gitlab-org--gitlab-foss/spec/features/security/group/internal_access_spec.rb

require 'rails_helper'

describe 'Internal Group access', feature: true do
  include AccessMatchers

  let(:group)   { create(:group, :internal) }
  let(:project) { create(:project, :internal, group: group) }
  let(:project_guest) do
    create(:user) do |user|
      project.add_guest(user)
    end
  end

  describe "Group should be internal" do
    describe '#internal?' do
      subject { group.internal? }
      it { is_expected.to be_truthy }
    end
  end

  describe 'GET /groups/:path' do
    subject { group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:master).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_allowed_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/issues' do
    subject { issues_group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:master).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_allowed_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/merge_requests' do
    subject { merge_requests_group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:master).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_allowed_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/group_members' do
    subject { group_group_members_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:master).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_allowed_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/edit' do
    subject { edit_group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_denied_for(:master).of(group) }
    it { is_expected.to be_denied_for(:developer).of(group) }
    it { is_expected.to be_denied_for(:reporter).of(group) }
    it { is_expected.to be_denied_for(:guest).of(group) }
    it { is_expected.to be_denied_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:visitor) }
    it { is_expected.to be_denied_for(:external) }
  end
end
Add security specs 2016-03-09 16:57:57 +00:00			`require 'rails_helper'`

Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`describe 'Internal Group access', feature: true do`
Add security specs 2016-03-09 16:57:57 +00:00			`include AccessMatchers`

Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`let(:group) { create(:group, :internal) }`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`let(:project) { create(:project, :internal, group: group) }`
Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`let(:project_guest) do`
			`create(:user) do \|user\|`
			`project.add_guest(user)`
			`end`
Add security specs 2016-03-09 16:57:57 +00:00			`end`

Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`describe "Group should be internal" do`
			`describe '#internal?' do`
			`subject { group.internal? }`
			`it { is_expected.to be_truthy }`
Add security specs 2016-03-09 16:57:57 +00:00			`end`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`end`
Add security specs 2016-03-09 16:57:57 +00:00
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`describe 'GET /groups/:path' do`
			`subject { group_path(group) }`

Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
			`it { is_expected.to be_allowed_for(:master).of(group) }`
			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_allowed_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Add security specs 2016-03-09 16:57:57 +00:00			`end`

Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`describe 'GET /groups/:path/issues' do`
			`subject { issues_group_path(group) }`

Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
			`it { is_expected.to be_allowed_for(:master).of(group) }`
			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_allowed_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`end`
Add security specs 2016-03-09 16:57:57 +00:00
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`describe 'GET /groups/:path/merge_requests' do`
			`subject { merge_requests_group_path(group) }`

Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
			`it { is_expected.to be_allowed_for(:master).of(group) }`
			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_allowed_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Add security specs 2016-03-09 16:57:57 +00:00			`end`

			`describe 'GET /groups/:path/group_members' do`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`subject { group_group_members_path(group) }`

Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
			`it { is_expected.to be_allowed_for(:master).of(group) }`
			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_allowed_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Add security specs 2016-03-09 16:57:57 +00:00			`end`

			`describe 'GET /groups/:path/edit' do`
Tweaks, refactoring, and specs 2016-03-20 20:03:53 +00:00			`subject { edit_group_path(group) }`

Speed up Group security access specs This is the Group equivalent of 13ad9a745a392e0bf0cedd0e1f318c1acee9b969 2016-11-29 07:08:11 +00:00			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
			`it { is_expected.to be_denied_for(:master).of(group) }`
			`it { is_expected.to be_denied_for(:developer).of(group) }`
			`it { is_expected.to be_denied_for(:reporter).of(group) }`
			`it { is_expected.to be_denied_for(:guest).of(group) }`
			`it { is_expected.to be_denied_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:visitor) }`
			`it { is_expected.to be_denied_for(:external) }`
Add security specs 2016-03-09 16:57:57 +00:00			`end`
			`end`