Add missing security specs for raw snippet access
Each project visibility type (Public, Internal, Private) has an access feature spec to catch security regressions. This commit adds relevent tests for the raw snippet path in each of these project access specs. Refacotrings: - Use an empty project factory for access specs
This commit is contained in:
parent
50f3fd49a2
commit
80a2e3a9c8
|
@ -3,7 +3,7 @@ require 'spec_helper'
|
|||
describe "Internal Project Snippets Access", feature: true do
|
||||
include AccessMatchers
|
||||
|
||||
let(:project) { create(:project, :internal) }
|
||||
let(:project) { create(:empty_project, :internal) }
|
||||
|
||||
let(:owner) { project.owner }
|
||||
let(:master) { create(:user) }
|
||||
|
@ -48,31 +48,63 @@ describe "Internal Project Snippets Access", feature: true do
|
|||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/:id for an internal snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) }
|
||||
describe "GET /:project_path/snippets/:id" do
|
||||
context "for an internal snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
context "for a private snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/:id for a private snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
describe "GET /:project_path/snippets/:id/raw" do
|
||||
context "for an internal snippet" do
|
||||
subject { raw_namespace_project_snippet_path(project.namespace, project, internal_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
context "for a private snippet" do
|
||||
subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,7 +3,7 @@ require 'spec_helper'
|
|||
describe "Private Project Snippets Access", feature: true do
|
||||
include AccessMatchers
|
||||
|
||||
let(:project) { create(:project, :private) }
|
||||
let(:project) { create(:empty_project, :private) }
|
||||
|
||||
let(:owner) { project.owner }
|
||||
let(:master) { create(:user) }
|
||||
|
@ -60,4 +60,18 @@ describe "Private Project Snippets Access", feature: true do
|
|||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/:id/raw for a private snippet" do
|
||||
subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,7 +3,7 @@ require 'spec_helper'
|
|||
describe "Public Project Snippets Access", feature: true do
|
||||
include AccessMatchers
|
||||
|
||||
let(:project) { create(:project, :public) }
|
||||
let(:project) { create(:empty_project, :public) }
|
||||
|
||||
let(:owner) { project.owner }
|
||||
let(:master) { create(:user) }
|
||||
|
@ -49,45 +49,91 @@ describe "Public Project Snippets Access", feature: true do
|
|||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/:id for a public snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, public_snippet) }
|
||||
describe "GET /:project_path/snippets/:id" do
|
||||
context "for a public snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, public_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
end
|
||||
|
||||
context "for an internal snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
context "for a private snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/:id for an internal snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) }
|
||||
describe "GET /:project_path/snippets/:id/raw" do
|
||||
context "for a public snippet" do
|
||||
subject { raw_namespace_project_snippet_path(project.namespace, project, public_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_allowed_for :external }
|
||||
it { is_expected.to be_allowed_for :visitor }
|
||||
end
|
||||
|
||||
describe "GET /:project_path/snippets/:id for a private snippet" do
|
||||
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
context "for an internal snippet" do
|
||||
subject { raw_namespace_project_snippet_path(project.namespace, project, internal_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_allowed_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
|
||||
context "for a private snippet" do
|
||||
subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) }
|
||||
|
||||
it { is_expected.to be_allowed_for :admin }
|
||||
it { is_expected.to be_allowed_for owner }
|
||||
it { is_expected.to be_allowed_for master }
|
||||
it { is_expected.to be_allowed_for developer }
|
||||
it { is_expected.to be_allowed_for reporter }
|
||||
it { is_expected.to be_allowed_for guest }
|
||||
it { is_expected.to be_denied_for :user }
|
||||
it { is_expected.to be_denied_for :external }
|
||||
it { is_expected.to be_denied_for :visitor }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue