summaryrefslogtreecommitdiff
path: root/spec/policies/project_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r--spec/policies/project_policy_spec.rb148
1 files changed, 132 insertions, 16 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index a7a06744428..658e3c13a73 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -1,20 +1,69 @@
require 'spec_helper'
describe ProjectPolicy, models: true do
- let(:project) { create(:empty_project, :public) }
let(:guest) { create(:user) }
let(:reporter) { create(:user) }
let(:dev) { create(:user) }
let(:master) { create(:user) }
let(:owner) { create(:user) }
- let(:admin) { create(:admin) }
+ let(:project) { create(:empty_project, :public, namespace: owner.namespace) }
- let(:users_ordered_by_permissions) do
- [nil, guest, reporter, dev, master, owner, admin]
+ let(:guest_permissions) do
+ [
+ :read_project, :read_board, :read_list, :read_wiki, :read_issue, :read_label,
+ :read_milestone, :read_project_snippet, :read_project_member,
+ :read_note, :create_project, :create_issue, :create_note,
+ :upload_file
+ ]
end
- let(:users_permissions) do
- users_ordered_by_permissions.map { |u| Ability.allowed(u, project).size }
+ let(:reporter_permissions) do
+ [
+ :download_code, :fork_project, :create_project_snippet, :update_issue,
+ :admin_issue, :admin_label, :admin_list, :read_commit_status, :read_build,
+ :read_container_image, :read_pipeline, :read_environment, :read_deployment,
+ :read_merge_request
+ ]
+ end
+
+ let(:team_member_reporter_permissions) do
+ [
+ :build_download_code, :build_read_container_image
+ ]
+ end
+
+ let(:developer_permissions) do
+ [
+ :admin_merge_request, :update_merge_request, :create_commit_status,
+ :update_commit_status, :create_build, :update_build, :create_pipeline,
+ :update_pipeline, :create_merge_request, :create_wiki, :push_code,
+ :resolve_note, :create_container_image, :update_container_image,
+ :create_environment, :create_deployment
+ ]
+ end
+
+ let(:master_permissions) do
+ [
+ :push_code_to_protected_branches, :update_project_snippet, :update_environment,
+ :update_deployment, :admin_milestone, :admin_project_snippet,
+ :admin_project_member, :admin_note, :admin_wiki, :admin_project,
+ :admin_commit_status, :admin_build, :admin_container_image,
+ :admin_pipeline, :admin_environment, :admin_deployment
+ ]
+ end
+
+ let(:public_permissions) do
+ [
+ :download_code, :fork_project, :read_commit_status, :read_pipeline,
+ :read_container_image, :build_download_code, :build_read_container_image
+ ]
+ end
+
+ let(:owner_permissions) do
+ [
+ :change_namespace, :change_visibility_level, :rename_project, :remove_project,
+ :archive_project, :remove_fork_project, :destroy_merge_request, :destroy_issue
+ ]
end
before do
@@ -22,16 +71,6 @@ describe ProjectPolicy, models: true do
project.team << [master, :master]
project.team << [dev, :developer]
project.team << [reporter, :reporter]
-
- group = create(:group)
- project.project_group_links.create(
- group: group,
- group_access: Gitlab::Access::MASTER)
- group.add_owner(owner)
- end
-
- it 'returns increasing permissions for each level' do
- expect(users_permissions).to eq(users_permissions.sort.uniq)
end
it 'does not include the read_issue permission when the issue author is not a member of the private project' do
@@ -46,4 +85,81 @@ describe ProjectPolicy, models: true do
expect(Ability.allowed?(user, :read_issue, project)).to be_falsy
end
+
+ context 'abilities for non-public projects' do
+ let(:project) { create(:empty_project, namespace: owner.namespace) }
+
+ subject { described_class.abilities(current_user, project).to_set }
+
+ context 'with no user' do
+ let(:current_user) { nil }
+
+ it { is_expected.to be_empty }
+ end
+
+ context 'guests' do
+ let(:current_user) { guest }
+
+ it do
+ is_expected.to include(*guest_permissions)
+ is_expected.not_to include(*reporter_permissions)
+ is_expected.not_to include(*team_member_reporter_permissions)
+ is_expected.not_to include(*developer_permissions)
+ is_expected.not_to include(*master_permissions)
+ is_expected.not_to include(*owner_permissions)
+ end
+ end
+
+ context 'reporter' do
+ let(:current_user) { reporter }
+
+ it do
+ is_expected.to include(*guest_permissions)
+ is_expected.to include(*reporter_permissions)
+ is_expected.to include(*team_member_reporter_permissions)
+ is_expected.not_to include(*developer_permissions)
+ is_expected.not_to include(*master_permissions)
+ is_expected.not_to include(*owner_permissions)
+ end
+ end
+
+ context 'developer' do
+ let(:current_user) { dev }
+
+ it do
+ is_expected.to include(*guest_permissions)
+ is_expected.to include(*reporter_permissions)
+ is_expected.to include(*team_member_reporter_permissions)
+ is_expected.to include(*developer_permissions)
+ is_expected.not_to include(*master_permissions)
+ is_expected.not_to include(*owner_permissions)
+ end
+ end
+
+ context 'master' do
+ let(:current_user) { master }
+
+ it do
+ is_expected.to include(*guest_permissions)
+ is_expected.to include(*reporter_permissions)
+ is_expected.to include(*team_member_reporter_permissions)
+ is_expected.to include(*developer_permissions)
+ is_expected.to include(*master_permissions)
+ is_expected.not_to include(*owner_permissions)
+ end
+ end
+
+ context 'owner' do
+ let(:current_user) { owner }
+
+ it do
+ is_expected.to include(*guest_permissions)
+ is_expected.to include(*reporter_permissions)
+ is_expected.not_to include(*team_member_reporter_permissions)
+ is_expected.to include(*developer_permissions)
+ is_expected.to include(*master_permissions)
+ is_expected.to include(*owner_permissions)
+ end
+ end
+ end
end
View Lorry Controller Status