summaryrefslogtreecommitdiff
path: root/spec/policies
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies')
-rw-r--r--spec/policies/alert_management/alert_policy_spec.rb52
-rw-r--r--spec/policies/note_policy_spec.rb33
-rw-r--r--spec/policies/project_member_policy_spec.rb6
-rw-r--r--spec/policies/project_policy_spec.rb30
4 files changed, 82 insertions, 39 deletions
diff --git a/spec/policies/alert_management/alert_policy_spec.rb b/spec/policies/alert_management/alert_policy_spec.rb
index 3e08d8b4ccc..2027c205c7b 100644
--- a/spec/policies/alert_management/alert_policy_spec.rb
+++ b/spec/policies/alert_management/alert_policy_spec.rb
@@ -3,9 +3,10 @@
require 'spec_helper'
RSpec.describe AlertManagement::AlertPolicy, :models do
- let(:alert) { create(:alert_management_alert) }
- let(:project) { alert.project }
- let(:user) { create(:user) }
+ let_it_be(:user) { create(:user) }
+ let_it_be(:project) { create(:project) }
+ let_it_be(:alert) { create(:alert_management_alert, project: project, issue: incident) }
+ let_it_be(:incident) { nil }
subject(:policy) { described_class.new(user, alert) }
@@ -21,5 +22,50 @@ RSpec.describe AlertManagement::AlertPolicy, :models do
it { is_expected.to be_allowed :read_alert_management_alert }
it { is_expected.to be_allowed :update_alert_management_alert }
end
+
+ shared_examples 'does not allow metric image reads' do
+ it { expect(policy).to be_disallowed(:read_alert_management_metric_image) }
+ end
+
+ shared_examples 'does not allow metric image updates' do
+ specify do
+ expect(policy).to be_disallowed(:upload_alert_management_metric_image)
+ expect(policy).to be_disallowed(:destroy_alert_management_metric_image)
+ end
+ end
+
+ shared_examples 'allows metric image reads' do
+ it { expect(policy).to be_allowed(:read_alert_management_metric_image) }
+ end
+
+ shared_examples 'allows metric image updates' do
+ specify do
+ expect(policy).to be_allowed(:upload_alert_management_metric_image)
+ expect(policy).to be_allowed(:destroy_alert_management_metric_image)
+ end
+ end
+
+ context 'when user is not a member' do
+ include_examples 'does not allow metric image reads'
+ include_examples 'does not allow metric image updates'
+ end
+
+ context 'when user is a guest' do
+ before do
+ project.add_guest(user)
+ end
+
+ include_examples 'does not allow metric image reads'
+ include_examples 'does not allow metric image updates'
+ end
+
+ context 'when user is a developer' do
+ before do
+ project.add_developer(user)
+ end
+
+ include_examples 'allows metric image reads'
+ include_examples 'allows metric image updates'
+ end
end
end
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb
index f6cd84f29ae..eeaa77a4589 100644
--- a/spec/policies/note_policy_spec.rb
+++ b/spec/policies/note_policy_spec.rb
@@ -359,39 +359,6 @@ RSpec.describe NotePolicy do
expect(permissions(assignee, confidential_note)).to be_disallowed(:admin_note, :reposition_note, :resolve_note)
end
end
-
- context 'for merge requests' do
- let(:merge_request) { create(:merge_request, source_project: project, author: author, assignees: [assignee]) }
- let(:confidential_note) { create(:note, :confidential, project: project, noteable: merge_request) }
-
- it_behaves_like 'confidential notes permissions'
-
- it 'allows noteable assignees to read all notes' do
- expect(permissions(assignee, confidential_note)).to be_allowed(:read_note, :award_emoji)
- expect(permissions(assignee, confidential_note)).to be_disallowed(:admin_note, :reposition_note, :resolve_note)
- end
- end
-
- context 'for project snippets' do
- let(:project_snippet) { create(:project_snippet, project: project, author: author) }
- let(:confidential_note) { create(:note, :confidential, project: project, noteable: project_snippet) }
-
- it_behaves_like 'confidential notes permissions'
- end
-
- context 'for personal snippets' do
- let(:personal_snippet) { create(:personal_snippet, author: author) }
- let(:confidential_note) { create(:note, :confidential, project: nil, noteable: personal_snippet) }
-
- it 'allows snippet author to read and resolve all notes' do
- expect(permissions(author, confidential_note)).to be_allowed(:read_note, :resolve_note, :award_emoji)
- expect(permissions(author, confidential_note)).to be_disallowed(:admin_note, :reposition_note)
- end
-
- it 'does not allow maintainers to read confidential notes and replies' do
- expect(permissions(maintainer, confidential_note)).to be_disallowed(:read_note, :admin_note, :reposition_note, :resolve_note, :award_emoji)
- end
- end
end
end
end
diff --git a/spec/policies/project_member_policy_spec.rb b/spec/policies/project_member_policy_spec.rb
index 12b3e60fdb2..b19ab71fcb5 100644
--- a/spec/policies/project_member_policy_spec.rb
+++ b/spec/policies/project_member_policy_spec.rb
@@ -23,9 +23,9 @@ RSpec.describe ProjectMemberPolicy do
it { is_expected.not_to be_allowed(:destroy_project_bot_member) }
end
- context 'when user is project owner' do
- let(:member_user) { project.first_owner }
- let(:member) { project.members.find_by!(user: member_user) }
+ context 'when user is the holder of personal namespace in which the project resides' do
+ let(:namespace_holder) { project.namespace.owner }
+ let(:member) { project.members.find_by!(user: namespace_holder) }
it { is_expected.to be_allowed(:read_project) }
it { is_expected.to be_disallowed(:update_project_member) }
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index fb1c5874335..bde83d647db 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -346,6 +346,36 @@ RSpec.describe ProjectPolicy do
end
end
+ context 'reading usage quotas' do
+ %w(maintainer owner).each do |role|
+ context "with #{role}" do
+ let(:current_user) { send(role) }
+
+ it { is_expected.to be_allowed(:read_usage_quotas) }
+ end
+ end
+
+ %w(guest reporter developer anonymous).each do |role|
+ context "with #{role}" do
+ let(:current_user) { send(role) }
+
+ it { is_expected.to be_disallowed(:read_usage_quotas) }
+ end
+ end
+
+ context 'with an admin' do
+ let(:current_user) { admin }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it { expect_allowed(:read_usage_quotas) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { expect_disallowed(:read_usage_quotas) }
+ end
+ end
+ end
+
it_behaves_like 'clusterable policies' do
let_it_be(:clusterable) { create(:project, :repository) }
let_it_be(:cluster) do
View Lorry Controller Status