gitlab-org--gitlab-foss/spec/policies/global_policy_spec.rb

require 'spec_helper'

describe GlobalPolicy do
  let(:current_user) { create(:user) }
  let(:user) { create(:user) }

  subject { described_class.new(current_user, [user]) }

  describe "reading the list of users" do
    context "for a logged in user" do
      it { is_expected.to be_allowed(:read_users_list) }
    end

    context "for an anonymous user" do
      let(:current_user) { nil }

      context "when the public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
        end

        it { is_expected.not_to be_allowed(:read_users_list) }
      end

      context "when the public level is not restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [])
        end

        it { is_expected.to be_allowed(:read_users_list) }
      end
    end

    context "for an admin" do
      let(:current_user) { create(:admin) }

      context "when the public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
        end

        it { is_expected.to be_allowed(:read_users_list) }
      end

      context "when the public level is not restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [])
        end

        it { is_expected.to be_allowed(:read_users_list) }
      end
    end
  end

  describe 'custom attributes' do
    context 'regular user' do
      it { is_expected.not_to be_allowed(:read_custom_attribute) }
      it { is_expected.not_to be_allowed(:update_custom_attribute) }
    end

    context 'admin' do
      let(:current_user) { create(:user, :admin) }

      it { is_expected.to be_allowed(:read_custom_attribute) }
      it { is_expected.to be_allowed(:update_custom_attribute) }
    end
  end
end
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 05:14:00 +00:00			`require 'spec_helper'`

Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-07-10 14:24:02 +00:00			`describe GlobalPolicy do`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 05:14:00 +00:00			`let(:current_user) { create(:user) }`
			`let(:user) { create(:user) }`

Use described_class when possible Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-07-25 17:09:00 +00:00			`subject { described_class.new(current_user, [user]) }`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 05:14:00 +00:00
			`describe "reading the list of users" do`
			`context "for a logged in user" do`
			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`

			`context "for an anonymous user" do`
			`let(:current_user) { nil }`

			`context "when the public level is restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])`
			`end`

			`it { is_expected.not_to be_allowed(:read_users_list) }`
			`end`

			`context "when the public level is not restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [])`
			`end`

			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`
			`end`
Allow admin to read_users_list even if it's restricted 2017-07-25 08:44:02 +00:00
			`context "for an admin" do`
			`let(:current_user) { create(:admin) }`

			`context "when the public level is restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])`
			`end`

			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`

			`context "when the public level is not restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [])`
			`end`

			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`
			`end`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 05:14:00 +00:00			`end`
Support custom attributes on users 2017-09-28 16:49:42 +00:00
			`describe 'custom attributes' do`
			`context 'regular user' do`
			`it { is_expected.not_to be_allowed(:read_custom_attribute) }`
			`it { is_expected.not_to be_allowed(:update_custom_attribute) }`
			`end`

			`context 'admin' do`
			`let(:current_user) { create(:user, :admin) }`

			`it { is_expected.to be_allowed(:read_custom_attribute) }`
			`it { is_expected.to be_allowed(:update_custom_attribute) }`
			`end`
			`end`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 05:14:00 +00:00			`end`