blob: f63ad958ed37ae4f199c8289f60da36c7f1d2413 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# frozen_string_literal: true
require 'spec_helper'
describe ProtectedRefAccess do
include ExternalAuthorizationServiceHelpers
subject(:protected_ref_access) do
create(:protected_branch, :maintainers_can_push).push_access_levels.first
end
let(:project) { protected_ref_access.project }
describe '#check_access' do
it 'is always true for admins' do
admin = create(:admin)
expect(protected_ref_access.check_access(admin)).to be_truthy
end
it 'is true for maintainers' do
maintainer = create(:user)
project.add_maintainer(maintainer)
expect(protected_ref_access.check_access(maintainer)).to be_truthy
end
it 'is for developers of the project' do
developer = create(:user)
project.add_developer(developer)
expect(protected_ref_access.check_access(developer)).to be_falsy
end
context 'external authorization' do
it 'is false if external authorization denies access' do
maintainer = create(:user)
project.add_maintainer(maintainer)
external_service_deny_access(maintainer, project)
expect(protected_ref_access.check_access(maintainer)).to be_falsey
end
end
end
end
|