diff options
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r-- | spec/policies/project_policy_spec.rb | 181 |
1 files changed, 128 insertions, 53 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index f91d5658626..6ec63ba61ca 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -219,41 +219,16 @@ describe ProjectPolicy do project.project_feature.update!(builds_access_level: ProjectFeature::DISABLED) end - context 'without metrics_dashboard_allowed' do - before do - project.project_feature.update(metrics_dashboard_access_level: ProjectFeature::DISABLED) - end - - it 'disallows all permissions except pipeline when the feature is disabled' do - builds_permissions = [ - :create_build, :read_build, :update_build, :admin_build, :destroy_build, - :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule, - :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment, - :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster, - :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment - ] - - expect_disallowed(*builds_permissions) - end - end - - context 'with metrics_dashboard_allowed' do - before do - project.project_feature.update(metrics_dashboard_access_level: ProjectFeature::ENABLED) - end + it 'disallows all permissions except pipeline when the feature is disabled' do + builds_permissions = [ + :create_build, :read_build, :update_build, :admin_build, :destroy_build, + :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule, + :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment, + :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster, + :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment + ] - it 'disallows all permissions except pipeline and read_environment when the feature is disabled' do - builds_permissions = [ - :create_build, :read_build, :update_build, :admin_build, :destroy_build, - :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule, - :create_environment, :update_environment, :admin_environment, :destroy_environment, - :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster, - :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment - ] - - expect_disallowed(*builds_permissions) - expect_allowed(:read_environment) - end + expect_disallowed(*builds_permissions) end end @@ -301,25 +276,8 @@ describe ProjectPolicy do ) end - context 'without metrics_dashboard_allowed' do - before do - project.project_feature.update(metrics_dashboard_access_level: ProjectFeature::DISABLED) - end - - it 'disallows all permissions when the feature is disabled' do - expect_disallowed(*repository_permissions) - end - end - - context 'with metrics_dashboard_allowed' do - before do - project.project_feature.update(metrics_dashboard_access_level: ProjectFeature::ENABLED) - end - - it 'disallows all permissions but read_environment when the feature is disabled' do - expect_disallowed(*(repository_permissions - [:read_environment])) - expect_allowed(:read_environment) - end + it 'disallows all permissions' do + expect_disallowed(*repository_permissions) end end end @@ -817,4 +775,121 @@ describe ProjectPolicy do it { is_expected.to be_disallowed(:destroy_package) } end end + + describe 'create_web_ide_terminal' do + subject { described_class.new(current_user, project) } + + context 'with admin' do + let(:current_user) { admin } + + context 'when admin mode enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:create_web_ide_terminal) } + end + + context 'when admin mode disabled' do + it { is_expected.to be_disallowed(:create_web_ide_terminal) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_web_ide_terminal) } + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_web_ide_terminal) } + end + + context 'with developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_web_ide_terminal) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_web_ide_terminal) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:create_web_ide_terminal) } + end + + context 'with non member' do + let(:current_user) { create(:user) } + + it { is_expected.to be_disallowed(:create_web_ide_terminal) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_web_ide_terminal) } + end + end + + describe 'read_repository_graphs' do + subject { described_class.new(guest, project) } + + before do + allow(subject).to receive(:allowed?).with(:read_repository_graphs).and_call_original + allow(subject).to receive(:allowed?).with(:download_code).and_return(can_download_code) + end + + context 'when user can download_code' do + let(:can_download_code) { true } + + it { is_expected.to be_allowed(:read_repository_graphs) } + end + + context 'when user cannot download_code' do + let(:can_download_code) { false } + + it { is_expected.to be_disallowed(:read_repository_graphs) } + end + end + + describe 'read_build_report_results' do + subject { described_class.new(guest, project) } + + before do + allow(subject).to receive(:allowed?).with(:read_build_report_results).and_call_original + allow(subject).to receive(:allowed?).with(:read_build).and_return(can_read_build) + allow(subject).to receive(:allowed?).with(:read_pipeline).and_return(can_read_pipeline) + end + + context 'when user can read_build and read_pipeline' do + let(:can_read_build) { true } + let(:can_read_pipeline) { true } + + it { is_expected.to be_allowed(:read_build_report_results) } + end + + context 'when user can read_build but cannot read_pipeline' do + let(:can_read_build) { true } + let(:can_read_pipeline) { false } + + it { is_expected.to be_disallowed(:read_build_report_results) } + end + + context 'when user cannot read_build but can read_pipeline' do + let(:can_read_build) { false } + let(:can_read_pipeline) { true } + + it { is_expected.to be_disallowed(:read_build_report_results) } + end + + context 'when user cannot read_build and cannot read_pipeline' do + let(:can_read_build) { false } + let(:can_read_pipeline) { false } + + it { is_expected.to be_disallowed(:read_build_report_results) } + end + end end |