gitlab-org--gitlab-foss/spec/features/security/profile_access_spec.rb

require 'spec_helper'

describe "Users Security", feature: true  do
  describe "Project" do
    before do
      @u1 = create(:user)
    end

    describe "GET /login" do
      it { expect(new_user_session_path).not_to be_404_for :visitor }
    end

    describe "GET /profile/keys" do
      subject { profile_keys_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    describe "GET /profile" do
      subject { profile_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    describe "GET /profile/account" do
      subject { profile_account_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    describe "GET /profile/design" do
      subject { design_profile_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    describe "GET /profile/history" do
      subject { history_profile_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    describe "GET /profile/notifications" do
      subject { profile_notifications_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    describe "GET /profile/groups" do
      subject { profile_groups_path }

      it { is_expected.to be_allowed_for @u1 }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_denied_for :visitor }
    end
  end
end
init commit 2011-10-08 21:36:38 +00:00			`require 'spec_helper'`

Split feature tests out to different build job 2014-04-12 08:56:37 +00:00			`describe "Users Security", feature: true do`
init commit 2011-10-08 21:36:38 +00:00			`describe "Project" do`
clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 13:46:25 +00:00			`before do`
Remove backward compatibility of factories. 2012-11-06 03:31:55 +00:00			`@u1 = create(:user)`
init commit 2011-10-08 21:36:38 +00:00			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 13:46:25 +00:00			`describe "GET /login" do`
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { expect(new_user_session_path).not_to be_404_for :visitor }`
init commit 2011-10-08 21:36:38 +00:00			`end`

Fix profile emails with new key route 2013-06-24 16:24:27 +00:00			`describe "GET /profile/keys" do`
			`subject { profile_keys_path }`
Clean up request specs 2012-08-25 17:43:55 +00:00
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
init commit 2011-10-08 21:36:38 +00:00			`end`

clean-up code * Remove trailing whitespace * Converts hard-tabs into two-space soft-tabs * Remove consecutive blank lines 2011-10-26 13:46:25 +00:00			`describe "GET /profile" do`
Clean up request specs 2012-08-25 17:43:55 +00:00			`subject { profile_path }`

Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
init commit 2011-10-08 21:36:38 +00:00			`end`

Refactored profile area 2012-09-14 16:13:25 +00:00			`describe "GET /profile/account" do`
Fix profile specs 2013-10-09 16:03:09 +00:00			`subject { profile_account_path }`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`end`

			`describe "GET /profile/design" do`
			`subject { design_profile_path }`
Clean up request specs 2012-08-25 17:43:55 +00:00
Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
init commit 2011-10-08 21:36:38 +00:00			`end`
Extend profile security specs 2013-09-25 11:05:03 +00:00
			`describe "GET /profile/history" do`
			`subject { history_profile_path }`

Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
Extend profile security specs 2013-09-25 11:05:03 +00:00			`end`

			`describe "GET /profile/notifications" do`
			`subject { profile_notifications_path }`

Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
Extend profile security specs 2013-09-25 11:05:03 +00:00			`end`

			`describe "GET /profile/groups" do`
			`subject { profile_groups_path }`

Updated rspec to rspec 3.x syntax Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-02-12 18:17:35 +00:00			`it { is_expected.to be_allowed_for @u1 }`
			`it { is_expected.to be_allowed_for :admin }`
			`it { is_expected.to be_allowed_for :user }`
			`it { is_expected.to be_denied_for :visitor }`
Extend profile security specs 2013-09-25 11:05:03 +00:00			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`
			`end`