diff options
Diffstat (limited to 'spec/policies/group_member_policy_spec.rb')
-rw-r--r-- | spec/policies/group_member_policy_spec.rb | 65 |
1 files changed, 53 insertions, 12 deletions
diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb index 9e58ea81ef3..6099e4549b1 100644 --- a/spec/policies/group_member_policy_spec.rb +++ b/spec/policies/group_member_policy_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' RSpec.describe GroupMemberPolicy do + include DesignManagementTestHelpers + let(:guest) { create(:user) } let(:owner) { create(:user) } let(:group) { create(:group, :private) } @@ -28,22 +30,64 @@ RSpec.describe GroupMemberPolicy do permissions.each { |p| is_expected.not_to be_allowed(p) } end - context 'with guest user' do - let(:current_user) { guest } + context 'with anonymous user' do + let(:group) { create(:group, :public) } + let(:current_user) { nil } + let(:membership) { guest.members.first } it do - expect_disallowed(:member_related_permissions) + expect_disallowed(:read_design_activity, *member_related_permissions) + expect_allowed(:read_group) + end + + context 'design management is enabled' do + before do + create(:project, :public, group: group) # Necessary to enable design management + enable_design_management + end + + specify do + expect_allowed(:read_design_activity) + end + end + + context 'for a private group' do + let(:group) { create(:group, :private) } + + specify do + expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) + end + end + + context 'for an internal group' do + let(:group) { create(:group, :internal) } + + specify do + expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) + end end end + context 'with guest user, for own membership' do + let(:current_user) { guest } + + specify { expect_disallowed(:update_group_member) } + specify { expect_allowed(:read_group, :destroy_group_member) } + end + + context 'with guest user, for other membership' do + let(:current_user) { guest } + let(:membership) { owner.members.first } + + specify { expect_disallowed(:destroy_group_member, :update_group_member) } + specify { expect_allowed(:read_group) } + end + context 'with one owner' do let(:current_user) { owner } - it do - expect_disallowed(:destroy_group_member) - expect_disallowed(:update_group_member) - expect_allowed(:read_group) - end + specify { expect_disallowed(*member_related_permissions) } + specify { expect_allowed(:read_group) } end context 'with more than one owner' do @@ -53,10 +97,7 @@ RSpec.describe GroupMemberPolicy do group.add_owner(create(:user)) end - it do - expect_allowed(:destroy_group_member) - expect_allowed(:update_group_member) - end + specify { expect_allowed(*member_related_permissions) } end context 'with the group parent' do |