diff options
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/application_setting/term_policy_spec.rb | 1 | ||||
-rw-r--r-- | spec/policies/ci/build_policy_spec.rb | 1 | ||||
-rw-r--r-- | spec/policies/design_management/design_policy_spec.rb | 3 | ||||
-rw-r--r-- | spec/policies/group_deploy_keys_group_policy_spec.rb | 1 | ||||
-rw-r--r-- | spec/policies/group_policy_spec.rb | 51 | ||||
-rw-r--r-- | spec/policies/project_policy_spec.rb | 52 | ||||
-rw-r--r-- | spec/policies/project_snippet_policy_spec.rb | 1 | ||||
-rw-r--r-- | spec/policies/service_policy_spec.rb | 1 |
8 files changed, 110 insertions, 1 deletions
diff --git a/spec/policies/application_setting/term_policy_spec.rb b/spec/policies/application_setting/term_policy_spec.rb index 00b48402fa6..fd361c8b649 100644 --- a/spec/policies/application_setting/term_policy_spec.rb +++ b/spec/policies/application_setting/term_policy_spec.rb @@ -6,6 +6,7 @@ RSpec.describe ApplicationSetting::TermPolicy do include TermsHelper let_it_be(:term) { create(:term) } + let(:user) { create(:user) } subject(:policy) { described_class.new(user, term) } diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb index 098efd7daa6..1ec749fb394 100644 --- a/spec/policies/ci/build_policy_spec.rb +++ b/spec/policies/ci/build_policy_spec.rb @@ -283,6 +283,7 @@ RSpec.describe Ci::BuildPolicy do describe 'manage a web ide terminal' do let(:build_permissions) { %i[read_web_ide_terminal create_build_terminal update_web_ide_terminal create_build_service_proxy] } let_it_be(:maintainer) { create(:user) } + let(:owner) { create(:owner) } let(:admin) { create(:admin) } let(:maintainer) { create(:user) } diff --git a/spec/policies/design_management/design_policy_spec.rb b/spec/policies/design_management/design_policy_spec.rb index 117279d1638..c62e97dcdb9 100644 --- a/spec/policies/design_management/design_policy_spec.rb +++ b/spec/policies/design_management/design_policy_spec.rb @@ -16,6 +16,7 @@ RSpec.describe DesignManagement::DesignPolicy do let_it_be(:admin) { create(:admin) } let_it_be(:project) { create(:project, :public, namespace: owner.namespace) } let_it_be(:issue) { create(:issue, project: project) } + let(:design) { create(:design, issue: issue) } subject(:design_policy) { described_class.new(current_user, design) } @@ -131,6 +132,7 @@ RSpec.describe DesignManagement::DesignPolicy do context "for guests in private projects" do let_it_be(:project) { create(:project, :private) } + let(:current_user) { guest } it_behaves_like "read-only design abilities" @@ -163,6 +165,7 @@ RSpec.describe DesignManagement::DesignPolicy do context "when the project is archived" do let_it_be(:project) { create(:project, :public, :archived) } let_it_be(:issue) { create(:issue, project: project) } + let(:current_user) { owner } it_behaves_like "read-only design abilities" diff --git a/spec/policies/group_deploy_keys_group_policy_spec.rb b/spec/policies/group_deploy_keys_group_policy_spec.rb index 7ad9b655411..50d555d2094 100644 --- a/spec/policies/group_deploy_keys_group_policy_spec.rb +++ b/spec/policies/group_deploy_keys_group_policy_spec.rb @@ -8,6 +8,7 @@ RSpec.describe GroupDeployKeysGroupPolicy do let_it_be(:user) { create(:user) } let_it_be(:group) { create(:group) } let_it_be(:group_deploy_key) { create(:group_deploy_key) } + let(:group_deploy_keys_group) { create(:group_deploy_keys_group, group: group, group_deploy_key: group_deploy_key) } describe 'edit a group deploy key for a given group' do diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 1794934dd20..f5e389ff338 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -722,6 +722,7 @@ RSpec.describe GroupPolicy do describe 'design activity' do let_it_be(:group) { create(:group, :public) } + let(:current_user) { nil } subject { described_class.new(current_user, group) } @@ -922,4 +923,54 @@ RSpec.describe GroupPolicy do it { expect(described_class.new(current_user, subgroup)).to be_allowed(:read_label) } end end + + context 'timelogs' do + context 'with admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + + context 'with non member' do + let(:current_user) { create(:user) } + + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + end end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 60c54f97312..f2c941080b5 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -511,7 +511,7 @@ RSpec.describe ProjectPolicy do project.add_maintainer(project_bot) end - it { is_expected.not_to be_allowed(:admin_resource_access_tokens)} + it { is_expected.not_to be_allowed(:create_resource_access_tokens)} end end @@ -1353,4 +1353,54 @@ RSpec.describe ProjectPolicy do end end end + + context 'timelogs' do + context 'with admin' do + let(:current_user) { admin } + + context 'when admin mode enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'when admin mode disabled' do + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_allowed(:read_group_timelogs) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + + context 'with non member' do + let(:current_user) { non_member } + + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + + context 'with anonymous' do + let(:current_user) { anonymous } + + it { is_expected.to be_disallowed(:read_group_timelogs) } + end + end end diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb index bdf9eaedbf1..8b96aa99f69 100644 --- a/spec/policies/project_snippet_policy_spec.rb +++ b/spec/policies/project_snippet_policy_spec.rb @@ -8,6 +8,7 @@ RSpec.describe ProjectSnippetPolicy do let_it_be(:other_user) { create(:user) } let_it_be(:external_user) { create(:user, :external) } let_it_be(:project) { create(:project, :public) } + let(:snippet) { create(:project_snippet, snippet_visibility, project: project, author: author) } let(:author) { other_user } let(:author_permissions) do diff --git a/spec/policies/service_policy_spec.rb b/spec/policies/service_policy_spec.rb index 5d2c9c1f6c3..84c74ca7e31 100644 --- a/spec/policies/service_policy_spec.rb +++ b/spec/policies/service_policy_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' RSpec.describe ServicePolicy, :models do let_it_be(:user) { create(:user) } + let(:project) { integration.project } subject(:policy) { Ability.policy_for(user, integration) } |