spec/policies/design_management/design_policy_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

# frozen_string_literal: true
require "spec_helper"

RSpec.describe DesignManagement::DesignPolicy do
  include DesignManagementTestHelpers

  let(:guest_design_abilities) { %i[read_design] }
  let(:developer_design_abilities) { %i[create_design destroy_design move_design] }
  let(:design_abilities) { guest_design_abilities + developer_design_abilities }

  let_it_be(:guest) { create(:user) }
  let_it_be(:reporter) { create(:user) }
  let_it_be(:developer) { create(:user) }
  let_it_be(:maintainer) { create(:user) }
  let_it_be(:owner) { create(:user) }
  let_it_be(:admin) { create(:admin) }
  let_it_be(:project) { create(:project, :public, namespace: owner.namespace) }
  let_it_be(:issue) { create(:issue, project: project) }

  let(:design) { create(:design, issue: issue) }

  subject(:design_policy) { described_class.new(current_user, design) }

  before_all do
    project.add_guest(guest)
    project.add_maintainer(maintainer)
    project.add_developer(developer)
    project.add_reporter(reporter)
  end

  shared_examples_for "design abilities not available" do
    context "for owners" do
      let(:current_user) { owner }

      it { is_expected.to be_disallowed(*design_abilities) }
    end

    context "for admins" do
      let(:current_user) { admin }

      it { is_expected.to be_disallowed(*design_abilities) }
    end

    context "for maintainers" do
      let(:current_user) { maintainer }

      it { is_expected.to be_disallowed(*design_abilities) }
    end

    context "for developers" do
      let(:current_user) { developer }

      it { is_expected.to be_disallowed(*design_abilities) }
    end

    context "for reporters" do
      let(:current_user) { reporter }

      it { is_expected.to be_disallowed(*design_abilities) }
    end

    context "for guests" do
      let(:current_user) { guest }

      it { is_expected.to be_disallowed(*design_abilities) }
    end

    context "for anonymous users" do
      let(:current_user) { nil }

      it { is_expected.to be_disallowed(*design_abilities) }
    end
  end

  shared_examples_for "read-only design abilities" do
    it { is_expected.to be_allowed(*guest_design_abilities) }
    it { is_expected.to be_disallowed(*developer_design_abilities) }
  end

  shared_examples_for "design abilities available for members" do
    context "for owners" do
      let(:current_user) { owner }

      it { is_expected.to be_allowed(*design_abilities) }
    end

    context "for admins" do
      let(:current_user) { admin }

      context "when admin mode enabled", :enable_admin_mode do
        it { is_expected.to be_allowed(*design_abilities) }
      end

      context "when admin mode disabled" do
        it_behaves_like "read-only design abilities"
      end
    end

    context "for maintainers" do
      let(:current_user) { maintainer }

      it { is_expected.to be_allowed(*design_abilities) }
    end

    context "for developers" do
      let(:current_user) { developer }

      it { is_expected.to be_allowed(*design_abilities) }
    end

    context "for reporters" do
      let(:current_user) { reporter }

      it_behaves_like "read-only design abilities"
    end
  end

  context "when DesignManagement is not enabled" do
    before do
      enable_design_management(false)
    end

    it_behaves_like "design abilities not available"
  end

  context "when the feature is available" do
    before do
      enable_design_management
    end

    it_behaves_like "design abilities available for members"

    context "for guests in private projects" do
      let_it_be(:project) { create(:project, :private) }

      let(:current_user) { guest }

      it_behaves_like "read-only design abilities"
    end

    context "for anonymous users in public projects" do
      let(:current_user) { nil }

      it_behaves_like "read-only design abilities"
    end

    context "when the issue is confidential" do
      let_it_be(:issue) { create(:issue, :confidential, project: project) }

      it_behaves_like "design abilities available for members"

      context "for guests" do
        let(:current_user) { guest }

        it { is_expected.to be_disallowed(*design_abilities) }
      end

      context "for anonymous users" do
        let(:current_user) { nil }

        it { is_expected.to be_disallowed(*design_abilities) }
      end
    end

    context "when the project is archived" do
      let_it_be(:project) { create(:project, :public, :archived) }
      let_it_be(:issue) { create(:issue, project: project) }

      let(:current_user) { owner }

      it_behaves_like "read-only design abilities"
    end
  end
end