summaryrefslogtreecommitdiff
path: root/spec/policies
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies')
-rw-r--r--spec/policies/alert_management/alert_policy_spec.rb2
-rw-r--r--spec/policies/application_setting/term_policy_spec.rb2
-rw-r--r--spec/policies/award_emoji_policy_spec.rb2
-rw-r--r--spec/policies/base_policy_spec.rb2
-rw-r--r--spec/policies/blob_policy_spec.rb2
-rw-r--r--spec/policies/board_policy_spec.rb2
-rw-r--r--spec/policies/ci/build_policy_spec.rb2
-rw-r--r--spec/policies/ci/pipeline_policy_spec.rb2
-rw-r--r--spec/policies/ci/pipeline_schedule_policy_spec.rb2
-rw-r--r--spec/policies/ci/trigger_policy_spec.rb2
-rw-r--r--spec/policies/clusters/cluster_policy_spec.rb2
-rw-r--r--spec/policies/clusters/instance_policy_spec.rb2
-rw-r--r--spec/policies/commit_policy_spec.rb2
-rw-r--r--spec/policies/concerns/policy_actor_spec.rb2
-rw-r--r--spec/policies/deploy_key_policy_spec.rb2
-rw-r--r--spec/policies/deploy_keys_project_policy_spec.rb2
-rw-r--r--spec/policies/deploy_token_policy_spec.rb2
-rw-r--r--spec/policies/design_management/design_policy_spec.rb2
-rw-r--r--spec/policies/environment_policy_spec.rb2
-rw-r--r--spec/policies/global_policy_spec.rb20
-rw-r--r--spec/policies/group_member_policy_spec.rb2
-rw-r--r--spec/policies/group_policy_spec.rb65
-rw-r--r--spec/policies/identity_provider_policy_spec.rb2
-rw-r--r--spec/policies/issuable_policy_spec.rb2
-rw-r--r--spec/policies/issue_policy_spec.rb2
-rw-r--r--spec/policies/merge_request_policy_spec.rb3
-rw-r--r--spec/policies/metrics/dashboard/annotation_policy_spec.rb2
-rw-r--r--spec/policies/namespace/root_storage_statistics_policy_spec.rb2
-rw-r--r--spec/policies/namespace_policy_spec.rb2
-rw-r--r--spec/policies/note_policy_spec.rb2
-rw-r--r--spec/policies/packages/package_policy_spec.rb27
-rw-r--r--spec/policies/personal_snippet_policy_spec.rb2
-rw-r--r--spec/policies/project_member_policy_spec.rb33
-rw-r--r--spec/policies/project_policy_spec.rb114
-rw-r--r--spec/policies/project_snippet_policy_spec.rb2
-rw-r--r--spec/policies/project_statistics_policy_spec.rb2
-rw-r--r--spec/policies/protected_branch_policy_spec.rb2
-rw-r--r--spec/policies/releases/source_policy_spec.rb88
-rw-r--r--spec/policies/resource_label_event_policy_spec.rb2
-rw-r--r--spec/policies/todo_policy_spec.rb2
-rw-r--r--spec/policies/user_policy_spec.rb2
-rw-r--r--spec/policies/wiki_page_policy_spec.rb2
42 files changed, 291 insertions, 129 deletions
diff --git a/spec/policies/alert_management/alert_policy_spec.rb b/spec/policies/alert_management/alert_policy_spec.rb
index 0d7624a0142..3e08d8b4ccc 100644
--- a/spec/policies/alert_management/alert_policy_spec.rb
+++ b/spec/policies/alert_management/alert_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe AlertManagement::AlertPolicy, :models do
+RSpec.describe AlertManagement::AlertPolicy, :models do
let(:alert) { create(:alert_management_alert) }
let(:project) { alert.project }
let(:user) { create(:user) }
diff --git a/spec/policies/application_setting/term_policy_spec.rb b/spec/policies/application_setting/term_policy_spec.rb
index 2b5b9758ec2..00b48402fa6 100644
--- a/spec/policies/application_setting/term_policy_spec.rb
+++ b/spec/policies/application_setting/term_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe ApplicationSetting::TermPolicy do
+RSpec.describe ApplicationSetting::TermPolicy do
include TermsHelper
let_it_be(:term) { create(:term) }
diff --git a/spec/policies/award_emoji_policy_spec.rb b/spec/policies/award_emoji_policy_spec.rb
index 2e3693c58d7..bd34a656e12 100644
--- a/spec/policies/award_emoji_policy_spec.rb
+++ b/spec/policies/award_emoji_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe AwardEmojiPolicy do
+RSpec.describe AwardEmojiPolicy do
let(:user) { create(:user) }
let(:award_emoji) { create(:award_emoji, awardable: awardable) }
diff --git a/spec/policies/base_policy_spec.rb b/spec/policies/base_policy_spec.rb
index 67f7452528a..103f2e9bc39 100644
--- a/spec/policies/base_policy_spec.rb
+++ b/spec/policies/base_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe BasePolicy do
+RSpec.describe BasePolicy do
include ExternalAuthorizationServiceHelpers
include AdminModeHelper
diff --git a/spec/policies/blob_policy_spec.rb b/spec/policies/blob_policy_spec.rb
index e48dd751a8f..fc46b25f25c 100644
--- a/spec/policies/blob_policy_spec.rb
+++ b/spec/policies/blob_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe BlobPolicy, :enable_admin_mode do
+RSpec.describe BlobPolicy, :enable_admin_mode do
include_context 'ProjectPolicyTable context'
include ProjectHelpers
using RSpec::Parameterized::TableSyntax
diff --git a/spec/policies/board_policy_spec.rb b/spec/policies/board_policy_spec.rb
index 35eac8a02c4..6940e75ec37 100644
--- a/spec/policies/board_policy_spec.rb
+++ b/spec/policies/board_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe BoardPolicy do
+RSpec.describe BoardPolicy do
let(:user) { create(:user) }
let(:project) { create(:project, :private) }
let(:group) { create(:group, :private) }
diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 5857369a550..d2547338855 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Ci::BuildPolicy do
+RSpec.describe Ci::BuildPolicy do
let(:user) { create(:user) }
let(:build) { create(:ci_build, pipeline: pipeline) }
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb
index 293fe1fc5b9..fcd96bc6653 100644
--- a/spec/policies/ci/pipeline_policy_spec.rb
+++ b/spec/policies/ci/pipeline_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Ci::PipelinePolicy, :models do
+RSpec.describe Ci::PipelinePolicy, :models do
let(:user) { create(:user) }
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
diff --git a/spec/policies/ci/pipeline_schedule_policy_spec.rb b/spec/policies/ci/pipeline_schedule_policy_spec.rb
index d503401f7cf..b455384d17a 100644
--- a/spec/policies/ci/pipeline_schedule_policy_spec.rb
+++ b/spec/policies/ci/pipeline_schedule_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Ci::PipelineSchedulePolicy, :models do
+RSpec.describe Ci::PipelineSchedulePolicy, :models do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :repository) }
let_it_be(:pipeline_schedule, reload: true) { create(:ci_pipeline_schedule, :nightly, project: project) }
diff --git a/spec/policies/ci/trigger_policy_spec.rb b/spec/policies/ci/trigger_policy_spec.rb
index 28e5a2b2cd6..b8b54e57035 100644
--- a/spec/policies/ci/trigger_policy_spec.rb
+++ b/spec/policies/ci/trigger_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Ci::TriggerPolicy do
+RSpec.describe Ci::TriggerPolicy do
let(:user) { create(:user) }
let(:project) { create(:project) }
let(:trigger) { create(:ci_trigger, project: project, owner: create(:user)) }
diff --git a/spec/policies/clusters/cluster_policy_spec.rb b/spec/policies/clusters/cluster_policy_spec.rb
index 26cfc19862a..0b931c6f927 100644
--- a/spec/policies/clusters/cluster_policy_spec.rb
+++ b/spec/policies/clusters/cluster_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Clusters::ClusterPolicy, :models do
+RSpec.describe Clusters::ClusterPolicy, :models do
let(:cluster) { create(:cluster, :project) }
let(:project) { cluster.project }
let(:user) { create(:user) }
diff --git a/spec/policies/clusters/instance_policy_spec.rb b/spec/policies/clusters/instance_policy_spec.rb
index dfe480d7fa4..f90841fc311 100644
--- a/spec/policies/clusters/instance_policy_spec.rb
+++ b/spec/policies/clusters/instance_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Clusters::InstancePolicy do
+RSpec.describe Clusters::InstancePolicy do
let(:user) { create(:user) }
let(:policy) { described_class.new(user, Clusters::Instance.new) }
diff --git a/spec/policies/commit_policy_spec.rb b/spec/policies/commit_policy_spec.rb
index 40183f51e9e..0d3dcc97565 100644
--- a/spec/policies/commit_policy_spec.rb
+++ b/spec/policies/commit_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe CommitPolicy do
+RSpec.describe CommitPolicy do
describe '#rules' do
let(:user) { create(:user) }
let(:commit) { project.repository.head_commit }
diff --git a/spec/policies/concerns/policy_actor_spec.rb b/spec/policies/concerns/policy_actor_spec.rb
index 27db9710a38..7271cbb4a9d 100644
--- a/spec/policies/concerns/policy_actor_spec.rb
+++ b/spec/policies/concerns/policy_actor_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe PolicyActor do
+RSpec.describe PolicyActor do
it 'implements all the methods from user' do
methods = subject.instance_methods
diff --git a/spec/policies/deploy_key_policy_spec.rb b/spec/policies/deploy_key_policy_spec.rb
index 545647e2c67..d84b80a8738 100644
--- a/spec/policies/deploy_key_policy_spec.rb
+++ b/spec/policies/deploy_key_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe DeployKeyPolicy do
+RSpec.describe DeployKeyPolicy do
subject { described_class.new(current_user, deploy_key) }
describe 'updating a deploy_key' do
diff --git a/spec/policies/deploy_keys_project_policy_spec.rb b/spec/policies/deploy_keys_project_policy_spec.rb
index 952da86b7a7..3be55e9238c 100644
--- a/spec/policies/deploy_keys_project_policy_spec.rb
+++ b/spec/policies/deploy_keys_project_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe DeployKeysProjectPolicy do
+RSpec.describe DeployKeysProjectPolicy do
subject { described_class.new(current_user, deploy_key.deploy_keys_project_for(project)) }
describe 'updating a deploy_keys_project' do
diff --git a/spec/policies/deploy_token_policy_spec.rb b/spec/policies/deploy_token_policy_spec.rb
index 43e23ee55ac..f218828052e 100644
--- a/spec/policies/deploy_token_policy_spec.rb
+++ b/spec/policies/deploy_token_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe DeployTokenPolicy do
+RSpec.describe DeployTokenPolicy do
let(:current_user) { create(:user) }
let(:project) { create(:project) }
let(:deploy_token) { create(:deploy_token, projects: [project]) }
diff --git a/spec/policies/design_management/design_policy_spec.rb b/spec/policies/design_management/design_policy_spec.rb
index a566aecc4b7..5dde5f896c9 100644
--- a/spec/policies/design_management/design_policy_spec.rb
+++ b/spec/policies/design_management/design_policy_spec.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
require 'spec_helper'
-describe DesignManagement::DesignPolicy do
+RSpec.describe DesignManagement::DesignPolicy do
include DesignManagementTestHelpers
include_context 'ProjectPolicy context'
diff --git a/spec/policies/environment_policy_spec.rb b/spec/policies/environment_policy_spec.rb
index 75fca464ec8..649b1a770c0 100644
--- a/spec/policies/environment_policy_spec.rb
+++ b/spec/policies/environment_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe EnvironmentPolicy do
+RSpec.describe EnvironmentPolicy do
using RSpec::Parameterized::TableSyntax
let(:user) { create(:user) }
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index e8ba4eed4ec..4954eafe338 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe GlobalPolicy do
+RSpec.describe GlobalPolicy do
include TermsHelper
let_it_be(:project_bot) { create(:user, :project_bot) }
@@ -130,6 +130,24 @@ describe GlobalPolicy do
end
end
+ describe 'using project statistics filters' do
+ context 'regular user' do
+ it { is_expected.not_to be_allowed(:use_project_statistics_filters) }
+ end
+
+ context 'admin' do
+ let(:current_user) { create(:user, :admin) }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it { is_expected.to be_allowed(:use_project_statistics_filters) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { is_expected.to be_disallowed(:use_project_statistics_filters) }
+ end
+ end
+ end
+
shared_examples 'access allowed when terms accepted' do |ability|
it { is_expected.not_to be_allowed(ability) }
diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb
index a4f3301a064..4215fa09301 100644
--- a/spec/policies/group_member_policy_spec.rb
+++ b/spec/policies/group_member_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe GroupMemberPolicy do
+RSpec.describe GroupMemberPolicy do
let(:guest) { create(:user) }
let(:owner) { create(:user) }
let(:group) { create(:group, :private) }
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 6b17a8285a2..733cc9bd9cb 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe GroupPolicy do
+RSpec.describe GroupPolicy do
include_context 'GroupPolicy context'
context 'public group with no user' do
@@ -154,7 +154,7 @@ describe GroupPolicy do
context 'admin' do
let(:current_user) { admin }
- it do
+ specify do
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions)
@@ -162,6 +162,10 @@ describe GroupPolicy do
expect_allowed(*maintainer_permissions)
expect_allowed(*owner_permissions)
end
+
+ context 'with admin mode', :enable_admin_mode do
+ specify { expect_allowed(*admin_permissions) }
+ end
end
describe 'private nested group use the highest access level from the group and inherited permissions' do
@@ -661,4 +665,61 @@ describe GroupPolicy do
end
end
end
+
+ describe 'design activity' do
+ let_it_be(:group) { create(:group, :public) }
+ let(:current_user) { nil }
+
+ subject { described_class.new(current_user, group) }
+
+ context 'when design management is not available' do
+ it { is_expected.not_to be_allowed(:read_design_activity) }
+
+ context 'even when there are projects in the group' do
+ before do
+ create_list(:project_group_link, 2, group: group)
+ end
+
+ it { is_expected.not_to be_allowed(:read_design_activity) }
+ end
+ end
+
+ context 'when design management is available globally' do
+ include DesignManagementTestHelpers
+
+ before do
+ enable_design_management
+ end
+
+ context 'the group has no projects' do
+ it { is_expected.not_to be_allowed(:read_design_activity) }
+ end
+
+ context 'the group has a project' do
+ let(:project) { create(:project, :public) }
+
+ before do
+ create(:project_group_link, project: project, group: group)
+ end
+
+ it { is_expected.to be_allowed(:read_design_activity) }
+
+ context 'which does not have design management enabled' do
+ before do
+ project.update(lfs_enabled: false)
+ end
+
+ it { is_expected.not_to be_allowed(:read_design_activity) }
+
+ context 'but another project does' do
+ before do
+ create(:project_group_link, project: create(:project, :public), group: group)
+ end
+
+ it { is_expected.to be_allowed(:read_design_activity) }
+ end
+ end
+ end
+ end
+ end
end
diff --git a/spec/policies/identity_provider_policy_spec.rb b/spec/policies/identity_provider_policy_spec.rb
index 52b6d2c89ba..f6b4e15cff9 100644
--- a/spec/policies/identity_provider_policy_spec.rb
+++ b/spec/policies/identity_provider_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe IdentityProviderPolicy do
+RSpec.describe IdentityProviderPolicy do
subject(:policy) { described_class.new(user, provider) }
let(:user) { User.new }
diff --git a/spec/policies/issuable_policy_spec.rb b/spec/policies/issuable_policy_spec.rb
index 18e35308ecd..20eb09e11c9 100644
--- a/spec/policies/issuable_policy_spec.rb
+++ b/spec/policies/issuable_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe IssuablePolicy, models: true do
+RSpec.describe IssuablePolicy, models: true do
let(:user) { create(:user) }
let(:project) { create(:project, :public) }
let(:issue) { create(:issue, project: project) }
diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb
index 9d52079e4be..b3ca37b17c2 100644
--- a/spec/policies/issue_policy_spec.rb
+++ b/spec/policies/issue_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe IssuePolicy do
+RSpec.describe IssuePolicy do
include ExternalAuthorizationServiceHelpers
let(:guest) { create(:user) }
diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb
index 31ced5db953..2f3cb2e998a 100644
--- a/spec/policies/merge_request_policy_spec.rb
+++ b/spec/policies/merge_request_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe MergeRequestPolicy do
+RSpec.describe MergeRequestPolicy do
include ExternalAuthorizationServiceHelpers
let(:guest) { create(:user) }
@@ -24,6 +24,7 @@ describe MergeRequestPolicy do
mr_perms = %i[create_merge_request_in
create_merge_request_from
read_merge_request
+ approve_merge_request
create_note].freeze
shared_examples_for 'a denied user' do
diff --git a/spec/policies/metrics/dashboard/annotation_policy_spec.rb b/spec/policies/metrics/dashboard/annotation_policy_spec.rb
index 4dc5f4cd0b4..0c59b39ae3e 100644
--- a/spec/policies/metrics/dashboard/annotation_policy_spec.rb
+++ b/spec/policies/metrics/dashboard/annotation_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Metrics::Dashboard::AnnotationPolicy, :models do
+RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do
shared_examples 'metrics dashboard annotation policy' do
context 'when guest' do
before do
diff --git a/spec/policies/namespace/root_storage_statistics_policy_spec.rb b/spec/policies/namespace/root_storage_statistics_policy_spec.rb
index 8d53050fffb..e6b58bca4a8 100644
--- a/spec/policies/namespace/root_storage_statistics_policy_spec.rb
+++ b/spec/policies/namespace/root_storage_statistics_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Namespace::RootStorageStatisticsPolicy do
+RSpec.describe Namespace::RootStorageStatisticsPolicy do
using RSpec::Parameterized::TableSyntax
describe '#rules' do
diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespace_policy_spec.rb
index 01162dc0fc4..f2f411e48d6 100644
--- a/spec/policies/namespace_policy_spec.rb
+++ b/spec/policies/namespace_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe NamespacePolicy do
+RSpec.describe NamespacePolicy do
let(:user) { create(:user) }
let(:owner) { create(:user) }
let(:admin) { create(:admin) }
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb
index 1e3bd0d9147..a4cc3a1e9af 100644
--- a/spec/policies/note_policy_spec.rb
+++ b/spec/policies/note_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe NotePolicy do
+RSpec.describe NotePolicy do
describe '#rules' do
let(:user) { create(:user) }
let(:project) { create(:project, :public) }
diff --git a/spec/policies/packages/package_policy_spec.rb b/spec/policies/packages/package_policy_spec.rb
new file mode 100644
index 00000000000..13935974b44
--- /dev/null
+++ b/spec/policies/packages/package_policy_spec.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Packages::PackagePolicy do
+ let_it_be(:user) { create(:user) }
+ let_it_be(:project) { create(:project) }
+ let_it_be(:package) { create(:package, project: project) }
+
+ subject(:policy) { described_class.new(user, package) }
+
+ context 'when the user is part of the project' do
+ before do
+ project.add_reporter(user)
+ end
+
+ it 'allows read_package' do
+ expect(policy).to be_allowed(:read_package)
+ end
+ end
+
+ context 'when the user is not part of the project' do
+ it 'disallows read_package for any Package' do
+ expect(policy).to be_disallowed(:read_package)
+ end
+ end
+end
diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb
index 5fc48717d86..d546805ce01 100644
--- a/spec/policies/personal_snippet_policy_spec.rb
+++ b/spec/policies/personal_snippet_policy_spec.rb
@@ -3,7 +3,7 @@
require 'spec_helper'
# Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb
-describe PersonalSnippetPolicy do
+RSpec.describe PersonalSnippetPolicy do
let(:regular_user) { create(:user) }
let(:external_user) { create(:user, :external) }
let(:admin_user) { create(:user, :admin) }
diff --git a/spec/policies/project_member_policy_spec.rb b/spec/policies/project_member_policy_spec.rb
new file mode 100644
index 00000000000..ab8f8b83e7f
--- /dev/null
+++ b/spec/policies/project_member_policy_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ProjectMemberPolicy do
+ let(:project) { create(:project) }
+ let(:maintainer_user) { create(:user) }
+ let(:member) { create(:project_member, project: project, user: member_user) }
+
+ subject { described_class.new(maintainer_user, member) }
+
+ before do
+ create(:project_member, :maintainer, project: project, user: maintainer_user)
+ end
+
+ context 'with regular member' do
+ let(:member_user) { create(:user) }
+
+ it { is_expected.to be_allowed(:update_project_member) }
+ it { is_expected.to be_allowed(:destroy_project_member) }
+
+ it { is_expected.not_to be_allowed(:destroy_project_bot_member) }
+ end
+
+ context 'with a bot member' do
+ let(:member_user) { create(:user, :project_bot) }
+
+ it { is_expected.to be_allowed(:destroy_project_bot_member) }
+
+ it { is_expected.not_to be_allowed(:update_project_member) }
+ it { is_expected.not_to be_allowed(:destroy_project_member) }
+ end
+end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 6ec63ba61ca..dc6ed94309b 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe ProjectPolicy do
+RSpec.describe ProjectPolicy do
include ExternalAuthorizationServiceHelpers
include_context 'ProjectPolicy context'
let_it_be(:other_user) { create(:user) }
@@ -30,7 +30,7 @@ describe ProjectPolicy do
admin_issue admin_label admin_list read_commit_status read_build
read_container_image read_pipeline read_environment read_deployment
read_merge_request download_wiki_code read_sentry_issue read_metrics_dashboard_annotation
- metrics_dashboard
+ metrics_dashboard read_confidential_issues
]
end
@@ -46,6 +46,7 @@ describe ProjectPolicy do
resolve_note create_container_image update_container_image destroy_container_image daily_statistics
create_environment update_environment create_deployment update_deployment create_release update_release
create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation
+ read_terraform_state
]
end
@@ -496,6 +497,33 @@ describe ProjectPolicy do
end
end
+ context 'support bot' do
+ let(:current_user) { User.support_bot }
+
+ subject { described_class.new(current_user, project) }
+
+ context 'with service desk disabled' do
+ it { expect_allowed(:guest_access) }
+ it { expect_disallowed(:create_note, :read_project) }
+ end
+
+ context 'with service desk enabled' do
+ before do
+ allow(project).to receive(:service_desk_enabled?).and_return(true)
+ end
+
+ it { expect_allowed(:reporter_access, :create_note, :read_issue) }
+
+ context 'when issues are protected members only' do
+ before do
+ project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
+ end
+
+ it { expect_allowed(:reporter_access, :create_note, :read_issue) }
+ end
+ end
+ end
+
describe 'read_prometheus_alerts' do
subject { described_class.new(current_user, project) }
@@ -855,6 +883,28 @@ describe ProjectPolicy do
end
end
+ describe 'design permissions' do
+ subject { described_class.new(guest, project) }
+
+ let(:design_permissions) do
+ %i[read_design_activity read_design]
+ end
+
+ context 'when design management is not available' do
+ it { is_expected.not_to be_allowed(*design_permissions) }
+ end
+
+ context 'when design management is available' do
+ include DesignManagementTestHelpers
+
+ before do
+ enable_design_management
+ end
+
+ it { is_expected.to be_allowed(*design_permissions) }
+ end
+ end
+
describe 'read_build_report_results' do
subject { described_class.new(guest, project) }
@@ -892,4 +942,64 @@ describe ProjectPolicy do
it { is_expected.to be_disallowed(:read_build_report_results) }
end
end
+
+ describe 'read_package' do
+ subject { described_class.new(current_user, project) }
+
+ context 'with admin' do
+ let(:current_user) { admin }
+
+ it { is_expected.to be_allowed(:read_package) }
+
+ context 'when repository is disabled' do
+ before do
+ project.project_feature.update(repository_access_level: ProjectFeature::DISABLED)
+ end
+
+ it { is_expected.to be_disallowed(:read_package) }
+ end
+ end
+
+ context 'with owner' do
+ let(:current_user) { owner }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+
+ context 'with maintainer' do
+ let(:current_user) { maintainer }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+
+ context 'with developer' do
+ let(:current_user) { developer }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+
+ context 'with reporter' do
+ let(:current_user) { reporter }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+
+ context 'with guest' do
+ let(:current_user) { guest }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+
+ context 'with non member' do
+ let(:current_user) { create(:user) }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+
+ context 'with anonymous' do
+ let(:current_user) { nil }
+
+ it { is_expected.to be_allowed(:read_package) }
+ end
+ end
end
diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb
index 3864666f587..bdf9eaedbf1 100644
--- a/spec/policies/project_snippet_policy_spec.rb
+++ b/spec/policies/project_snippet_policy_spec.rb
@@ -3,7 +3,7 @@
require 'spec_helper'
# Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb
-describe ProjectSnippetPolicy do
+RSpec.describe ProjectSnippetPolicy do
let_it_be(:regular_user) { create(:user) }
let_it_be(:other_user) { create(:user) }
let_it_be(:external_user) { create(:user, :external) }
diff --git a/spec/policies/project_statistics_policy_spec.rb b/spec/policies/project_statistics_policy_spec.rb
index 50dfbf7291b..74630dc38ad 100644
--- a/spec/policies/project_statistics_policy_spec.rb
+++ b/spec/policies/project_statistics_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe ProjectStatisticsPolicy do
+RSpec.describe ProjectStatisticsPolicy do
using RSpec::Parameterized::TableSyntax
describe '#rules' do
diff --git a/spec/policies/protected_branch_policy_spec.rb b/spec/policies/protected_branch_policy_spec.rb
index ea7fd093e38..bb6dbff18a0 100644
--- a/spec/policies/protected_branch_policy_spec.rb
+++ b/spec/policies/protected_branch_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe ProtectedBranchPolicy do
+RSpec.describe ProtectedBranchPolicy do
let(:user) { create(:user) }
let(:name) { 'feature' }
let(:protected_branch) { create(:protected_branch, name: name) }
diff --git a/spec/policies/releases/source_policy_spec.rb b/spec/policies/releases/source_policy_spec.rb
deleted file mode 100644
index 1bc6d5415d3..00000000000
--- a/spec/policies/releases/source_policy_spec.rb
+++ /dev/null
@@ -1,88 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Releases::SourcePolicy do
- using RSpec::Parameterized::TableSyntax
-
- let(:policy) { described_class.new(user, source) }
-
- let_it_be(:public_user) { create(:user) }
- let_it_be(:guest) { create(:user) }
- let_it_be(:reporter) { create(:user) }
-
- let(:release) { create(:release, project: project) }
- let(:source) { release.sources.first }
-
- shared_examples 'source code access' do
- it "allows access a release's source code" do
- expect(policy).to be_allowed(:read_release_sources)
- end
- end
-
- shared_examples 'no source code access' do
- it "does not allow access a release's source code" do
- expect(policy).to be_disallowed(:read_release_sources)
- end
- end
-
- context 'a private project' do
- let_it_be(:project) { create(:project, :private) }
-
- context 'accessed by a public user' do
- let(:user) { public_user }
-
- it_behaves_like 'no source code access'
- end
-
- context 'accessed by a user with Guest permissions' do
- let(:user) { guest }
-
- before do
- project.add_guest(user)
- end
-
- it_behaves_like 'no source code access'
- end
-
- context 'accessed by a user with Reporter permissions' do
- let(:user) { reporter }
-
- before do
- project.add_reporter(user)
- end
-
- it_behaves_like 'source code access'
- end
- end
-
- context 'a public project' do
- let_it_be(:project) { create(:project, :public) }
-
- context 'accessed by a public user' do
- let(:user) { public_user }
-
- it_behaves_like 'source code access'
- end
-
- context 'accessed by a user with Guest permissions' do
- let(:user) { guest }
-
- before do
- project.add_guest(user)
- end
-
- it_behaves_like 'source code access'
- end
-
- context 'accessed by a user with Reporter permissions' do
- let(:user) { reporter }
-
- before do
- project.add_reporter(user)
- end
-
- it_behaves_like 'source code access'
- end
- end
-end
diff --git a/spec/policies/resource_label_event_policy_spec.rb b/spec/policies/resource_label_event_policy_spec.rb
index 4db2390c818..eff2b0e1af5 100644
--- a/spec/policies/resource_label_event_policy_spec.rb
+++ b/spec/policies/resource_label_event_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe ResourceLabelEventPolicy do
+RSpec.describe ResourceLabelEventPolicy do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :private) }
let_it_be(:issue) { create(:issue, project: project) }
diff --git a/spec/policies/todo_policy_spec.rb b/spec/policies/todo_policy_spec.rb
index be6fecd1045..b4876baa504 100644
--- a/spec/policies/todo_policy_spec.rb
+++ b/spec/policies/todo_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe TodoPolicy do
+RSpec.describe TodoPolicy do
let_it_be(:author) { create(:user) }
let_it_be(:user1) { create(:user) }
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
index 63c4bd05836..1cc3581ebdd 100644
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe UserPolicy do
+RSpec.describe UserPolicy do
let(:current_user) { create(:user) }
let(:user) { create(:user) }
diff --git a/spec/policies/wiki_page_policy_spec.rb b/spec/policies/wiki_page_policy_spec.rb
index 0dedccb6e88..093db9f8374 100644
--- a/spec/policies/wiki_page_policy_spec.rb
+++ b/spec/policies/wiki_page_policy_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe WikiPagePolicy, :enable_admin_mode do
+RSpec.describe WikiPagePolicy, :enable_admin_mode do
include_context 'ProjectPolicyTable context'
include ProjectHelpers
using RSpec::Parameterized::TableSyntax