summaryrefslogtreecommitdiff
path: root/spec/requests/projects_security_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/projects_security_spec.rb')
-rw-r--r--spec/requests/projects_security_spec.rb111
1 files changed, 111 insertions, 0 deletions
diff --git a/spec/requests/projects_security_spec.rb b/spec/requests/projects_security_spec.rb
new file mode 100644
index 00000000000..a725a49c2d8
--- /dev/null
+++ b/spec/requests/projects_security_spec.rb
@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+describe "Projects" do
+ describe "GET /projects" do
+ it { projects_path.should be_allowed_for :admin }
+ it { projects_path.should be_allowed_for :user }
+ it { projects_path.should be_denied_for :visitor }
+ end
+
+ describe "GET /projects/new" do
+ it { projects_path.should be_allowed_for :admin }
+ it { projects_path.should be_allowed_for :user }
+ it { projects_path.should be_denied_for :visitor }
+ end
+
+ describe "Project" do
+ before do
+ @project = Factory :project
+ @u1 = Factory :user
+ @u2 = Factory :user
+ @u3 = Factory :user
+ # full access
+ @project.users_projects.create(:user => @u1, :read => true, :write => true, :admin => true)
+ # no access
+ @project.users_projects.create(:user => @u2, :read => false, :write => false, :admin => false)
+ # readonly
+ @project.users_projects.create(:user => @u3, :read => true, :write => false, :admin => false)
+ end
+
+ describe "GET /project_code" do
+ it { project_path(@project).should be_allowed_for @u1 }
+ it { project_path(@project).should be_allowed_for @u3 }
+ it { project_path(@project).should be_denied_for :admin }
+ it { project_path(@project).should be_denied_for @u2 }
+ it { project_path(@project).should be_denied_for :user }
+ it { project_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/tree" do
+ it { tree_project_path(@project).should be_allowed_for @u1 }
+ it { tree_project_path(@project).should be_allowed_for @u3 }
+ it { tree_project_path(@project).should be_denied_for :admin }
+ it { tree_project_path(@project).should be_denied_for @u2 }
+ it { tree_project_path(@project).should be_denied_for :user }
+ it { tree_project_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/commits" do
+ it { project_commits_path(@project).should be_allowed_for @u1 }
+ it { project_commits_path(@project).should be_allowed_for @u3 }
+ it { project_commits_path(@project).should be_denied_for :admin }
+ it { project_commits_path(@project).should be_denied_for @u2 }
+ it { project_commits_path(@project).should be_denied_for :user }
+ it { project_commits_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/commit" do
+ it { project_commit_path(@project, @project.commit).should be_allowed_for @u1 }
+ it { project_commit_path(@project, @project.commit).should be_allowed_for @u3 }
+ it { project_commit_path(@project, @project.commit).should be_denied_for :admin }
+ it { project_commit_path(@project, @project.commit).should be_denied_for @u2 }
+ it { project_commit_path(@project, @project.commit).should be_denied_for :user }
+ it { project_commit_path(@project, @project.commit).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/team" do
+ it { team_project_path(@project).should be_allowed_for @u1 }
+ it { team_project_path(@project).should be_allowed_for @u3 }
+ it { team_project_path(@project).should be_denied_for :admin }
+ it { team_project_path(@project).should be_denied_for @u2 }
+ it { team_project_path(@project).should be_denied_for :user }
+ it { team_project_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/wall" do
+ it { wall_project_path(@project).should be_allowed_for @u1 }
+ it { wall_project_path(@project).should be_allowed_for @u3 }
+ it { wall_project_path(@project).should be_denied_for :admin }
+ it { wall_project_path(@project).should be_denied_for @u2 }
+ it { wall_project_path(@project).should be_denied_for :user }
+ it { wall_project_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/blob" do
+ it { blob_project_path(@project).should be_allowed_for @u1 }
+ it { blob_project_path(@project).should be_allowed_for @u3 }
+ it { blob_project_path(@project).should be_denied_for :admin }
+ it { blob_project_path(@project).should be_denied_for @u2 }
+ it { blob_project_path(@project).should be_denied_for :user }
+ it { blob_project_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/edit" do
+ it { edit_project_path(@project).should be_allowed_for @u1 }
+ it { edit_project_path(@project).should be_denied_for @u3 }
+ it { edit_project_path(@project).should be_denied_for :admin }
+ it { edit_project_path(@project).should be_denied_for @u2 }
+ it { edit_project_path(@project).should be_denied_for :user }
+ it { edit_project_path(@project).should be_denied_for :visitor }
+ end
+
+ describe "GET /project_code/issues" do
+ it { project_issues_path(@project).should be_allowed_for @u1 }
+ it { project_issues_path(@project).should be_allowed_for @u3 }
+ it { project_issues_path(@project).should be_denied_for :admin }
+ it { project_issues_path(@project).should be_denied_for @u2 }
+ it { project_issues_path(@project).should be_denied_for :user }
+ it { project_issues_path(@project).should be_denied_for :visitor }
+ end
+ end
+end