spec/finders/joined_groups_finder_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

require 'spec_helper'

describe JoinedGroupsFinder do
  describe '#execute' do
    let!(:profile_owner)    { create(:user) }
    let!(:profile_visitor)  { create(:user) }

    let!(:private_group)    { create(:group, :private) }
    let!(:private_group_2)  { create(:group, :private) }
    let!(:internal_group)   { create(:group, :internal) }
    let!(:internal_group_2) { create(:group, :internal) }
    let!(:public_group)     { create(:group, :public) }
    let!(:public_group_2)   { create(:group, :public) }
    let!(:finder) { described_class.new(profile_owner) }

    context 'without a user' do
      before do
        public_group.add_master(profile_owner)
      end

      it 'only shows public groups from profile owner' do
        expect(finder.execute).to eq([public_group])
      end
    end

    context "with a user" do
      before do
        private_group.add_master(profile_owner)
        internal_group.add_master(profile_owner)
        public_group.add_master(profile_owner)
      end

      context "when the profile visitor is in the private group" do
        before do
          private_group.add_developer(profile_visitor)
        end

        it 'only shows groups where both users are authorized to see' do
          expect(finder.execute(profile_visitor)).to eq([public_group, internal_group, private_group])
        end
      end

      context 'if profile visitor is in one of the private group projects' do
        before do
          project = create(:project, :private, group: private_group, name: 'B', path: 'B')
          project.team.add_user(profile_visitor, Gitlab::Access::DEVELOPER)
        end

        it 'shows group' do
          expect(finder.execute(profile_visitor)).to eq([public_group, internal_group, private_group])
        end
      end

      context 'external users' do
        before do
          profile_visitor.update_attributes(external: true)
        end

        context 'if not a member' do
          it "does not show internal groups" do
            expect(finder.execute(profile_visitor)).to eq([public_group])
          end
        end

        context "if authorized" do
          before do
            internal_group.add_master(profile_visitor)
          end

          it "shows internal groups if authorized" do
            expect(finder.execute(profile_visitor)).to eq([public_group, internal_group])
          end
        end
      end
    end
  end
end