gitlab-org--gitlab-foss/spec/policies/upload_policy_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

77 lines
2.2 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe UploadPolicy do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, group: group) }
let_it_be(:guest) { create(:user).tap { |user| group.add_guest(user) } }
let_it_be(:developer) { create(:user).tap { |user| group.add_developer(user) } }
let_it_be(:maintainer) { create(:user).tap { |user| group.add_maintainer(user) } }
let_it_be(:owner) { create(:user).tap { |user| group.add_owner(user) } }
let_it_be(:admin) { create(:admin) }
let_it_be(:non_member_user) { create(:user) }
let(:upload_permissions) { [:read_upload, :destroy_upload] }
shared_examples_for 'uploads policy' do
subject { described_class.new(current_user, upload) }
context 'when user is guest' do
let(:current_user) { guest }
it { is_expected.to be_disallowed(*upload_permissions) }
end
context 'when user is developer' do
let(:current_user) { developer }
it { is_expected.to be_disallowed(*upload_permissions) }
end
context 'when user is maintainer' do
let(:current_user) { maintainer }
it { is_expected.to be_allowed(*upload_permissions) }
end
context 'when user is owner' do
let(:current_user) { owner }
it { is_expected.to be_allowed(*upload_permissions) }
end
context 'when user is admin' do
let(:current_user) { admin }
it { is_expected.to be_disallowed(*upload_permissions) }
context 'with admin mode', :enable_admin_mode do
it { is_expected.to be_allowed(*upload_permissions) }
end
end
end
describe 'destroy_upload' do
context 'when deleting project upload' do
let_it_be(:upload) { create(:upload, model: project) }
it_behaves_like 'uploads policy'
end
context 'when deleting group upload' do
let_it_be(:upload) { create(:upload, model: group) }
it_behaves_like 'uploads policy'
end
context 'when deleting upload associated with other model' do
let_it_be(:upload) { create(:upload, model: maintainer) }
subject { described_class.new(maintainer, upload) }
it { is_expected.to be_disallowed(*upload_permissions) }
end
end
end