diff options
Diffstat (limited to 'spec/support/shared_examples')
-rw-r--r-- | spec/support/shared_examples/models/concerns/protected_branch_access_examples.rb | 19 | ||||
-rw-r--r-- | spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb | 24 |
2 files changed, 38 insertions, 5 deletions
diff --git a/spec/support/shared_examples/models/concerns/protected_branch_access_examples.rb b/spec/support/shared_examples/models/concerns/protected_branch_access_examples.rb new file mode 100644 index 00000000000..dd27ff3844f --- /dev/null +++ b/spec/support/shared_examples/models/concerns/protected_branch_access_examples.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +RSpec.shared_examples 'protected branch access' do + include_examples 'protected ref access', :protected_branch + + it { is_expected.to belong_to(:protected_branch) } + + describe '#project' do + before do + allow(protected_ref).to receive(:project) + end + + it 'delegates project to protected_branch association' do + described_class.new(protected_branch: protected_ref).project + + expect(protected_ref).to have_received(:project) + end + end +end diff --git a/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb b/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb index 53ebc207128..f6ca2b91616 100644 --- a/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb +++ b/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true RSpec.shared_examples 'protected ref access' do |association| + include ExternalAuthorizationServiceHelpers + let_it_be(:project) { create(:project) } let_it_be(:protected_ref) { create(association, project: project) } # rubocop:disable Rails/SaveBang @@ -22,7 +24,7 @@ RSpec.shared_examples 'protected ref access' do |association| let(:access_level) { ::Gitlab::Access::DEVELOPER } before_all do - project.add_maintainer(current_user) + project.add_developer(current_user) end subject do @@ -42,12 +44,24 @@ RSpec.shared_examples 'protected ref access' do |association| it { expect(subject.check_access(current_user)).to eq(false) } end - context 'when current_user can push_code to project and access_level is permitted' do - before do - allow(current_user).to receive(:can?).with(:push_code, project).and_return(true) + context 'when current_user can push_code to project' do + context 'and member access is high enough' do + it { expect(subject.check_access(current_user)).to eq(true) } + + context 'when external authorization denies access' do + before do + external_service_deny_access(current_user, project) + end + + it { expect(subject.check_access(current_user)).to be_falsey } + end end - it { expect(subject.check_access(current_user)).to eq(true) } + context 'and member access is too low' do + let(:access_level) { ::Gitlab::Access::MAINTAINER } + + it { expect(subject.check_access(current_user)).to eq(false) } + end end context 'when current_user cannot push_code to project' do |