From b77fb04678a4e76d025048e9846adc2ac709414a Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 13 Apr 2020 15:09:20 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- spec/policies/group_policy_spec.rb | 22 ++++++ spec/policies/project_policy_spec.rb | 144 +---------------------------------- 2 files changed, 26 insertions(+), 140 deletions(-) (limited to 'spec/policies') diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 5a9ca9f7b7e..13f1bcb389a 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -655,4 +655,26 @@ describe GroupPolicy do end end end + + it_behaves_like 'model with wiki policies' do + let(:container) { create(:group) } + + def set_access_level(access_level) + allow(container).to receive(:wiki_access_level).and_return(access_level) + end + + before do + stub_feature_flags(group_wiki: true) + end + + context 'when the feature flag is disabled' do + before do + stub_feature_flags(group_wiki: false) + end + + it 'does not include the wiki permissions' do + expect_disallowed(*permissions) + end + end + end end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index d098369e124..db643e3a31f 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -121,147 +121,11 @@ describe ProjectPolicy do expect(Ability).not_to be_allowed(user, :read_issue, project) end - context 'wiki feature' do - let(:permissions) { %i(read_wiki create_wiki update_wiki admin_wiki download_wiki_code) } + it_behaves_like 'model with wiki policies' do + let(:container) { project } - subject { described_class.new(owner, project) } - - context 'when the feature is disabled' do - before do - project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED) - end - - it 'does not include the wiki permissions' do - expect_disallowed(*permissions) - end - - context 'when there is an external wiki' do - it 'does not include the wiki permissions' do - allow(project).to receive(:has_external_wiki?).and_return(true) - - expect_disallowed(*permissions) - end - end - end - - describe 'read_wiki' do - subject { described_class.new(user, project) } - - member_roles = %i[guest developer] - stranger_roles = %i[anonymous non_member] - - user_roles = stranger_roles + member_roles - - # When a user is anonymous, their `current_user == nil` - let(:user) { create(:user) unless user_role == :anonymous } - - before do - project.visibility = project_visibility - project.project_feature.update_attribute(:wiki_access_level, wiki_access_level) - project.add_user(user, user_role) if member_roles.include?(user_role) - end - - title = ->(project_visibility, wiki_access_level, user_role) do - [ - "project is #{Gitlab::VisibilityLevel.level_name project_visibility}", - "wiki is #{ProjectFeature.str_from_access_level wiki_access_level}", - "user is #{user_role}" - ].join(', ') - end - - describe 'Situations where :read_wiki is always false' do - where(case_names: title, - project_visibility: Gitlab::VisibilityLevel.options.values, - wiki_access_level: [ProjectFeature::DISABLED], - user_role: user_roles) - - with_them do - it { is_expected.to be_disallowed(:read_wiki) } - end - end - - describe 'Situations where :read_wiki is always true' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::PUBLIC], - wiki_access_level: [ProjectFeature::ENABLED], - user_role: user_roles) - - with_them do - it { is_expected.to be_allowed(:read_wiki) } - end - end - - describe 'Situations where :read_wiki requires project membership' do - context 'the wiki is private, and the user is a member' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::PUBLIC, - Gitlab::VisibilityLevel::INTERNAL], - wiki_access_level: [ProjectFeature::PRIVATE], - user_role: member_roles) - - with_them do - it { is_expected.to be_allowed(:read_wiki) } - end - end - - context 'the wiki is private, and the user is not member' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::PUBLIC, - Gitlab::VisibilityLevel::INTERNAL], - wiki_access_level: [ProjectFeature::PRIVATE], - user_role: stranger_roles) - - with_them do - it { is_expected.to be_disallowed(:read_wiki) } - end - end - - context 'the wiki is enabled, and the user is a member' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::PRIVATE], - wiki_access_level: [ProjectFeature::ENABLED], - user_role: member_roles) - - with_them do - it { is_expected.to be_allowed(:read_wiki) } - end - end - - context 'the wiki is enabled, and the user is not a member' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::PRIVATE], - wiki_access_level: [ProjectFeature::ENABLED], - user_role: stranger_roles) - - with_them do - it { is_expected.to be_disallowed(:read_wiki) } - end - end - end - - describe 'Situations where :read_wiki prohibits anonymous access' do - context 'the user is not anonymous' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::INTERNAL], - wiki_access_level: [ProjectFeature::ENABLED, ProjectFeature::PUBLIC], - user_role: user_roles.reject { |u| u == :anonymous }) - - with_them do - it { is_expected.to be_allowed(:read_wiki) } - end - end - - context 'the user is not anonymous' do - where(case_names: title, - project_visibility: [Gitlab::VisibilityLevel::INTERNAL], - wiki_access_level: [ProjectFeature::ENABLED, ProjectFeature::PUBLIC], - user_role: %i[anonymous]) - - with_them do - it { is_expected.to be_disallowed(:read_wiki) } - end - end - end + def set_access_level(access_level) + project.project_feature.update_attribute(:wiki_access_level, access_level) end end -- cgit v1.2.1