From 8ee1927db90d43205b4e6f8bd13f209c74b41bd1 Mon Sep 17 00:00:00 2001
From: Pavel Shutsin <pshutsin@gitlab.com>
Date: Mon, 18 Mar 2019 17:36:34 +0300
Subject: Move out link\unlink ability checks to a policy

We can extend the policy in EE for additional behavior
---
 spec/policies/identity_provider_policy_spec.rb | 30 ++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 spec/policies/identity_provider_policy_spec.rb

(limited to 'spec/policies')

diff --git a/spec/policies/identity_provider_policy_spec.rb b/spec/policies/identity_provider_policy_spec.rb
new file mode 100644
index 00000000000..2520469d4e7
--- /dev/null
+++ b/spec/policies/identity_provider_policy_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe IdentityProviderPolicy do
+  subject(:policy) { described_class.new(user, provider) }
+  let(:user) { User.new }
+  let(:provider) { :a_provider }
+
+  describe '#rules' do
+    it { is_expected.to be_allowed(:link) }
+    it { is_expected.to be_allowed(:unlink) }
+
+    context 'when user is anonymous' do
+      let(:user) { nil }
+
+      it { is_expected.not_to be_allowed(:link) }
+      it { is_expected.not_to be_allowed(:unlink) }
+    end
+
+    %w[saml cas3].each do |provider_name|
+      context "when provider is #{provider_name}" do
+        let(:provider) { provider_name }
+
+        it { is_expected.to be_allowed(:link) }
+        it { is_expected.not_to be_allowed(:unlink) }
+      end
+    end
+  end
+end
-- 
cgit v1.2.1