diff options
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 8bd4a463f87..6ba3ab6aace 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -468,6 +468,49 @@ RSpec.describe ProjectPolicy do end end + context "project bots" do + let(:project_bot) { create(:user, :project_bot) } + let(:user) { create(:user) } + + context "project_bot_access" do + context "when regular user and part of the project" do + let(:current_user) { user } + + before do + project.add_developer(user) + end + + it { is_expected.not_to be_allowed(:project_bot_access)} + end + + context "when project bot and not part of the project" do + let(:current_user) { project_bot } + + it { is_expected.not_to be_allowed(:project_bot_access)} + end + + context "when project bot and part of the project" do + let(:current_user) { project_bot } + + before do + project.add_developer(project_bot) + end + + it { is_expected.to be_allowed(:project_bot_access)} + end + end + + context 'with resource access tokens' do + let(:current_user) { project_bot } + + before do + project.add_maintainer(project_bot) + end + + it { is_expected.not_to be_allowed(:admin_resource_access_tokens)} + end + end + describe 'read_prometheus_alerts' do context 'with admin' do let(:current_user) { admin } @@ -822,6 +865,28 @@ RSpec.describe ProjectPolicy do end end + context 'security configuration feature' do + %w(guest reporter).each do |role| + context role do + let(:current_user) { send(role) } + + it 'prevents reading security configuration' do + expect_disallowed(:read_security_configuration) + end + end + end + + %w(developer maintainer owner).each do |role| + context role do + let(:current_user) { send(role) } + + it 'allows reading security configuration' do + expect_allowed(:read_security_configuration) + end + end + end + end + describe 'design permissions' do let(:current_user) { guest } |