a note'
           end
+        end
 
-          it_behaves_like 'can read commit and create a note'
+        context 'when the user is an inherited member from the group' do
+          context 'and the user is a guest' do
+            before do
+              group.add_guest(user)
+            end
+
+            it_behaves_like 'can read commit and create a note'
+          end
+
+          context 'and the user is a reporter' do
+            before do
+              group.add_reporter(user)
+            end
+
+            it_behaves_like 'can read commit and create a note'
+          end
+
+          context 'and the user is a developer' do
+            before do
+              group.add_developer(user)
+            end
+
+            it_behaves_like 'can read commit and create a note'
+          end
         end
       end
     end
 
     context 'when project is private' do
-      let(:project) { create(:project, :private, :repository) }
+      let(:project) { create(:project, :private, :repository, group: group) }
 
-      it_behaves_like 'cannot read commit nor create a note'
+      context 'when the user is not a project member' do
+        it_behaves_like 'cannot read commit nor create a note'
+      end
 
-      context 'when the user is a project member' do
-        before do
-          project.add_developer(user)
+      context 'when the user is a direct project member' do
+        context 'and the user is a developer' do
+          before do
+            project.add_developer(user)
+          end
+
+          it_behaves_like 'can read commit and create a note'
         end
 
-        it 'can read commit and create a note' do
-          expect(policy).to be_allowed(:read_commit)
+        context 'and the user is a guest' do
+          before do
+            project.add_guest(user)
+          end
+
+          it_behaves_like 'cannot read commit nor create a note'
+
+          it 'cannot download code' do
+            expect(policy).to be_disallowed(:download_code)
+          end
         end
       end
 
-      context 'when the user is a guest' do
-        before do
-          project.add_guest(user)
+      context 'when the user is an inherited member from the group' do
+        context 'and the user is a guest' do
+          before do
+            group.add_guest(user)
+          end
+
+          it_behaves_like 'cannot read commit nor create a note'
         end
 
-        it_behaves_like 'cannot read commit nor create a note'
+        context 'and the user is a reporter' do
+          before do
+            group.add_reporter(user)
+          end
+
+          it_behaves_like 'can read commit and create a note'
+        end
 
-        it 'cannot download code' do
-          expect(policy).to be_disallowed(:download_code)
+        context 'and the user is a developer' do
+          before do
+            group.add_developer(user)
+          end
+
+          it_behaves_like 'can read commit and create a note'
         end
       end
     end