diff options
Diffstat (limited to 'spec/policies')
42 files changed, 291 insertions, 129 deletions
diff --git a/spec/policies/alert_management/alert_policy_spec.rb b/spec/policies/alert_management/alert_policy_spec.rb index 0d7624a0142..3e08d8b4ccc 100644 --- a/spec/policies/alert_management/alert_policy_spec.rb +++ b/spec/policies/alert_management/alert_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe AlertManagement::AlertPolicy, :models do +RSpec.describe AlertManagement::AlertPolicy, :models do let(:alert) { create(:alert_management_alert) } let(:project) { alert.project } let(:user) { create(:user) } diff --git a/spec/policies/application_setting/term_policy_spec.rb b/spec/policies/application_setting/term_policy_spec.rb index 2b5b9758ec2..00b48402fa6 100644 --- a/spec/policies/application_setting/term_policy_spec.rb +++ b/spec/policies/application_setting/term_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe ApplicationSetting::TermPolicy do +RSpec.describe ApplicationSetting::TermPolicy do include TermsHelper let_it_be(:term) { create(:term) } diff --git a/spec/policies/award_emoji_policy_spec.rb b/spec/policies/award_emoji_policy_spec.rb index 2e3693c58d7..bd34a656e12 100644 --- a/spec/policies/award_emoji_policy_spec.rb +++ b/spec/policies/award_emoji_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe AwardEmojiPolicy do +RSpec.describe AwardEmojiPolicy do let(:user) { create(:user) } let(:award_emoji) { create(:award_emoji, awardable: awardable) } diff --git a/spec/policies/base_policy_spec.rb b/spec/policies/base_policy_spec.rb index 67f7452528a..103f2e9bc39 100644 --- a/spec/policies/base_policy_spec.rb +++ b/spec/policies/base_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe BasePolicy do +RSpec.describe BasePolicy do include ExternalAuthorizationServiceHelpers include AdminModeHelper diff --git a/spec/policies/blob_policy_spec.rb b/spec/policies/blob_policy_spec.rb index e48dd751a8f..fc46b25f25c 100644 --- a/spec/policies/blob_policy_spec.rb +++ b/spec/policies/blob_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe BlobPolicy, :enable_admin_mode do +RSpec.describe BlobPolicy, :enable_admin_mode do include_context 'ProjectPolicyTable context' include ProjectHelpers using RSpec::Parameterized::TableSyntax diff --git a/spec/policies/board_policy_spec.rb b/spec/policies/board_policy_spec.rb index 35eac8a02c4..6940e75ec37 100644 --- a/spec/policies/board_policy_spec.rb +++ b/spec/policies/board_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe BoardPolicy do +RSpec.describe BoardPolicy do let(:user) { create(:user) } let(:project) { create(:project, :private) } let(:group) { create(:group, :private) } diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb index 5857369a550..d2547338855 100644 --- a/spec/policies/ci/build_policy_spec.rb +++ b/spec/policies/ci/build_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Ci::BuildPolicy do +RSpec.describe Ci::BuildPolicy do let(:user) { create(:user) } let(:build) { create(:ci_build, pipeline: pipeline) } let(:pipeline) { create(:ci_empty_pipeline, project: project) } diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb index 293fe1fc5b9..fcd96bc6653 100644 --- a/spec/policies/ci/pipeline_policy_spec.rb +++ b/spec/policies/ci/pipeline_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Ci::PipelinePolicy, :models do +RSpec.describe Ci::PipelinePolicy, :models do let(:user) { create(:user) } let(:pipeline) { create(:ci_empty_pipeline, project: project) } diff --git a/spec/policies/ci/pipeline_schedule_policy_spec.rb b/spec/policies/ci/pipeline_schedule_policy_spec.rb index d503401f7cf..b455384d17a 100644 --- a/spec/policies/ci/pipeline_schedule_policy_spec.rb +++ b/spec/policies/ci/pipeline_schedule_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Ci::PipelineSchedulePolicy, :models do +RSpec.describe Ci::PipelineSchedulePolicy, :models do let_it_be(:user) { create(:user) } let_it_be(:project) { create(:project, :repository) } let_it_be(:pipeline_schedule, reload: true) { create(:ci_pipeline_schedule, :nightly, project: project) } diff --git a/spec/policies/ci/trigger_policy_spec.rb b/spec/policies/ci/trigger_policy_spec.rb index 28e5a2b2cd6..b8b54e57035 100644 --- a/spec/policies/ci/trigger_policy_spec.rb +++ b/spec/policies/ci/trigger_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Ci::TriggerPolicy do +RSpec.describe Ci::TriggerPolicy do let(:user) { create(:user) } let(:project) { create(:project) } let(:trigger) { create(:ci_trigger, project: project, owner: create(:user)) } diff --git a/spec/policies/clusters/cluster_policy_spec.rb b/spec/policies/clusters/cluster_policy_spec.rb index 26cfc19862a..0b931c6f927 100644 --- a/spec/policies/clusters/cluster_policy_spec.rb +++ b/spec/policies/clusters/cluster_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::ClusterPolicy, :models do +RSpec.describe Clusters::ClusterPolicy, :models do let(:cluster) { create(:cluster, :project) } let(:project) { cluster.project } let(:user) { create(:user) } diff --git a/spec/policies/clusters/instance_policy_spec.rb b/spec/policies/clusters/instance_policy_spec.rb index dfe480d7fa4..f90841fc311 100644 --- a/spec/policies/clusters/instance_policy_spec.rb +++ b/spec/policies/clusters/instance_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::InstancePolicy do +RSpec.describe Clusters::InstancePolicy do let(:user) { create(:user) } let(:policy) { described_class.new(user, Clusters::Instance.new) } diff --git a/spec/policies/commit_policy_spec.rb b/spec/policies/commit_policy_spec.rb index 40183f51e9e..0d3dcc97565 100644 --- a/spec/policies/commit_policy_spec.rb +++ b/spec/policies/commit_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe CommitPolicy do +RSpec.describe CommitPolicy do describe '#rules' do let(:user) { create(:user) } let(:commit) { project.repository.head_commit } diff --git a/spec/policies/concerns/policy_actor_spec.rb b/spec/policies/concerns/policy_actor_spec.rb index 27db9710a38..7271cbb4a9d 100644 --- a/spec/policies/concerns/policy_actor_spec.rb +++ b/spec/policies/concerns/policy_actor_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe PolicyActor do +RSpec.describe PolicyActor do it 'implements all the methods from user' do methods = subject.instance_methods diff --git a/spec/policies/deploy_key_policy_spec.rb b/spec/policies/deploy_key_policy_spec.rb index 545647e2c67..d84b80a8738 100644 --- a/spec/policies/deploy_key_policy_spec.rb +++ b/spec/policies/deploy_key_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe DeployKeyPolicy do +RSpec.describe DeployKeyPolicy do subject { described_class.new(current_user, deploy_key) } describe 'updating a deploy_key' do diff --git a/spec/policies/deploy_keys_project_policy_spec.rb b/spec/policies/deploy_keys_project_policy_spec.rb index 952da86b7a7..3be55e9238c 100644 --- a/spec/policies/deploy_keys_project_policy_spec.rb +++ b/spec/policies/deploy_keys_project_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe DeployKeysProjectPolicy do +RSpec.describe DeployKeysProjectPolicy do subject { described_class.new(current_user, deploy_key.deploy_keys_project_for(project)) } describe 'updating a deploy_keys_project' do diff --git a/spec/policies/deploy_token_policy_spec.rb b/spec/policies/deploy_token_policy_spec.rb index 43e23ee55ac..f218828052e 100644 --- a/spec/policies/deploy_token_policy_spec.rb +++ b/spec/policies/deploy_token_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe DeployTokenPolicy do +RSpec.describe DeployTokenPolicy do let(:current_user) { create(:user) } let(:project) { create(:project) } let(:deploy_token) { create(:deploy_token, projects: [project]) } diff --git a/spec/policies/design_management/design_policy_spec.rb b/spec/policies/design_management/design_policy_spec.rb index a566aecc4b7..5dde5f896c9 100644 --- a/spec/policies/design_management/design_policy_spec.rb +++ b/spec/policies/design_management/design_policy_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true require 'spec_helper' -describe DesignManagement::DesignPolicy do +RSpec.describe DesignManagement::DesignPolicy do include DesignManagementTestHelpers include_context 'ProjectPolicy context' diff --git a/spec/policies/environment_policy_spec.rb b/spec/policies/environment_policy_spec.rb index 75fca464ec8..649b1a770c0 100644 --- a/spec/policies/environment_policy_spec.rb +++ b/spec/policies/environment_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe EnvironmentPolicy do +RSpec.describe EnvironmentPolicy do using RSpec::Parameterized::TableSyntax let(:user) { create(:user) } diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index e8ba4eed4ec..4954eafe338 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe GlobalPolicy do +RSpec.describe GlobalPolicy do include TermsHelper let_it_be(:project_bot) { create(:user, :project_bot) } @@ -130,6 +130,24 @@ describe GlobalPolicy do end end + describe 'using project statistics filters' do + context 'regular user' do + it { is_expected.not_to be_allowed(:use_project_statistics_filters) } + end + + context 'admin' do + let(:current_user) { create(:user, :admin) } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:use_project_statistics_filters) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:use_project_statistics_filters) } + end + end + end + shared_examples 'access allowed when terms accepted' do |ability| it { is_expected.not_to be_allowed(ability) } diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb index a4f3301a064..4215fa09301 100644 --- a/spec/policies/group_member_policy_spec.rb +++ b/spec/policies/group_member_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe GroupMemberPolicy do +RSpec.describe GroupMemberPolicy do let(:guest) { create(:user) } let(:owner) { create(:user) } let(:group) { create(:group, :private) } diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 6b17a8285a2..733cc9bd9cb 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe GroupPolicy do +RSpec.describe GroupPolicy do include_context 'GroupPolicy context' context 'public group with no user' do @@ -154,7 +154,7 @@ describe GroupPolicy do context 'admin' do let(:current_user) { admin } - it do + specify do expect_allowed(*read_group_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) @@ -162,6 +162,10 @@ describe GroupPolicy do expect_allowed(*maintainer_permissions) expect_allowed(*owner_permissions) end + + context 'with admin mode', :enable_admin_mode do + specify { expect_allowed(*admin_permissions) } + end end describe 'private nested group use the highest access level from the group and inherited permissions' do @@ -661,4 +665,61 @@ describe GroupPolicy do end end end + + describe 'design activity' do + let_it_be(:group) { create(:group, :public) } + let(:current_user) { nil } + + subject { described_class.new(current_user, group) } + + context 'when design management is not available' do + it { is_expected.not_to be_allowed(:read_design_activity) } + + context 'even when there are projects in the group' do + before do + create_list(:project_group_link, 2, group: group) + end + + it { is_expected.not_to be_allowed(:read_design_activity) } + end + end + + context 'when design management is available globally' do + include DesignManagementTestHelpers + + before do + enable_design_management + end + + context 'the group has no projects' do + it { is_expected.not_to be_allowed(:read_design_activity) } + end + + context 'the group has a project' do + let(:project) { create(:project, :public) } + + before do + create(:project_group_link, project: project, group: group) + end + + it { is_expected.to be_allowed(:read_design_activity) } + + context 'which does not have design management enabled' do + before do + project.update(lfs_enabled: false) + end + + it { is_expected.not_to be_allowed(:read_design_activity) } + + context 'but another project does' do + before do + create(:project_group_link, project: create(:project, :public), group: group) + end + + it { is_expected.to be_allowed(:read_design_activity) } + end + end + end + end + end end diff --git a/spec/policies/identity_provider_policy_spec.rb b/spec/policies/identity_provider_policy_spec.rb index 52b6d2c89ba..f6b4e15cff9 100644 --- a/spec/policies/identity_provider_policy_spec.rb +++ b/spec/policies/identity_provider_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe IdentityProviderPolicy do +RSpec.describe IdentityProviderPolicy do subject(:policy) { described_class.new(user, provider) } let(:user) { User.new } diff --git a/spec/policies/issuable_policy_spec.rb b/spec/policies/issuable_policy_spec.rb index 18e35308ecd..20eb09e11c9 100644 --- a/spec/policies/issuable_policy_spec.rb +++ b/spec/policies/issuable_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe IssuablePolicy, models: true do +RSpec.describe IssuablePolicy, models: true do let(:user) { create(:user) } let(:project) { create(:project, :public) } let(:issue) { create(:issue, project: project) } diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb index 9d52079e4be..b3ca37b17c2 100644 --- a/spec/policies/issue_policy_spec.rb +++ b/spec/policies/issue_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe IssuePolicy do +RSpec.describe IssuePolicy do include ExternalAuthorizationServiceHelpers let(:guest) { create(:user) } diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb index 31ced5db953..2f3cb2e998a 100644 --- a/spec/policies/merge_request_policy_spec.rb +++ b/spec/policies/merge_request_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe MergeRequestPolicy do +RSpec.describe MergeRequestPolicy do include ExternalAuthorizationServiceHelpers let(:guest) { create(:user) } @@ -24,6 +24,7 @@ describe MergeRequestPolicy do mr_perms = %i[create_merge_request_in create_merge_request_from read_merge_request + approve_merge_request create_note].freeze shared_examples_for 'a denied user' do diff --git a/spec/policies/metrics/dashboard/annotation_policy_spec.rb b/spec/policies/metrics/dashboard/annotation_policy_spec.rb index 4dc5f4cd0b4..0c59b39ae3e 100644 --- a/spec/policies/metrics/dashboard/annotation_policy_spec.rb +++ b/spec/policies/metrics/dashboard/annotation_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Metrics::Dashboard::AnnotationPolicy, :models do +RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do shared_examples 'metrics dashboard annotation policy' do context 'when guest' do before do diff --git a/spec/policies/namespace/root_storage_statistics_policy_spec.rb b/spec/policies/namespace/root_storage_statistics_policy_spec.rb index 8d53050fffb..e6b58bca4a8 100644 --- a/spec/policies/namespace/root_storage_statistics_policy_spec.rb +++ b/spec/policies/namespace/root_storage_statistics_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Namespace::RootStorageStatisticsPolicy do +RSpec.describe Namespace::RootStorageStatisticsPolicy do using RSpec::Parameterized::TableSyntax describe '#rules' do diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespace_policy_spec.rb index 01162dc0fc4..f2f411e48d6 100644 --- a/spec/policies/namespace_policy_spec.rb +++ b/spec/policies/namespace_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe NamespacePolicy do +RSpec.describe NamespacePolicy do let(:user) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb index 1e3bd0d9147..a4cc3a1e9af 100644 --- a/spec/policies/note_policy_spec.rb +++ b/spec/policies/note_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe NotePolicy do +RSpec.describe NotePolicy do describe '#rules' do let(:user) { create(:user) } let(:project) { create(:project, :public) } diff --git a/spec/policies/packages/package_policy_spec.rb b/spec/policies/packages/package_policy_spec.rb new file mode 100644 index 00000000000..13935974b44 --- /dev/null +++ b/spec/policies/packages/package_policy_spec.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Packages::PackagePolicy do + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project) } + let_it_be(:package) { create(:package, project: project) } + + subject(:policy) { described_class.new(user, package) } + + context 'when the user is part of the project' do + before do + project.add_reporter(user) + end + + it 'allows read_package' do + expect(policy).to be_allowed(:read_package) + end + end + + context 'when the user is not part of the project' do + it 'disallows read_package for any Package' do + expect(policy).to be_disallowed(:read_package) + end + end +end diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb index 5fc48717d86..d546805ce01 100644 --- a/spec/policies/personal_snippet_policy_spec.rb +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' # Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb -describe PersonalSnippetPolicy do +RSpec.describe PersonalSnippetPolicy do let(:regular_user) { create(:user) } let(:external_user) { create(:user, :external) } let(:admin_user) { create(:user, :admin) } diff --git a/spec/policies/project_member_policy_spec.rb b/spec/policies/project_member_policy_spec.rb new file mode 100644 index 00000000000..ab8f8b83e7f --- /dev/null +++ b/spec/policies/project_member_policy_spec.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ProjectMemberPolicy do + let(:project) { create(:project) } + let(:maintainer_user) { create(:user) } + let(:member) { create(:project_member, project: project, user: member_user) } + + subject { described_class.new(maintainer_user, member) } + + before do + create(:project_member, :maintainer, project: project, user: maintainer_user) + end + + context 'with regular member' do + let(:member_user) { create(:user) } + + it { is_expected.to be_allowed(:update_project_member) } + it { is_expected.to be_allowed(:destroy_project_member) } + + it { is_expected.not_to be_allowed(:destroy_project_bot_member) } + end + + context 'with a bot member' do + let(:member_user) { create(:user, :project_bot) } + + it { is_expected.to be_allowed(:destroy_project_bot_member) } + + it { is_expected.not_to be_allowed(:update_project_member) } + it { is_expected.not_to be_allowed(:destroy_project_member) } + end +end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 6ec63ba61ca..dc6ed94309b 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe ProjectPolicy do +RSpec.describe ProjectPolicy do include ExternalAuthorizationServiceHelpers include_context 'ProjectPolicy context' let_it_be(:other_user) { create(:user) } @@ -30,7 +30,7 @@ describe ProjectPolicy do admin_issue admin_label admin_list read_commit_status read_build read_container_image read_pipeline read_environment read_deployment read_merge_request download_wiki_code read_sentry_issue read_metrics_dashboard_annotation - metrics_dashboard + metrics_dashboard read_confidential_issues ] end @@ -46,6 +46,7 @@ describe ProjectPolicy do resolve_note create_container_image update_container_image destroy_container_image daily_statistics create_environment update_environment create_deployment update_deployment create_release update_release create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation + read_terraform_state ] end @@ -496,6 +497,33 @@ describe ProjectPolicy do end end + context 'support bot' do + let(:current_user) { User.support_bot } + + subject { described_class.new(current_user, project) } + + context 'with service desk disabled' do + it { expect_allowed(:guest_access) } + it { expect_disallowed(:create_note, :read_project) } + end + + context 'with service desk enabled' do + before do + allow(project).to receive(:service_desk_enabled?).and_return(true) + end + + it { expect_allowed(:reporter_access, :create_note, :read_issue) } + + context 'when issues are protected members only' do + before do + project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE) + end + + it { expect_allowed(:reporter_access, :create_note, :read_issue) } + end + end + end + describe 'read_prometheus_alerts' do subject { described_class.new(current_user, project) } @@ -855,6 +883,28 @@ describe ProjectPolicy do end end + describe 'design permissions' do + subject { described_class.new(guest, project) } + + let(:design_permissions) do + %i[read_design_activity read_design] + end + + context 'when design management is not available' do + it { is_expected.not_to be_allowed(*design_permissions) } + end + + context 'when design management is available' do + include DesignManagementTestHelpers + + before do + enable_design_management + end + + it { is_expected.to be_allowed(*design_permissions) } + end + end + describe 'read_build_report_results' do subject { described_class.new(guest, project) } @@ -892,4 +942,64 @@ describe ProjectPolicy do it { is_expected.to be_disallowed(:read_build_report_results) } end end + + describe 'read_package' do + subject { described_class.new(current_user, project) } + + context 'with admin' do + let(:current_user) { admin } + + it { is_expected.to be_allowed(:read_package) } + + context 'when repository is disabled' do + before do + project.project_feature.update(repository_access_level: ProjectFeature::DISABLED) + end + + it { is_expected.to be_disallowed(:read_package) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:read_package) } + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:read_package) } + end + + context 'with developer' do + let(:current_user) { developer } + + it { is_expected.to be_allowed(:read_package) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_allowed(:read_package) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_allowed(:read_package) } + end + + context 'with non member' do + let(:current_user) { create(:user) } + + it { is_expected.to be_allowed(:read_package) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_allowed(:read_package) } + end + end end diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb index 3864666f587..bdf9eaedbf1 100644 --- a/spec/policies/project_snippet_policy_spec.rb +++ b/spec/policies/project_snippet_policy_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' # Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb -describe ProjectSnippetPolicy do +RSpec.describe ProjectSnippetPolicy do let_it_be(:regular_user) { create(:user) } let_it_be(:other_user) { create(:user) } let_it_be(:external_user) { create(:user, :external) } diff --git a/spec/policies/project_statistics_policy_spec.rb b/spec/policies/project_statistics_policy_spec.rb index 50dfbf7291b..74630dc38ad 100644 --- a/spec/policies/project_statistics_policy_spec.rb +++ b/spec/policies/project_statistics_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe ProjectStatisticsPolicy do +RSpec.describe ProjectStatisticsPolicy do using RSpec::Parameterized::TableSyntax describe '#rules' do diff --git a/spec/policies/protected_branch_policy_spec.rb b/spec/policies/protected_branch_policy_spec.rb index ea7fd093e38..bb6dbff18a0 100644 --- a/spec/policies/protected_branch_policy_spec.rb +++ b/spec/policies/protected_branch_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe ProtectedBranchPolicy do +RSpec.describe ProtectedBranchPolicy do let(:user) { create(:user) } let(:name) { 'feature' } let(:protected_branch) { create(:protected_branch, name: name) } diff --git a/spec/policies/releases/source_policy_spec.rb b/spec/policies/releases/source_policy_spec.rb deleted file mode 100644 index 1bc6d5415d3..00000000000 --- a/spec/policies/releases/source_policy_spec.rb +++ /dev/null @@ -1,88 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Releases::SourcePolicy do - using RSpec::Parameterized::TableSyntax - - let(:policy) { described_class.new(user, source) } - - let_it_be(:public_user) { create(:user) } - let_it_be(:guest) { create(:user) } - let_it_be(:reporter) { create(:user) } - - let(:release) { create(:release, project: project) } - let(:source) { release.sources.first } - - shared_examples 'source code access' do - it "allows access a release's source code" do - expect(policy).to be_allowed(:read_release_sources) - end - end - - shared_examples 'no source code access' do - it "does not allow access a release's source code" do - expect(policy).to be_disallowed(:read_release_sources) - end - end - - context 'a private project' do - let_it_be(:project) { create(:project, :private) } - - context 'accessed by a public user' do - let(:user) { public_user } - - it_behaves_like 'no source code access' - end - - context 'accessed by a user with Guest permissions' do - let(:user) { guest } - - before do - project.add_guest(user) - end - - it_behaves_like 'no source code access' - end - - context 'accessed by a user with Reporter permissions' do - let(:user) { reporter } - - before do - project.add_reporter(user) - end - - it_behaves_like 'source code access' - end - end - - context 'a public project' do - let_it_be(:project) { create(:project, :public) } - - context 'accessed by a public user' do - let(:user) { public_user } - - it_behaves_like 'source code access' - end - - context 'accessed by a user with Guest permissions' do - let(:user) { guest } - - before do - project.add_guest(user) - end - - it_behaves_like 'source code access' - end - - context 'accessed by a user with Reporter permissions' do - let(:user) { reporter } - - before do - project.add_reporter(user) - end - - it_behaves_like 'source code access' - end - end -end diff --git a/spec/policies/resource_label_event_policy_spec.rb b/spec/policies/resource_label_event_policy_spec.rb index 4db2390c818..eff2b0e1af5 100644 --- a/spec/policies/resource_label_event_policy_spec.rb +++ b/spec/policies/resource_label_event_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe ResourceLabelEventPolicy do +RSpec.describe ResourceLabelEventPolicy do let_it_be(:user) { create(:user) } let_it_be(:project) { create(:project, :private) } let_it_be(:issue) { create(:issue, project: project) } diff --git a/spec/policies/todo_policy_spec.rb b/spec/policies/todo_policy_spec.rb index be6fecd1045..b4876baa504 100644 --- a/spec/policies/todo_policy_spec.rb +++ b/spec/policies/todo_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe TodoPolicy do +RSpec.describe TodoPolicy do let_it_be(:author) { create(:user) } let_it_be(:user1) { create(:user) } diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb index 63c4bd05836..1cc3581ebdd 100644 --- a/spec/policies/user_policy_spec.rb +++ b/spec/policies/user_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe UserPolicy do +RSpec.describe UserPolicy do let(:current_user) { create(:user) } let(:user) { create(:user) } diff --git a/spec/policies/wiki_page_policy_spec.rb b/spec/policies/wiki_page_policy_spec.rb index 0dedccb6e88..093db9f8374 100644 --- a/spec/policies/wiki_page_policy_spec.rb +++ b/spec/policies/wiki_page_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe WikiPagePolicy, :enable_admin_mode do +RSpec.describe WikiPagePolicy, :enable_admin_mode do include_context 'ProjectPolicyTable context' include ProjectHelpers using RSpec::Parameterized::TableSyntax |