Speed up Project security access specs
Prior, every single test was creating four `ProjectMember` objects, each of which created one `User` record, even though each test only used _one_ of those Users, if any. Now each test only creates the single user record it needs, if it needs one. This shaves minutes off of each spec file changed here.
This commit is contained in:
parent
eff2404785
commit
13ad9a745a
|
@ -5,19 +5,6 @@ describe "Internal Project Access", feature: true do
|
|||
|
||||
let(:project) { create(:project, :internal) }
|
||||
|
||||
let(:owner) { project.owner }
|
||||
let(:master) { create(:user) }
|
||||
let(:developer) { create(:user) }
|
||||
let(:reporter) { create(:user) }
|
||||
let(:guest) { create(:user) }
|
||||
|
||||
before do
|
||||
project.team << [master, :master]
|
||||
project.team << [developer, :developer]
|
||||
project.team << [reporter, :reporter]
|
||||
project.team << [guest, :guest]
|
||||
end
|
||||
|
||||
describe "Project should be internal" do
|
||||
describe '#internal?' do
|
||||
subject { project.internal? }
|
||||
|
@ -28,213 +15,213 @@ describe "Internal Project Access", feature: true do
|
|||
describe "GET /:project_path" do
|
||||
subject { namespace_project_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/tree/master" do
|
||||
subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/commits/master" do
|
||||
subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/commit/:sha" do
|
||||
subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/compare" do
|
||||
subject { namespace_project_compare_index_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/project_members" do
|
||||
subject { namespace_project_project_members_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/blob" do
|
||||
let(:commit) { project.repository.commit }
|
||||
subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/edit" do
|
||||
subject { edit_namespace_project_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/deploy_keys" do
|
||||
subject { namespace_project_deploy_keys_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/issues" do
|
||||
subject { namespace_project_issues_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/issues/:id/edit" do
|
||||
let(:issue) { create(:issue, project: project) }
|
||||
subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets" do
|
||||
subject { namespace_project_snippets_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/new" do
|
||||
subject { new_namespace_project_snippet_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/merge_requests" do
|
||||
subject { namespace_project_merge_requests_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/merge_requests/new" do
|
||||
subject { new_namespace_project_merge_request_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/branches" do
|
||||
|
@ -245,15 +232,15 @@ describe "Internal Project Access", feature: true do
|
|||
allow_any_instance_of(Project).to receive(:branches).and_return([])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/tags" do
|
||||
|
@ -264,58 +251,58 @@ describe "Internal Project Access", feature: true do
|
|||
allow_any_instance_of(Project).to receive(:tags).and_return([])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/hooks" do
|
||||
subject { namespace_project_hooks_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/pipelines" do
|
||||
subject { namespace_project_pipelines_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/pipelines/:id" do
|
||||
let(:pipeline) { create(:ci_pipeline, project: project) }
|
||||
subject { namespace_project_pipeline_path(project.namespace, project, pipeline) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/builds" do
|
||||
|
@ -324,29 +311,29 @@ describe "Internal Project Access", feature: true do
|
|||
context "when allowed for public and internal" do
|
||||
before { project.update(public_builds: true) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
context "when disallowed for public and internal" do
|
||||
before { project.update(public_builds: false) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -358,73 +345,73 @@ describe "Internal Project Access", feature: true do
|
|||
context "when allowed for public and internal" do
|
||||
before { project.update(public_builds: true) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
context "when disallowed for public and internal" do
|
||||
before { project.update(public_builds: false) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments" do
|
||||
subject { namespace_project_environments_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments/:id" do
|
||||
let(:environment) { create(:environment, project: project) }
|
||||
subject { namespace_project_environment_path(project.namespace, project, environment) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments/new" do
|
||||
subject { new_namespace_project_environment_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/container_registry" do
|
||||
|
@ -435,14 +422,14 @@ describe "Internal Project Access", feature: true do
|
|||
|
||||
subject { namespace_project_container_registry_index_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -5,19 +5,6 @@ describe "Private Project Access", feature: true do
|
|||
|
||||
let(:project) { create(:project, :private) }
|
||||
|
||||
let(:owner) { project.owner }
|
||||
let(:master) { create(:user) }
|
||||
let(:developer) { create(:user) }
|
||||
let(:reporter) { create(:user) }
|
||||
let(:guest) { create(:user) }
|
||||
|
||||
before do
|
||||
project.team << [master, :master]
|
||||
project.team << [developer, :developer]
|
||||
project.team << [reporter, :reporter]
|
||||
project.team << [guest, :guest]
|
||||
end
|
||||
|
||||
describe "Project should be private" do
|
||||
describe '#private?' do
|
||||
subject { project.private? }
|
||||
|
@ -28,185 +15,185 @@ describe "Private Project Access", feature: true do
|
|||
describe "GET /:project_path" do
|
||||
subject { namespace_project_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/tree/master" do
|
||||
subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/commits/master" do
|
||||
subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/commit/:sha" do
|
||||
subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/compare" do
|
||||
subject { namespace_project_compare_index_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/project_members" do
|
||||
subject { namespace_project_project_members_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/blob" do
|
||||
let(:commit) { project.repository.commit }
|
||||
subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore'))}
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/edit" do
|
||||
subject { edit_namespace_project_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/deploy_keys" do
|
||||
subject { namespace_project_deploy_keys_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/issues" do
|
||||
subject { namespace_project_issues_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/issues/:id/edit" do
|
||||
let(:issue) { create(:issue, project: project) }
|
||||
subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets" do
|
||||
subject { namespace_project_snippets_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/merge_requests" do
|
||||
subject { namespace_project_merge_requests_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/branches" do
|
||||
|
@ -217,15 +204,15 @@ describe "Private Project Access", feature: true do
|
|||
allow_any_instance_of(Project).to receive(:branches).and_return([])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/tags" do
|
||||
|
@ -236,72 +223,72 @@ describe "Private Project Access", feature: true do
|
|||
allow_any_instance_of(Project).to receive(:tags).and_return([])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/hooks" do
|
||||
subject { namespace_project_hooks_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/pipelines" do
|
||||
subject { namespace_project_pipelines_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/pipelines/:id" do
|
||||
let(:pipeline) { create(:ci_pipeline, project: project) }
|
||||
subject { namespace_project_pipeline_path(project.namespace, project, pipeline) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/builds" do
|
||||
subject { namespace_project_builds_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/builds/:id" do
|
||||
|
@ -309,58 +296,58 @@ describe "Private Project Access", feature: true do
|
|||
let(:build) { create(:ci_build, pipeline: pipeline) }
|
||||
subject { namespace_project_build_path(project.namespace, project, build.id) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments" do
|
||||
subject { namespace_project_environments_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments/:id" do
|
||||
let(:environment) { create(:environment, project: project) }
|
||||
subject { namespace_project_environment_path(project.namespace, project, environment) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments/new" do
|
||||
subject { new_namespace_project_environment_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/container_registry" do
|
||||
|
@ -371,14 +358,14 @@ describe "Private Project Access", feature: true do
|
|||
|
||||
subject { namespace_project_container_registry_index_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -5,19 +5,6 @@ describe "Public Project Access", feature: true do
|
|||
|
||||
let(:project) { create(:project, :public) }
|
||||
|
||||
let(:owner) { project.owner }
|
||||
let(:master) { create(:user) }
|
||||
let(:developer) { create(:user) }
|
||||
let(:reporter) { create(:user) }
|
||||
let(:guest) { create(:user) }
|
||||
|
||||
before do
|
||||
project.team << [master, :master]
|
||||
project.team << [developer, :developer]
|
||||
project.team << [reporter, :reporter]
|
||||
project.team << [guest, :guest]
|
||||
end
|
||||
|
||||
describe "Project should be public" do
|
||||
describe '#public?' do
|
||||
subject { project.public? }
|
||||
|
@ -28,114 +15,114 @@ describe "Public Project Access", feature: true do
|
|||
describe "GET /:project_path" do
|
||||
subject { namespace_project_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/tree/master" do
|
||||
subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/commits/master" do
|
||||
subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/commit/:sha" do
|
||||
subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/compare" do
|
||||
subject { namespace_project_compare_index_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/project_members" do
|
||||
subject { namespace_project_project_members_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/pipelines" do
|
||||
subject { namespace_project_pipelines_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/pipelines/:id" do
|
||||
let(:pipeline) { create(:ci_pipeline, project: project) }
|
||||
subject { namespace_project_pipeline_path(project.namespace, project, pipeline) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/builds" do
|
||||
|
@ -144,29 +131,29 @@ describe "Public Project Access", feature: true do
|
|||
context "when allowed for public" do
|
||||
before { project.update(public_builds: true) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
context "when disallowed for public" do
|
||||
before { project.update(public_builds: false) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -178,73 +165,73 @@ describe "Public Project Access", feature: true do
|
|||
context "when allowed for public" do
|
||||
before { project.update(public_builds: true) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
context "when disallowed for public" do
|
||||
before { project.update(public_builds: false) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments" do
|
||||
subject { namespace_project_environments_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments/:id" do
|
||||
let(:environment) { create(:environment, project: project) }
|
||||
subject { namespace_project_environment_path(project.namespace, project, environment) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/environments/new" do
|
||||
subject { new_namespace_project_environment_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/blob" do
|
||||
|
@ -252,127 +239,127 @@ describe "Public Project Access", feature: true do
|
|||
|
||||
subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/edit" do
|
||||
subject { edit_namespace_project_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/deploy_keys" do
|
||||
subject { namespace_project_deploy_keys_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/issues" do
|
||||
subject { namespace_project_issues_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/issues/:id/edit" do
|
||||
let(:issue) { create(:issue, project: project) }
|
||||
subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets" do
|
||||
subject { namespace_project_snippets_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/new" do
|
||||
subject { new_namespace_project_snippet_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/merge_requests" do
|
||||
subject { namespace_project_merge_requests_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/merge_requests/new" do
|
||||
subject { new_namespace_project_merge_request_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/branches" do
|
||||
|
@ -383,15 +370,15 @@ describe "Public Project Access", feature: true do
|
|||
allow_any_instance_of(Project).to receive(:branches).and_return([])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/tags" do
|
||||
|
@ -402,29 +389,29 @@ describe "Public Project Access", feature: true do
|
|||
allow_any_instance_of(Project).to receive(:tags).and_return([])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/hooks" do
|
||||
subject { namespace_project_hooks_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_denied_for developer }
|
||||
it { is_expected.to be_denied_for reporter }
|
||||
it { is_expected.to be_denied_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_denied_for(:developer).of(project) }
|
||||
it { is_expected.to be_denied_for(:reporter).of(project) }
|
||||
it { is_expected.to be_denied_for(:guest).of(project) }
|
||||
it { is_expected.to be_denied_for(:user) }
|
||||
it { is_expected.to be_denied_for(:external) }
|
||||
it { is_expected.to be_denied_for(:visitor) }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/container_registry" do
|
||||
|
@ -435,14 +422,14 @@ describe "Public Project Access", feature: true do
|
|||
|
||||
subject { namespace_project_container_registry_index_path(project.namespace, project) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for(:admin) }
|
||||
it { is_expected.to be_allowed_for(:owner).of(project) }
|
||||
it { is_expected.to be_allowed_for(:master).of(project) }
|
||||
it { is_expected.to be_allowed_for(:developer).of(project) }
|
||||
it { is_expected.to be_allowed_for(:reporter).of(project) }
|
||||
it { is_expected.to be_allowed_for(:guest).of(project) }
|
||||
it { is_expected.to be_allowed_for(:user) }
|
||||
it { is_expected.to be_allowed_for(:external) }
|
||||
it { is_expected.to be_allowed_for(:visitor) }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,7 +7,7 @@ module AccessMatchers
|
|||
extend RSpec::Matchers::DSL
|
||||
include Warden::Test::Helpers
|
||||
|
||||
def emulate_user(user)
|
||||
def emulate_user(user, project = nil)
|
||||
case user
|
||||
when :user
|
||||
login_as(create(:user))
|
||||
|
@ -18,6 +18,18 @@ module AccessMatchers
|
|||
when :external
|
||||
login_as(create(:user, external: true))
|
||||
when User
|
||||
login_as(user)
|
||||
when :owner
|
||||
raise ArgumentError, "cannot emulate owner without project" unless project
|
||||
|
||||
login_as(project.owner)
|
||||
when *Gitlab::Access.sym_options.keys
|
||||
raise ArgumentError, "cannot emulate user #{user} without project" unless project
|
||||
|
||||
role = user
|
||||
user = create(:user)
|
||||
project.public_send(:"add_#{role}", user)
|
||||
|
||||
login_as(user)
|
||||
else
|
||||
raise ArgumentError, "cannot emulate user #{user}"
|
||||
|
@ -26,8 +38,7 @@ module AccessMatchers
|
|||
|
||||
def description_for(user, type)
|
||||
if user.kind_of?(User)
|
||||
# User#inspect displays too much information for RSpec's description
|
||||
# messages
|
||||
# User#inspect displays too much information for RSpec's descriptions
|
||||
"be #{type} for the specified user"
|
||||
else
|
||||
"be #{type} for #{user}"
|
||||
|
@ -36,21 +47,31 @@ module AccessMatchers
|
|||
|
||||
matcher :be_allowed_for do |user|
|
||||
match do |url|
|
||||
emulate_user(user)
|
||||
visit url
|
||||
emulate_user(user, @project)
|
||||
visit(url)
|
||||
|
||||
status_code != 404 && current_path != new_user_session_path
|
||||
end
|
||||
|
||||
chain :of do |project|
|
||||
@project = project
|
||||
end
|
||||
|
||||
description { description_for(user, 'allowed') }
|
||||
end
|
||||
|
||||
matcher :be_denied_for do |user|
|
||||
match do |url|
|
||||
emulate_user(user)
|
||||
visit url
|
||||
emulate_user(user, @project)
|
||||
visit(url)
|
||||
|
||||
status_code == 404 || current_path == new_user_session_path
|
||||
end
|
||||
|
||||
chain :of do |project|
|
||||
@project = project
|
||||
end
|
||||
|
||||
description { description_for(user, 'denied') }
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue