1 files changed, 90 insertions, 0 deletions

diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index ec26810e371..873673b50ef 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -90,4 +90,94 @@ describe GlobalPolicy do
       it { is_expected.to be_allowed(:update_custom_attribute) }
     end
   end
+
+  shared_examples 'access allowed when terms accepted' do |ability|
+    it { is_expected.not_to be_allowed(ability) }
+
+    it "allows #{ability} when the user accepted the terms" do
+      accept_terms(current_user)
+
+      is_expected.to be_allowed(ability)
+    end
+  end
+
+  describe 'API access' do
+    context 'regular user' do
+      it { is_expected.to be_allowed(:access_api) }
+    end
+
+    context 'admin' do
+      let(:current_user) { create(:admin) }
+
+      it { is_expected.to be_allowed(:access_api) }
+    end
+
+    context 'anonymous' do
+      let(:current_user) { nil }
+
+      it { is_expected.to be_allowed(:access_api) }
+    end
+
+    context 'when terms are enforced' do
+      before do
+        enforce_terms
+      end
+
+      context 'regular user' do
+        it_behaves_like 'access allowed when terms accepted', :access_api
+      end
+
+      context 'admin' do
+        let(:current_user) { create(:admin) }
+
+        it_behaves_like 'access allowed when terms accepted', :access_api
+      end
+
+      context 'anonymous' do
+        let(:current_user) { nil }
+
+        it { is_expected.to be_allowed(:access_api) }
+      end
+    end
+  end
+
+  describe 'git access' do
+    describe 'regular user' do
+      it { is_expected.to be_allowed(:access_git) }
+    end
+
+    describe 'admin' do
+      let(:current_user) { create(:admin) }
+
+      it { is_expected.to be_allowed(:access_git) }
+    end
+
+    describe 'anonymous' do
+      let(:current_user) { nil }
+
+      it { is_expected.to be_allowed(:access_git) }
+    end
+
+    context 'when terms are enforced' do
+      before do
+        enforce_terms
+      end
+
+      context 'regular user' do
+        it_behaves_like 'access allowed when terms accepted', :access_git
+      end
+
+      context 'admin' do
+        let(:current_user) { create(:admin) }
+
+        it_behaves_like 'access allowed when terms accepted', :access_git
+      end
+
+      context 'anonymous' do
+        let(:current_user) { nil }
+
+        it { is_expected.to be_allowed(:access_git) }
+      end
+    end
+  end
 end