2019-03-30 03:23:56 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-12-11 09:21:06 -05:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 14:09:03 -04:00
|
|
|
RSpec.describe ProtectedRefAccess do
|
2019-04-09 11:38:58 -04:00
|
|
|
include ExternalAuthorizationServiceHelpers
|
|
|
|
|
2017-12-11 09:21:06 -05:00
|
|
|
subject(:protected_ref_access) do
|
2018-07-11 10:36:08 -04:00
|
|
|
create(:protected_branch, :maintainers_can_push).push_access_levels.first
|
2017-12-11 09:21:06 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
let(:project) { protected_ref_access.project }
|
|
|
|
|
|
|
|
describe '#check_access' do
|
|
|
|
it 'is always true for admins' do
|
|
|
|
admin = create(:admin)
|
|
|
|
|
|
|
|
expect(protected_ref_access.check_access(admin)).to be_truthy
|
|
|
|
end
|
|
|
|
|
2018-07-11 10:36:08 -04:00
|
|
|
it 'is true for maintainers' do
|
|
|
|
maintainer = create(:user)
|
|
|
|
project.add_maintainer(maintainer)
|
2017-12-11 09:21:06 -05:00
|
|
|
|
2018-07-11 10:36:08 -04:00
|
|
|
expect(protected_ref_access.check_access(maintainer)).to be_truthy
|
2017-12-11 09:21:06 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'is for developers of the project' do
|
|
|
|
developer = create(:user)
|
|
|
|
project.add_developer(developer)
|
|
|
|
|
|
|
|
expect(protected_ref_access.check_access(developer)).to be_falsy
|
|
|
|
end
|
2019-04-09 11:38:58 -04:00
|
|
|
|
|
|
|
context 'external authorization' do
|
|
|
|
it 'is false if external authorization denies access' do
|
|
|
|
maintainer = create(:user)
|
|
|
|
project.add_maintainer(maintainer)
|
|
|
|
external_service_deny_access(maintainer, project)
|
|
|
|
|
|
|
|
expect(protected_ref_access.check_access(maintainer)).to be_falsey
|
|
|
|
end
|
|
|
|
end
|
2017-12-11 09:21:06 -05:00
|
|
|
end
|
|
|
|
end
|