diff options
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r-- | spec/policies/project_policy_spec.rb | 151 |
1 files changed, 150 insertions, 1 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index a98f091b9fc..b2fb310aca3 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -2478,7 +2478,14 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio before do current_user.set_ci_job_token_scope!(job) current_user.external = external_user - scope_project.update!(ci_outbound_job_token_scope_enabled: token_scope_enabled) + project.update!( + ci_outbound_job_token_scope_enabled: token_scope_enabled, + ci_inbound_job_token_scope_enabled: token_scope_enabled + ) + scope_project.update!( + ci_outbound_job_token_scope_enabled: token_scope_enabled, + ci_inbound_job_token_scope_enabled: token_scope_enabled + ) end it "enforces the expected permissions" do @@ -2732,6 +2739,148 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio end end + describe 'create_project_runners' do + context 'create_runner_workflow flag enabled' do + before do + stub_feature_flags(create_runner_workflow: true) + end + + context 'admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:create_project_runners) } + + context 'with project runner registration disabled' do + before do + stub_application_setting(valid_runner_registrars: ['group']) + end + + it { is_expected.to be_allowed(:create_project_runners) } + end + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_project_runners) } + + context 'with project runner registration disabled' do + before do + stub_application_setting(valid_runner_registrars: ['group']) + end + + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_project_runners) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'create_runner_workflow flag disabled' do + before do + stub_feature_flags(create_runner_workflow: false) + end + + context 'admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_disallowed(:create_project_runners) } + + context 'with project runner registration disabled' do + before do + stub_application_setting(valid_runner_registrars: ['group']) + end + + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_disallowed(:create_project_runners) } + + context 'with project runner registration disabled' do + before do + stub_application_setting(valid_runner_registrars: ['group']) + end + + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + end + describe 'update_sentry_issue' do using RSpec::Parameterized::TableSyntax |