blob: 9bb08cb66bc5a13047e98f166e7229fe3f242fde (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# frozen_string_literal: true
module QA
RSpec.describe 'Manage' do
describe 'User', :requires_admin, product_group: :organization do
let(:admin_api_client) { Runtime::API::Client.as_admin }
let!(:sub_group) do
QA::Resource::Group.fabricate_via_api! do |group|
group.path = "sub-group-to-test-user-access-#{SecureRandom.hex(8)}"
end
end
context 'when added to parent group' do
let!(:parent_group_user) do
Resource::User.fabricate_via_api! do |user|
user.api_client = admin_api_client
end
end
let!(:parent_group_user_api_client) do
Runtime::API::Client.new(:gitlab, user: parent_group_user)
end
let!(:sub_group_project) do
Resource::Project.fabricate_via_api! do |project|
project.group = sub_group
project.name = "sub-group-project-to-test-user-access"
project.initialize_with_readme = true
end
end
before do
sub_group.sandbox.add_member(parent_group_user)
end
it(
'is allowed to edit the sub-group project files',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363467'
) do
Flow::Login.sign_in(as: parent_group_user)
sub_group_project.visit!
Page::Project::Show.perform do |project|
project.click_file('README.md')
end
Page::File::Show.perform(&:click_edit)
Page::File::Form.perform do |file_form|
expect(file_form).to have_element(:commit_button)
end
end
after do
parent_group_user.remove_via_api!
sub_group_project.remove_via_api!
sub_group.remove_via_api!
end
end
context 'when added to sub-group' do
let!(:parent_group_project) do
Resource::Project.fabricate_via_api! do |project|
project.group = sub_group.sandbox
project.name = "sub-group-project-to-test-user-access"
project.initialize_with_readme = true
end
end
let!(:sub_group_user) do
Resource::User.fabricate_via_api! do |user|
user.api_client = admin_api_client
end
end
let!(:sub_group_user_api_client) do
Runtime::API::Client.new(:gitlab, user: sub_group_user)
end
before do
sub_group.add_member(sub_group_user)
end
it(
'is not allowed to edit the parent group project files',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/363466'
) do
Flow::Login.sign_in(as: sub_group_user)
parent_group_project.visit!
Page::Project::Show.perform do |project|
project.click_file('README.md')
end
Page::File::Show.perform(&:click_edit)
expect(page).to have_text("You can’t edit files directly in this project.")
end
after do
sub_group_user.remove_via_api!
parent_group_project.remove_via_api!
sub_group.remove_via_api!
end
end
end
end
end
|