2015-07-21 22:09:02 -04:00
|
|
|
# AccessMatchers
|
|
|
|
#
|
|
|
|
# The custom matchers contained in this module are used to test a user's access
|
|
|
|
# to a URL by emulating a specific user or type of user account, visiting the
|
|
|
|
# URL, and then checking the response status code and resulting path.
|
|
|
|
module AccessMatchers
|
|
|
|
extend RSpec::Matchers::DSL
|
|
|
|
include Warden::Test::Helpers
|
|
|
|
|
2019-02-26 12:28:04 -05:00
|
|
|
def emulate_user(user_type_or_trait, membership = nil)
|
|
|
|
case user_type_or_trait
|
|
|
|
when :user, :admin
|
|
|
|
login_as(create(user_type_or_trait))
|
|
|
|
when :external, :auditor
|
|
|
|
login_as(create(:user, user_type_or_trait))
|
2015-07-21 22:09:02 -04:00
|
|
|
when :visitor
|
|
|
|
logout
|
|
|
|
when User
|
2019-02-26 12:28:04 -05:00
|
|
|
login_as(user_type_or_trait)
|
2016-11-29 02:08:11 -05:00
|
|
|
when *Gitlab::Access.sym_options_with_owner.keys
|
2019-02-26 12:28:04 -05:00
|
|
|
raise ArgumentError, "cannot emulate #{user_type_or_trait} without membership parent" unless membership
|
2016-11-29 02:08:11 -05:00
|
|
|
|
2019-02-26 12:28:04 -05:00
|
|
|
role = user_type_or_trait
|
|
|
|
user =
|
|
|
|
if role == :owner && membership.owner
|
|
|
|
membership.owner
|
|
|
|
else
|
|
|
|
create(:user).tap do |new_user|
|
|
|
|
membership.public_send(:"add_#{role}", new_user)
|
|
|
|
end
|
|
|
|
end
|
2016-11-28 00:08:14 -05:00
|
|
|
|
2015-07-21 22:09:02 -04:00
|
|
|
login_as(user)
|
|
|
|
else
|
|
|
|
raise ArgumentError, "cannot emulate user #{user}"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def description_for(user, type)
|
2017-02-22 12:25:50 -05:00
|
|
|
if user.is_a?(User)
|
2016-11-28 00:08:14 -05:00
|
|
|
# User#inspect displays too much information for RSpec's descriptions
|
2016-03-20 16:03:53 -04:00
|
|
|
"be #{type} for the specified user"
|
2015-07-21 22:09:02 -04:00
|
|
|
else
|
|
|
|
"be #{type} for #{user}"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
matcher :be_allowed_for do |user|
|
|
|
|
match do |url|
|
2016-11-29 02:08:11 -05:00
|
|
|
emulate_user(user, @membership)
|
2016-11-28 00:08:14 -05:00
|
|
|
visit(url)
|
|
|
|
|
2017-04-28 05:38:32 -04:00
|
|
|
status_code == 200 && current_path != new_user_session_path
|
2015-07-21 22:09:02 -04:00
|
|
|
end
|
|
|
|
|
2016-11-29 02:08:11 -05:00
|
|
|
chain :of do |membership|
|
|
|
|
@membership = membership
|
2016-11-28 00:08:14 -05:00
|
|
|
end
|
|
|
|
|
2015-07-21 22:09:02 -04:00
|
|
|
description { description_for(user, 'allowed') }
|
|
|
|
end
|
|
|
|
|
|
|
|
matcher :be_denied_for do |user|
|
|
|
|
match do |url|
|
2016-11-29 02:08:11 -05:00
|
|
|
emulate_user(user, @membership)
|
2016-11-28 00:08:14 -05:00
|
|
|
visit(url)
|
|
|
|
|
2017-04-28 05:38:32 -04:00
|
|
|
[401, 404].include?(status_code) || current_path == new_user_session_path
|
2015-07-21 22:09:02 -04:00
|
|
|
end
|
|
|
|
|
2016-11-29 02:08:11 -05:00
|
|
|
chain :of do |membership|
|
|
|
|
@membership = membership
|
2016-11-28 00:08:14 -05:00
|
|
|
end
|
|
|
|
|
2015-07-21 22:09:02 -04:00
|
|
|
description { description_for(user, 'denied') }
|
|
|
|
end
|
|
|
|
end
|