summaryrefslogtreecommitdiff
path: root/spec/policies
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies')
-rw-r--r--spec/policies/application_setting/term_policy_spec.rb1
-rw-r--r--spec/policies/ci/build_policy_spec.rb1
-rw-r--r--spec/policies/design_management/design_policy_spec.rb3
-rw-r--r--spec/policies/group_deploy_keys_group_policy_spec.rb1
-rw-r--r--spec/policies/group_policy_spec.rb51
-rw-r--r--spec/policies/project_policy_spec.rb52
-rw-r--r--spec/policies/project_snippet_policy_spec.rb1
-rw-r--r--spec/policies/service_policy_spec.rb1
8 files changed, 110 insertions, 1 deletions
diff --git a/spec/policies/application_setting/term_policy_spec.rb b/spec/policies/application_setting/term_policy_spec.rb
index 00b48402fa6..fd361c8b649 100644
--- a/spec/policies/application_setting/term_policy_spec.rb
+++ b/spec/policies/application_setting/term_policy_spec.rb
@@ -6,6 +6,7 @@ RSpec.describe ApplicationSetting::TermPolicy do
include TermsHelper
let_it_be(:term) { create(:term) }
+
let(:user) { create(:user) }
subject(:policy) { described_class.new(user, term) }
diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 098efd7daa6..1ec749fb394 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -283,6 +283,7 @@ RSpec.describe Ci::BuildPolicy do
describe 'manage a web ide terminal' do
let(:build_permissions) { %i[read_web_ide_terminal create_build_terminal update_web_ide_terminal create_build_service_proxy] }
let_it_be(:maintainer) { create(:user) }
+
let(:owner) { create(:owner) }
let(:admin) { create(:admin) }
let(:maintainer) { create(:user) }
diff --git a/spec/policies/design_management/design_policy_spec.rb b/spec/policies/design_management/design_policy_spec.rb
index 117279d1638..c62e97dcdb9 100644
--- a/spec/policies/design_management/design_policy_spec.rb
+++ b/spec/policies/design_management/design_policy_spec.rb
@@ -16,6 +16,7 @@ RSpec.describe DesignManagement::DesignPolicy do
let_it_be(:admin) { create(:admin) }
let_it_be(:project) { create(:project, :public, namespace: owner.namespace) }
let_it_be(:issue) { create(:issue, project: project) }
+
let(:design) { create(:design, issue: issue) }
subject(:design_policy) { described_class.new(current_user, design) }
@@ -131,6 +132,7 @@ RSpec.describe DesignManagement::DesignPolicy do
context "for guests in private projects" do
let_it_be(:project) { create(:project, :private) }
+
let(:current_user) { guest }
it_behaves_like "read-only design abilities"
@@ -163,6 +165,7 @@ RSpec.describe DesignManagement::DesignPolicy do
context "when the project is archived" do
let_it_be(:project) { create(:project, :public, :archived) }
let_it_be(:issue) { create(:issue, project: project) }
+
let(:current_user) { owner }
it_behaves_like "read-only design abilities"
diff --git a/spec/policies/group_deploy_keys_group_policy_spec.rb b/spec/policies/group_deploy_keys_group_policy_spec.rb
index 7ad9b655411..50d555d2094 100644
--- a/spec/policies/group_deploy_keys_group_policy_spec.rb
+++ b/spec/policies/group_deploy_keys_group_policy_spec.rb
@@ -8,6 +8,7 @@ RSpec.describe GroupDeployKeysGroupPolicy do
let_it_be(:user) { create(:user) }
let_it_be(:group) { create(:group) }
let_it_be(:group_deploy_key) { create(:group_deploy_key) }
+
let(:group_deploy_keys_group) { create(:group_deploy_keys_group, group: group, group_deploy_key: group_deploy_key) }
describe 'edit a group deploy key for a given group' do
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 1794934dd20..f5e389ff338 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -722,6 +722,7 @@ RSpec.describe GroupPolicy do
describe 'design activity' do
let_it_be(:group) { create(:group, :public) }
+
let(:current_user) { nil }
subject { described_class.new(current_user, group) }
@@ -922,4 +923,54 @@ RSpec.describe GroupPolicy do
it { expect(described_class.new(current_user, subgroup)).to be_allowed(:read_label) }
end
end
+
+ context 'timelogs' do
+ context 'with admin' do
+ let(:current_user) { admin }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+ end
+
+ context 'with owner' do
+ let(:current_user) { owner }
+
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'with maintainer' do
+ let(:current_user) { maintainer }
+
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'with reporter' do
+ let(:current_user) { reporter }
+
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'with guest' do
+ let(:current_user) { guest }
+
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+
+ context 'with non member' do
+ let(:current_user) { create(:user) }
+
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+
+ context 'with anonymous' do
+ let(:current_user) { nil }
+
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+ end
end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 60c54f97312..f2c941080b5 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -511,7 +511,7 @@ RSpec.describe ProjectPolicy do
project.add_maintainer(project_bot)
end
- it { is_expected.not_to be_allowed(:admin_resource_access_tokens)}
+ it { is_expected.not_to be_allowed(:create_resource_access_tokens)}
end
end
@@ -1353,4 +1353,54 @@ RSpec.describe ProjectPolicy do
end
end
end
+
+ context 'timelogs' do
+ context 'with admin' do
+ let(:current_user) { admin }
+
+ context 'when admin mode enabled', :enable_admin_mode do
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'when admin mode disabled' do
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+ end
+
+ context 'with owner' do
+ let(:current_user) { owner }
+
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'with maintainer' do
+ let(:current_user) { maintainer }
+
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'with reporter' do
+ let(:current_user) { reporter }
+
+ it { is_expected.to be_allowed(:read_group_timelogs) }
+ end
+
+ context 'with guest' do
+ let(:current_user) { guest }
+
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+
+ context 'with non member' do
+ let(:current_user) { non_member }
+
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+
+ context 'with anonymous' do
+ let(:current_user) { anonymous }
+
+ it { is_expected.to be_disallowed(:read_group_timelogs) }
+ end
+ end
end
diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb
index bdf9eaedbf1..8b96aa99f69 100644
--- a/spec/policies/project_snippet_policy_spec.rb
+++ b/spec/policies/project_snippet_policy_spec.rb
@@ -8,6 +8,7 @@ RSpec.describe ProjectSnippetPolicy do
let_it_be(:other_user) { create(:user) }
let_it_be(:external_user) { create(:user, :external) }
let_it_be(:project) { create(:project, :public) }
+
let(:snippet) { create(:project_snippet, snippet_visibility, project: project, author: author) }
let(:author) { other_user }
let(:author_permissions) do
diff --git a/spec/policies/service_policy_spec.rb b/spec/policies/service_policy_spec.rb
index 5d2c9c1f6c3..84c74ca7e31 100644
--- a/spec/policies/service_policy_spec.rb
+++ b/spec/policies/service_policy_spec.rb
@@ -4,6 +4,7 @@ require 'spec_helper'
RSpec.describe ServicePolicy, :models do
let_it_be(:user) { create(:user) }
+
let(:project) { integration.project }
subject(:policy) { Ability.policy_for(user, integration) }
View Lorry Controller Status