summaryrefslogtreecommitdiff
path: root/spec/policies/group_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/group_policy_spec.rb')
-rw-r--r--spec/policies/group_policy_spec.rb112
1 files changed, 108 insertions, 4 deletions
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 7f832bfa563..17dc3bb4f48 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -11,10 +11,11 @@ describe GroupPolicy do
let(:reporter_permissions) { [:admin_label] }
+ let(:developer_permissions) { [:admin_milestones] }
+
let(:master_permissions) do
[
- :create_projects,
- :admin_milestones
+ :create_projects
]
end
@@ -24,8 +25,8 @@ describe GroupPolicy do
:admin_namespace,
:admin_group_member,
:change_visibility_level,
- :create_subgroup
- ]
+ (Gitlab::Database.postgresql? ? :create_subgroup : nil)
+ ].compact
end
before do
@@ -52,6 +53,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_disallowed(*reporter_permissions)
+ expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -63,6 +65,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_disallowed(*reporter_permissions)
+ expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -74,6 +77,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -85,6 +89,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -96,6 +101,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -109,6 +115,7 @@ describe GroupPolicy do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
expect_allowed(*owner_permissions)
end
@@ -122,6 +129,7 @@ describe GroupPolicy do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
expect_allowed(*owner_permissions)
end
@@ -180,6 +188,7 @@ describe GroupPolicy do
it do
expect_disallowed(:read_group)
expect_disallowed(*reporter_permissions)
+ expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -191,6 +200,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_disallowed(*reporter_permissions)
+ expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -202,6 +212,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -213,6 +224,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -224,6 +236,7 @@ describe GroupPolicy do
it do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
expect_disallowed(*owner_permissions)
end
@@ -237,9 +250,100 @@ describe GroupPolicy do
expect_allowed(:read_group)
expect_allowed(*reporter_permissions)
+ expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
expect_allowed(*owner_permissions)
end
end
end
+
+ describe 'change_share_with_group_lock' do
+ context 'when the current_user owns the group' do
+ let(:current_user) { owner }
+
+ context 'when the group share_with_group_lock is enabled' do
+ let(:group) { create(:group, share_with_group_lock: true, parent: parent) }
+
+ context 'when the parent group share_with_group_lock is enabled' do
+ context 'when the group has a grandparent' do
+ let(:parent) { create(:group, share_with_group_lock: true, parent: grandparent) }
+
+ context 'when the grandparent share_with_group_lock is enabled' do
+ let(:grandparent) { create(:group, share_with_group_lock: true) }
+
+ context 'when the current_user owns the parent' do
+ before do
+ parent.add_owner(current_user)
+ end
+
+ context 'when the current_user owns the grandparent' do
+ before do
+ grandparent.add_owner(current_user)
+ end
+
+ it { expect_allowed(:change_share_with_group_lock) }
+ end
+
+ context 'when the current_user does not own the grandparent' do
+ it { expect_disallowed(:change_share_with_group_lock) }
+ end
+ end
+
+ context 'when the current_user does not own the parent' do
+ it { expect_disallowed(:change_share_with_group_lock) }
+ end
+ end
+
+ context 'when the grandparent share_with_group_lock is disabled' do
+ let(:grandparent) { create(:group) }
+
+ context 'when the current_user owns the parent' do
+ before do
+ parent.add_owner(current_user)
+ end
+
+ it { expect_allowed(:change_share_with_group_lock) }
+ end
+
+ context 'when the current_user does not own the parent' do
+ it { expect_disallowed(:change_share_with_group_lock) }
+ end
+ end
+ end
+
+ context 'when the group does not have a grandparent' do
+ let(:parent) { create(:group, share_with_group_lock: true) }
+
+ context 'when the current_user owns the parent' do
+ before do
+ parent.add_owner(current_user)
+ end
+
+ it { expect_allowed(:change_share_with_group_lock) }
+ end
+
+ context 'when the current_user does not own the parent' do
+ it { expect_disallowed(:change_share_with_group_lock) }
+ end
+ end
+ end
+
+ context 'when the parent group share_with_group_lock is disabled' do
+ let(:parent) { create(:group) }
+
+ it { expect_allowed(:change_share_with_group_lock) }
+ end
+ end
+
+ context 'when the group share_with_group_lock is disabled' do
+ it { expect_allowed(:change_share_with_group_lock) }
+ end
+ end
+
+ context 'when the current_user does not own the group' do
+ let(:current_user) { create(:user) }
+
+ it { expect_disallowed(:change_share_with_group_lock) }
+ end
+ end
end
View Lorry Controller Status