gitlab-org--gitlab-foss/spec/services/members/destroy_service_spec.rb

require 'spec_helper'

describe Members::DestroyService do
  let(:current_user) { create(:user) }
  let(:member_user) { create(:user) }
  let(:project) { create(:project, :public) }
  let(:group) { create(:group, :public) }

  shared_examples 'a service raising ActiveRecord::RecordNotFound' do
    it 'raises ActiveRecord::RecordNotFound' do
      expect { described_class.new(source, current_user).execute(member) }.to raise_error(ActiveRecord::RecordNotFound)
    end
  end

  shared_examples 'a service raising Gitlab::Access::AccessDeniedError' do
    it 'raises Gitlab::Access::AccessDeniedError' do
      expect { described_class.new(source, current_user).execute(member) }.to raise_error(Gitlab::Access::AccessDeniedError)
    end
  end

  shared_examples 'a service destroying a member' do
    it 'destroys the member' do
      expect { described_class.new(source, current_user).execute(member) }.to change { source.members.count }.by(-1)
    end
  end

  shared_examples 'a service destroying an access requester' do
    it 'destroys the access requester' do
      expect { described_class.new(source, current_user).execute(access_requester) }.to change { source.requesters.count }.by(-1)
    end

    it 'calls Member#after_decline_request' do
      expect_any_instance_of(NotificationService).to receive(:decline_access_request).with(access_requester)

      described_class.new(source, current_user).execute(access_requester)
    end

    context 'when current user is the member' do
      it 'does not call Member#after_decline_request' do
        expect_any_instance_of(NotificationService).not_to receive(:decline_access_request).with(access_requester)

        described_class.new(source, member_user).execute(access_requester)
      end
    end
  end

  context 'with a member' do
    before do
      project.add_developer(member_user)
      group.add_developer(member_user)
    end
    let(:member) { source.members.find_by(user_id: member_user.id) }

    context 'when current user cannot destroy the given member' do
      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
        let(:source) { project }
      end

      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
        let(:source) { group }
      end
    end

    context 'when current user can destroy the given member' do
      before do
        project.add_master(current_user)
        group.add_owner(current_user)
      end

      it_behaves_like 'a service destroying a member' do
        let(:source) { project }
      end

      it_behaves_like 'a service destroying a member' do
        let(:source) { group }
      end
    end
  end

  context 'with an access requester' do
    before do
      project.update_attributes(request_access_enabled: true)
      group.update_attributes(request_access_enabled: true)
      project.request_access(member_user)
      group.request_access(member_user)
    end
    let(:access_requester) { source.requesters.find_by(user_id: member_user.id) }

    context 'when current user cannot destroy the given access requester' do
      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
        let(:source) { project }
        let(:member) { access_requester }
      end

      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
        let(:source) { group }
        let(:member) { access_requester }
      end
    end

    context 'when current user can destroy the given access requester' do
      before do
        project.add_master(current_user)
        group.add_owner(current_user)
      end

      it_behaves_like 'a service destroying an access requester' do
        let(:source) { project }
      end

      it_behaves_like 'a service destroying an access requester' do
        let(:source) { group }
      end
    end
  end
end
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`require 'spec_helper'`

Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-07-10 14:24:02 +00:00			`describe Members::DestroyService do`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`let(:current_user) { create(:user) }`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`let(:member_user) { create(:user) }`
Change all `:empty_project` to `:project` 2017-08-02 19:55:11 +00:00			`let(:project) { create(:project, :public) }`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`let(:group) { create(:group, :public) }`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`shared_examples 'a service raising ActiveRecord::RecordNotFound' do`
			`it 'raises ActiveRecord::RecordNotFound' do`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`expect { described_class.new(source, current_user).execute(member) }.to raise_error(ActiveRecord::RecordNotFound)`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`end`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`shared_examples 'a service raising Gitlab::Access::AccessDeniedError' do`
			`it 'raises Gitlab::Access::AccessDeniedError' do`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`expect { described_class.new(source, current_user).execute(member) }.to raise_error(Gitlab::Access::AccessDeniedError)`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00			`end`
			`end`

Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`shared_examples 'a service destroying a member' do`
			`it 'destroys the member' do`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`expect { described_class.new(source, current_user).execute(member) }.to change { source.members.count }.by(-1)`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`end`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`shared_examples 'a service destroying an access requester' do`
			`it 'destroys the access requester' do`
			`expect { described_class.new(source, current_user).execute(access_requester) }.to change { source.requesters.count }.by(-1)`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`

Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`it 'calls Member#after_decline_request' do`
			`expect_any_instance_of(NotificationService).to receive(:decline_access_request).with(access_requester)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`described_class.new(source, current_user).execute(access_requester)`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`

Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`context 'when current user is the member' do`
			`it 'does not call Member#after_decline_request' do`
			`expect_any_instance_of(NotificationService).not_to receive(:decline_access_request).with(access_requester)`

			`described_class.new(source, member_user).execute(access_requester)`
			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`end`
			`end`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`context 'with a member' do`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`before do`
Replace '.team << [user, role]' with 'add_role(user)' in specs 2017-12-22 08:18:28 +00:00			`project.add_developer(member_user)`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`group.add_developer(member_user)`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`let(:member) { source.members.find_by(user_id: member_user.id) }`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`context 'when current user cannot destroy the given member' do`
			`it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do`
			`let(:source) { project }`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`

Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do`
			`let(:source) { group }`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`end`
Don't send the "access declined" email on access request withdrawal Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 14:33:37 +00:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`context 'when current user can destroy the given member' do`
			`before do`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`project.add_master(current_user)`
			`group.add_owner(current_user)`
Don't send the "access declined" email on access request withdrawal Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 14:33:37 +00:00			`end`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`it_behaves_like 'a service destroying a member' do`
			`let(:source) { project }`
			`end`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00
Improve Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:31:17 +00:00			`it_behaves_like 'a service destroying a member' do`
			`let(:source) { group }`
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 16:59:33 +00:00			`end`
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`end`
			`end`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 16:51:31 +00:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`context 'with an access requester' do`
			`before do`
			`project.update_attributes(request_access_enabled: true)`
			`group.update_attributes(request_access_enabled: true)`
			`project.request_access(member_user)`
			`group.request_access(member_user)`
			`end`
			`let(:access_requester) { source.requesters.find_by(user_id: member_user.id) }`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 16:51:31 +00:00
Remove explicit audit event log in MembershipActions Move it to Members::ApproveAccessRequestService. Also, note that there was a double audit event log for access request destruction. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-10-11 14:47:08 +00:00			`context 'when current user cannot destroy the given access requester' do`
			`it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do`
			`let(:source) { project }`
			`let(:member) { access_requester }`
			`end`

			`it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do`
			`let(:source) { group }`
			`let(:member) { access_requester }`
			`end`
			`end`

			`context 'when current user can destroy the given access requester' do`
			`before do`
			`project.add_master(current_user)`
			`group.add_owner(current_user)`
			`end`

			`it_behaves_like 'a service destroying an access requester' do`
			`let(:source) { project }`
			`end`

			`it_behaves_like 'a service destroying an access requester' do`
			`let(:source) { group }`
Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 16:51:31 +00:00			`end`
New Members::DestroyService This is to ensure we don't send unwanted notifications when deleting a project. In other words, stop abusing AR callbacks and use services. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-17 12:06:55 +00:00			`end`
			`end`
			`end`