diff options
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/group_member_policy_spec.rb | 65 | ||||
-rw-r--r-- | spec/policies/namespace_policy_spec.rb | 2 | ||||
-rw-r--r-- | spec/policies/project_policy_spec.rb | 42 |
3 files changed, 96 insertions, 13 deletions
diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb index 9e58ea81ef3..6099e4549b1 100644 --- a/spec/policies/group_member_policy_spec.rb +++ b/spec/policies/group_member_policy_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' RSpec.describe GroupMemberPolicy do + include DesignManagementTestHelpers + let(:guest) { create(:user) } let(:owner) { create(:user) } let(:group) { create(:group, :private) } @@ -28,22 +30,64 @@ RSpec.describe GroupMemberPolicy do permissions.each { |p| is_expected.not_to be_allowed(p) } end - context 'with guest user' do - let(:current_user) { guest } + context 'with anonymous user' do + let(:group) { create(:group, :public) } + let(:current_user) { nil } + let(:membership) { guest.members.first } it do - expect_disallowed(:member_related_permissions) + expect_disallowed(:read_design_activity, *member_related_permissions) + expect_allowed(:read_group) + end + + context 'design management is enabled' do + before do + create(:project, :public, group: group) # Necessary to enable design management + enable_design_management + end + + specify do + expect_allowed(:read_design_activity) + end + end + + context 'for a private group' do + let(:group) { create(:group, :private) } + + specify do + expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) + end + end + + context 'for an internal group' do + let(:group) { create(:group, :internal) } + + specify do + expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) + end end end + context 'with guest user, for own membership' do + let(:current_user) { guest } + + specify { expect_disallowed(:update_group_member) } + specify { expect_allowed(:read_group, :destroy_group_member) } + end + + context 'with guest user, for other membership' do + let(:current_user) { guest } + let(:membership) { owner.members.first } + + specify { expect_disallowed(:destroy_group_member, :update_group_member) } + specify { expect_allowed(:read_group) } + end + context 'with one owner' do let(:current_user) { owner } - it do - expect_disallowed(:destroy_group_member) - expect_disallowed(:update_group_member) - expect_allowed(:read_group) - end + specify { expect_disallowed(*member_related_permissions) } + specify { expect_allowed(:read_group) } end context 'with more than one owner' do @@ -53,10 +97,7 @@ RSpec.describe GroupMemberPolicy do group.add_owner(create(:user)) end - it do - expect_allowed(:destroy_group_member) - expect_allowed(:update_group_member) - end + specify { expect_allowed(*member_related_permissions) } end context 'with the group parent' do diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespace_policy_spec.rb index 514d7303ad7..b9823273de8 100644 --- a/spec/policies/namespace_policy_spec.rb +++ b/spec/policies/namespace_policy_spec.rb @@ -8,7 +8,7 @@ RSpec.describe NamespacePolicy do let(:admin) { create(:admin) } let(:namespace) { create(:namespace, owner: owner) } - let(:owner_permissions) { [:owner_access, :create_projects, :admin_namespace, :read_namespace, :read_statistics, :transfer_projects] } + let(:owner_permissions) { [:owner_access, :create_projects, :admin_namespace, :read_namespace, :read_statistics, :transfer_projects, :create_package_settings, :read_package_settings] } subject { described_class.new(current_user, namespace) } diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index c21d3b0939f..e6650549f7f 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -401,6 +401,48 @@ RSpec.describe ProjectPolicy do end end + describe 'set_pipeline_variables' do + context 'when user is developer' do + let(:current_user) { developer } + + context 'when project allows user defined variables' do + before do + project.update!(restrict_user_defined_variables: false) + end + + it { is_expected.to be_allowed(:set_pipeline_variables) } + end + + context 'when project restricts use of user defined variables' do + before do + project.update!(restrict_user_defined_variables: true) + end + + it { is_expected.not_to be_allowed(:set_pipeline_variables) } + end + end + + context 'when user is maintainer' do + let(:current_user) { maintainer } + + context 'when project allows user defined variables' do + before do + project.update!(restrict_user_defined_variables: false) + end + + it { is_expected.to be_allowed(:set_pipeline_variables) } + end + + context 'when project restricts use of user defined variables' do + before do + project.update!(restrict_user_defined_variables: true) + end + + it { is_expected.to be_allowed(:set_pipeline_variables) } + end + end + end + context 'support bot' do let(:current_user) { User.support_bot } |