gitlab-org--gitlab-foss/spec/policies/global_policy_spec.rb

require 'spec_helper'

describe GlobalPolicy do
  let(:current_user) { create(:user) }
  let(:user) { create(:user) }

  subject { described_class.new(current_user, [user]) }

  describe "reading the list of users" do
    context "for a logged in user" do
      it { is_expected.to be_allowed(:read_users_list) }
    end

    context "for an anonymous user" do
      let(:current_user) { nil }

      context "when the public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
        end

        it { is_expected.not_to be_allowed(:read_users_list) }
      end

      context "when the public level is not restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [])
        end

        it { is_expected.to be_allowed(:read_users_list) }
      end
    end

    context "for an admin" do
      let(:current_user) { create(:admin) }

      context "when the public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
        end

        it { is_expected.to be_allowed(:read_users_list) }
      end

      context "when the public level is not restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [])
        end

        it { is_expected.to be_allowed(:read_users_list) }
      end
    end
  end
end
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 01:14:00 -04:00			`require 'spec_helper'`

Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-07-10 10:24:02 -04:00			`describe GlobalPolicy do`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 01:14:00 -04:00			`let(:current_user) { create(:user) }`
			`let(:user) { create(:user) }`

Use described_class when possible Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-07-25 13:09:00 -04:00			`subject { described_class.new(current_user, [user]) }`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 01:14:00 -04:00
			`describe "reading the list of users" do`
			`context "for a logged in user" do`
			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`

			`context "for an anonymous user" do`
			`let(:current_user) { nil }`

			`context "when the public level is restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])`
			`end`

			`it { is_expected.not_to be_allowed(:read_users_list) }`
			`end`

			`context "when the public level is not restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [])`
			`end`

			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`
			`end`
Allow admin to read_users_list even if it's restricted 2017-07-25 04:44:02 -04:00
			`context "for an admin" do`
			`let(:current_user) { create(:admin) }`

			`context "when the public level is restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])`
			`end`

			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`

			`context "when the public level is not restricted" do`
			`before do`
			`stub_application_setting(restricted_visibility_levels: [])`
			`end`

			`it { is_expected.to be_allowed(:read_users_list) }`
			`end`
			`end`
Implement review comments for !12445 from @jneen. - Fix duplicate `prevent` declaration - Add spec for `GlobalPolicy` 2017-07-03 01:14:00 -04:00			`end`
			`end`