diff options
Diffstat (limited to 'spec/policies/group_policy_spec.rb')
-rw-r--r-- | spec/policies/group_policy_spec.rb | 112 |
1 files changed, 108 insertions, 4 deletions
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 7f832bfa563..17dc3bb4f48 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -11,10 +11,11 @@ describe GroupPolicy do let(:reporter_permissions) { [:admin_label] } + let(:developer_permissions) { [:admin_milestones] } + let(:master_permissions) do [ - :create_projects, - :admin_milestones + :create_projects ] end @@ -24,8 +25,8 @@ describe GroupPolicy do :admin_namespace, :admin_group_member, :change_visibility_level, - :create_subgroup - ] + (Gitlab::Database.postgresql? ? :create_subgroup : nil) + ].compact end before do @@ -52,6 +53,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -63,6 +65,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -74,6 +77,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -85,6 +89,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -96,6 +101,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_allowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -109,6 +115,7 @@ describe GroupPolicy do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_allowed(*master_permissions) expect_allowed(*owner_permissions) end @@ -122,6 +129,7 @@ describe GroupPolicy do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_allowed(*master_permissions) expect_allowed(*owner_permissions) end @@ -180,6 +188,7 @@ describe GroupPolicy do it do expect_disallowed(:read_group) expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -191,6 +200,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -202,6 +212,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -213,6 +224,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -224,6 +236,7 @@ describe GroupPolicy do it do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_allowed(*master_permissions) expect_disallowed(*owner_permissions) end @@ -237,9 +250,100 @@ describe GroupPolicy do expect_allowed(:read_group) expect_allowed(*reporter_permissions) + expect_allowed(*developer_permissions) expect_allowed(*master_permissions) expect_allowed(*owner_permissions) end end end + + describe 'change_share_with_group_lock' do + context 'when the current_user owns the group' do + let(:current_user) { owner } + + context 'when the group share_with_group_lock is enabled' do + let(:group) { create(:group, share_with_group_lock: true, parent: parent) } + + context 'when the parent group share_with_group_lock is enabled' do + context 'when the group has a grandparent' do + let(:parent) { create(:group, share_with_group_lock: true, parent: grandparent) } + + context 'when the grandparent share_with_group_lock is enabled' do + let(:grandparent) { create(:group, share_with_group_lock: true) } + + context 'when the current_user owns the parent' do + before do + parent.add_owner(current_user) + end + + context 'when the current_user owns the grandparent' do + before do + grandparent.add_owner(current_user) + end + + it { expect_allowed(:change_share_with_group_lock) } + end + + context 'when the current_user does not own the grandparent' do + it { expect_disallowed(:change_share_with_group_lock) } + end + end + + context 'when the current_user does not own the parent' do + it { expect_disallowed(:change_share_with_group_lock) } + end + end + + context 'when the grandparent share_with_group_lock is disabled' do + let(:grandparent) { create(:group) } + + context 'when the current_user owns the parent' do + before do + parent.add_owner(current_user) + end + + it { expect_allowed(:change_share_with_group_lock) } + end + + context 'when the current_user does not own the parent' do + it { expect_disallowed(:change_share_with_group_lock) } + end + end + end + + context 'when the group does not have a grandparent' do + let(:parent) { create(:group, share_with_group_lock: true) } + + context 'when the current_user owns the parent' do + before do + parent.add_owner(current_user) + end + + it { expect_allowed(:change_share_with_group_lock) } + end + + context 'when the current_user does not own the parent' do + it { expect_disallowed(:change_share_with_group_lock) } + end + end + end + + context 'when the parent group share_with_group_lock is disabled' do + let(:parent) { create(:group) } + + it { expect_allowed(:change_share_with_group_lock) } + end + end + + context 'when the group share_with_group_lock is disabled' do + it { expect_allowed(:change_share_with_group_lock) } + end + end + + context 'when the current_user does not own the group' do + let(:current_user) { create(:user) } + + it { expect_disallowed(:change_share_with_group_lock) } + end + end end |