summaryrefslogtreecommitdiff
path: root/spec/support/matchers/access_matchers_for_controller.rb
blob: 12f4b57e43d65817c5ab6655d3e3d7aea5d0dfc4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# AccessMatchersForController
#
# For testing authorize_xxx in controller. 
module AccessMatchersForController
  extend RSpec::Matchers::DSL
  include Warden::Test::Helpers

  EXPECTED_STATUS_CODE_ALLOWED = [200, 302].freeze
  EXPECTED_STATUS_CODE_DENIED = [404].freeze

  def emulate_user(role, membership = nil)
    case role
    when :admin
      user = create(:admin)
      sign_in(user)
    when :user
      user = create(:user)
      sign_in(user)
    when :external
      user = create(:user, external: true)
      sign_in(user)
    when :visitor # rubocop:disable Lint/EmptyWhen
      # no-op
    when *Gitlab::Access.sym_options_with_owner.keys # owner, master, developer, reporter, guest
      raise ArgumentError, "cannot emulate #{role} without membership parent" unless membership

      if role == :owner && membership.owner
        user = membership.owner
      else
        user = create(:user)
        membership.public_send(:"add_#{role}", user)
      end

      sign_in(user)
    else
      raise ArgumentError, "cannot emulate user #{role}"
    end

    user
  end

  def description_for(role, type, expected, result)
    "be #{type} for #{role}." \
    " Expected: #{expected.join(',')} Result: #{result}"
  end

  matcher :be_allowed_for do |role|
    match do |action|
      user = emulate_user(role, @membership)
      begin
        action.call(user)
      rescue
        # Ignore internal exceptions which will be caused in the controller
        # In such cases, response.status will be 200.
      end

      EXPECTED_STATUS_CODE_ALLOWED.include?(response.status)
    end

    chain :of do |membership|
      @membership = membership
    end

    description { description_for(role, 'allowed', EXPECTED_STATUS_CODE_ALLOWED, response.status) }
    supports_block_expectations
  end

  matcher :be_denied_for do |role|
    match do |action|
      user = emulate_user(role, @membership)
      begin
        action.call(user)
      rescue
        # Ignore internal exceptions which will be caused in the controller
        # In such cases, response.status will be 200.
      end

      EXPECTED_STATUS_CODE_DENIED.include?(response.status)
    end

    chain :of do |membership|
      @membership = membership
    end

    description { description_for(role, 'denied', EXPECTED_STATUS_CODE_DENIED, response.status) }
    supports_block_expectations
  end
end
View Lorry Controller Status