update the specs to not require a set to be returned
This commit is contained in:
http://jneen.net/
parent
80d6e5bbd4
commit
963b374dc7
|
|
@ -2,8 +2,8 @@ require 'spec_helper'
|
|||
|
||||
describe Ability, lib: true do
|
||||
context 'using a nil subject' do
|
||||
it 'is always empty' do
|
||||
expect(Ability.allowed(nil, nil).to_set).to be_empty
|
||||
it 'has no permissions' do
|
||||
expect(Ability.policy_for(nil, nil)).to be_banned
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -255,12 +255,15 @@ describe Ability, lib: true do
|
|||
describe '.project_disabled_features_rules' do
|
||||
let(:project) { create(:empty_project, :wiki_disabled) }
|
||||
|
||||
subject { described_class.allowed(project.owner, project) }
|
||||
subject { described_class.policy_for(project.owner, project) }
|
||||
|
||||
context 'wiki named abilities' do
|
||||
it 'disables wiki abilities if the project has no wiki' do
|
||||
expect(project).to receive(:has_external_wiki?).and_return(false)
|
||||
expect(subject).not_to include(:read_wiki, :create_wiki, :update_wiki, :admin_wiki)
|
||||
expect(subject).not_to be_allowed(:read_wiki)
|
||||
expect(subject).not_to be_allowed(:create_wiki)
|
||||
expect(subject).not_to be_allowed(:update_wiki)
|
||||
expect(subject).not_to be_allowed(:admin_wiki)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -3,17 +3,17 @@ require 'spec_helper'
|
|||
describe BasePolicy, models: true do
|
||||
describe '.class_for' do
|
||||
it 'detects policy class based on the subject ancestors' do
|
||||
expect(described_class.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy)
|
||||
expect(DeclarativePolicy.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy)
|
||||
end
|
||||
|
||||
it 'detects policy class for a presented subject' do
|
||||
presentee = Ci::BuildPresenter.new(Ci::Build.new)
|
||||
|
||||
expect(described_class.class_for(presentee)).to eq(Ci::BuildPolicy)
|
||||
expect(DeclarativePolicy.class_for(presentee)).to eq(Ci::BuildPolicy)
|
||||
end
|
||||
|
||||
it 'uses GlobalPolicy when :global is given' do
|
||||
expect(described_class.class_for(:global)).to eq(GlobalPolicy)
|
||||
expect(DeclarativePolicy.class_for(:global)).to eq(GlobalPolicy)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do
|
|||
let(:build) { create(:ci_build, pipeline: pipeline) }
|
||||
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
|
||||
|
||||
let(:policies) do
|
||||
described_class.abilities(user, build).to_set
|
||||
let(:policy) do
|
||||
described_class.new(user, build)
|
||||
end
|
||||
|
||||
shared_context 'public pipelines disabled' do
|
||||
|
|
@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do
|
|||
|
||||
context 'when public builds are enabled' do
|
||||
it 'does not include ability to read build' do
|
||||
expect(policies).not_to include :read_build
|
||||
expect(policy).not_to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do
|
|||
include_context 'public pipelines disabled'
|
||||
|
||||
it 'does not include ability to read build' do
|
||||
expect(policies).not_to include :read_build
|
||||
expect(policy).not_to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do
|
|||
|
||||
context 'when public builds are enabled' do
|
||||
it 'includes ability to read build' do
|
||||
expect(policies).to include :read_build
|
||||
expect(policy).to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do
|
|||
include_context 'public pipelines disabled'
|
||||
|
||||
it 'does not include ability to read build' do
|
||||
expect(policies).not_to include :read_build
|
||||
expect(policy).not_to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do
|
|||
|
||||
context 'when public builds are enabled' do
|
||||
it 'includes ability to read build' do
|
||||
expect(policies).to include :read_build
|
||||
expect(policy).to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do
|
|||
include_context 'public pipelines disabled'
|
||||
|
||||
it 'does not include ability to read build' do
|
||||
expect(policies).not_to include :read_build
|
||||
expect(policy).not_to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do
|
|||
|
||||
context 'when public builds are enabled' do
|
||||
it 'includes ability to read build' do
|
||||
expect(policies).to include :read_build
|
||||
expect(policy).to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do
|
|||
include_context 'public pipelines disabled'
|
||||
|
||||
it 'does not include ability to read build' do
|
||||
expect(policies).to include :read_build
|
||||
expect(policy).to be_allowed :read_build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do
|
|||
end
|
||||
|
||||
it 'does not include ability to update build' do
|
||||
expect(policies).not_to include :update_build
|
||||
expect(policy).to be_disallowed :update_build
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do
|
|||
end
|
||||
|
||||
it 'includes ability to update build' do
|
||||
expect(policies).to include :update_build
|
||||
expect(policy).to be_allowed :update_build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do
|
|||
let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
|
||||
|
||||
it 'includes ability to update build' do
|
||||
expect(policies).to include :update_build
|
||||
expect(policy).to be_allowed :update_build
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do
|
|||
let(:build) { create(:ci_build, pipeline: pipeline) }
|
||||
|
||||
it 'includes ability to update build' do
|
||||
expect(policies).to include :update_build
|
||||
expect(policy).to be_allowed :update_build
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do
|
|||
let(:trigger) { create(:ci_trigger, project: project, owner: owner) }
|
||||
|
||||
let(:policies) do
|
||||
described_class.abilities(user, trigger).to_set
|
||||
described_class.new(user, trigger)
|
||||
end
|
||||
|
||||
shared_examples 'allows to admin and manage trigger' do
|
||||
it 'does include ability to admin trigger' do
|
||||
expect(policies).to include :admin_trigger
|
||||
expect(policies).to be_allowed :admin_trigger
|
||||
end
|
||||
|
||||
it 'does include ability to manage trigger' do
|
||||
expect(policies).to include :manage_trigger
|
||||
expect(policies).to be_allowed :manage_trigger
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'allows to manage trigger' do
|
||||
it 'does not include ability to admin trigger' do
|
||||
expect(policies).not_to include :admin_trigger
|
||||
expect(policies).not_to be_allowed :admin_trigger
|
||||
end
|
||||
|
||||
it 'does include ability to manage trigger' do
|
||||
expect(policies).to include :manage_trigger
|
||||
expect(policies).to be_allowed :manage_trigger
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'disallows to admin and manage trigger' do
|
||||
it 'does not include ability to admin trigger' do
|
||||
expect(policies).not_to include :admin_trigger
|
||||
expect(policies).not_to be_allowed :admin_trigger
|
||||
end
|
||||
|
||||
it 'does not include ability to manage trigger' do
|
||||
expect(policies).not_to include :manage_trigger
|
||||
expect(policies).not_to be_allowed :manage_trigger
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe DeployKeyPolicy, models: true do
|
||||
subject { described_class.abilities(current_user, deploy_key).to_set }
|
||||
subject { described_class.new(current_user, deploy_key) }
|
||||
|
||||
describe 'updating a deploy_key' do
|
||||
context 'when a regular user' do
|
||||
|
|
@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do
|
|||
project.deploy_keys << deploy_key
|
||||
end
|
||||
|
||||
it { is_expected.to include(:update_deploy_key) }
|
||||
it { is_expected.to be_allowed(:update_deploy_key) }
|
||||
end
|
||||
|
||||
context 'tries to update private deploy key attached to other project' do
|
||||
|
|
@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do
|
|||
other_project.deploy_keys << deploy_key
|
||||
end
|
||||
|
||||
it { is_expected.not_to include(:update_deploy_key) }
|
||||
it { is_expected.to be_disallowed(:update_deploy_key) }
|
||||
end
|
||||
|
||||
context 'tries to update public deploy key' do
|
||||
let(:deploy_key) { create(:another_deploy_key, public: true) }
|
||||
|
||||
it { is_expected.not_to include(:update_deploy_key) }
|
||||
it { is_expected.to be_disallowed(:update_deploy_key) }
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do
|
|||
context ' tries to update private deploy key' do
|
||||
let(:deploy_key) { create(:deploy_key, public: false) }
|
||||
|
||||
it { is_expected.to include(:update_deploy_key) }
|
||||
it { is_expected.to be_allowed(:update_deploy_key) }
|
||||
end
|
||||
|
||||
context 'when an admin user tries to update public deploy key' do
|
||||
let(:deploy_key) { create(:another_deploy_key, public: true) }
|
||||
|
||||
it { is_expected.to include(:update_deploy_key) }
|
||||
it { is_expected.to be_allowed(:update_deploy_key) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ describe EnvironmentPolicy do
|
|||
create(:environment, :with_review_app, project: project)
|
||||
end
|
||||
|
||||
let(:policies) do
|
||||
described_class.abilities(user, environment).to_set
|
||||
let(:policy) do
|
||||
described_class.new(user, environment)
|
||||
end
|
||||
|
||||
describe '#rules' do
|
||||
|
|
@ -17,7 +17,7 @@ describe EnvironmentPolicy do
|
|||
let(:project) { create(:project, :private) }
|
||||
|
||||
it 'does not include ability to stop environment' do
|
||||
expect(policies).not_to include :stop_environment
|
||||
expect(policy).to be_disallowed :stop_environment
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ describe EnvironmentPolicy do
|
|||
let(:project) { create(:project, :public) }
|
||||
|
||||
it 'does not include ability to stop environment' do
|
||||
expect(policies).not_to include :stop_environment
|
||||
expect(policy).to be_disallowed :stop_environment
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ describe EnvironmentPolicy do
|
|||
|
||||
context 'when team member has ability to stop environment' do
|
||||
it 'does includes ability to stop environment' do
|
||||
expect(policies).to include :stop_environment
|
||||
expect(policy).to be_allowed :stop_environment
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -49,7 +49,7 @@ describe EnvironmentPolicy do
|
|||
end
|
||||
|
||||
it 'does not include ability to stop environment' do
|
||||
expect(policies).not_to include :stop_environment
|
||||
expect(policy).to be_disallowed :stop_environment
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -36,16 +36,24 @@ describe GroupPolicy, models: true do
|
|||
group.add_owner(owner)
|
||||
end
|
||||
|
||||
subject { described_class.abilities(current_user, group).to_set }
|
||||
subject { described_class.new(current_user, group) }
|
||||
|
||||
def expect_allowed(*permissions)
|
||||
permissions.each { |p| is_expected.to be_allowed(p) }
|
||||
end
|
||||
|
||||
def expect_disallowed(*permissions)
|
||||
permissions.each { |p| is_expected.not_to be_allowed(p) }
|
||||
end
|
||||
|
||||
context 'with no user' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.not_to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_disallowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -53,10 +61,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { guest }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.not_to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_disallowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -64,10 +72,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { reporter }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -75,10 +83,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { developer }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -86,10 +94,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { master }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -97,10 +105,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { owner }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_allowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -108,10 +116,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { admin }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_allowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -130,16 +138,16 @@ describe GroupPolicy, models: true do
|
|||
nested_group.add_owner(owner)
|
||||
end
|
||||
|
||||
subject { described_class.abilities(current_user, nested_group).to_set }
|
||||
subject { described_class.new(current_user, nested_group) }
|
||||
|
||||
context 'with no user' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_group)
|
||||
is_expected.not_to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_disallowed(:read_group)
|
||||
expect_disallowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -147,10 +155,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { guest }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.not_to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_disallowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -158,10 +166,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { reporter }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -169,10 +177,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { developer }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -180,10 +188,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { master }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -191,10 +199,10 @@ describe GroupPolicy, models: true do
|
|||
let(:current_user) { owner }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_group)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.to include(*owner_permissions)
|
||||
expect_allowed(:read_group)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_allowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ describe IssuePolicy, models: true do
|
|||
let(:reporter_from_group_link) { create(:user) }
|
||||
|
||||
def permissions(user, issue)
|
||||
described_class.abilities(user, issue).to_set
|
||||
described_class.new(user, issue)
|
||||
end
|
||||
|
||||
context 'a private project' do
|
||||
|
|
@ -30,42 +30,42 @@ describe IssuePolicy, models: true do
|
|||
end
|
||||
|
||||
it 'does not allow non-members to read issues' do
|
||||
expect(permissions(non_member, issue)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(non_member, issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(non_member, issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(non_member, issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows guests to read issues' do
|
||||
expect(permissions(guest, issue)).to include(:read_issue)
|
||||
expect(permissions(guest, issue)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(guest, issue)).to be_allowed(:read_issue)
|
||||
expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue)
|
||||
|
||||
expect(permissions(guest, issue_no_assignee)).to include(:read_issue)
|
||||
expect(permissions(guest, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue)
|
||||
expect(permissions(guest, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters to read, update, and admin issues' do
|
||||
expect(permissions(reporter, issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters from group links to read, update, and admin issues' do
|
||||
expect(permissions(reporter_from_group_link, issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue authors to read and update their issues' do
|
||||
expect(permissions(author, issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(author, issue)).not_to include(:admin_issue)
|
||||
expect(permissions(author, issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(author, issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(author, issue_no_assignee)).to include(:read_issue)
|
||||
expect(permissions(author, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue)
|
||||
expect(permissions(author, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue assignees to read and update their issues' do
|
||||
expect(permissions(assignee, issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, issue)).not_to include(:admin_issue)
|
||||
expect(permissions(assignee, issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(assignee, issue_no_assignee)).to include(:read_issue)
|
||||
expect(permissions(assignee, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue)
|
||||
expect(permissions(assignee, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
context 'with confidential issues' do
|
||||
|
|
@ -73,37 +73,37 @@ describe IssuePolicy, models: true do
|
|||
let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) }
|
||||
|
||||
it 'does not allow non-members to read confidential issues' do
|
||||
expect(permissions(non_member, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(non_member, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(non_member, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(non_member, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'does not allow guests to read confidential issues' do
|
||||
expect(permissions(guest, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(guest, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters to read, update, and admin confidential issues' do
|
||||
expect(permissions(reporter, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters from group links to read, update, and admin confidential issues' do
|
||||
expect(permissions(reporter_from_group_link, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue authors to read and update their confidential issues' do
|
||||
expect(permissions(author, confidential_issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(author, confidential_issue)).not_to include(:admin_issue)
|
||||
expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(author, confidential_issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(author, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue assignees to read and update their confidential issues' do
|
||||
expect(permissions(assignee, confidential_issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, confidential_issue)).not_to include(:admin_issue)
|
||||
expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, confidential_issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(assignee, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -123,37 +123,37 @@ describe IssuePolicy, models: true do
|
|||
end
|
||||
|
||||
it 'allows guests to read issues' do
|
||||
expect(permissions(guest, issue)).to include(:read_issue)
|
||||
expect(permissions(guest, issue)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(guest, issue)).to be_allowed(:read_issue)
|
||||
expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue)
|
||||
|
||||
expect(permissions(guest, issue_no_assignee)).to include(:read_issue)
|
||||
expect(permissions(guest, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue)
|
||||
expect(permissions(guest, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters to read, update, and admin issues' do
|
||||
expect(permissions(reporter, issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters from group links to read, update, and admin issues' do
|
||||
expect(permissions(reporter_from_group_link, issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue authors to read and update their issues' do
|
||||
expect(permissions(author, issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(author, issue)).not_to include(:admin_issue)
|
||||
expect(permissions(author, issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(author, issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(author, issue_no_assignee)).to include(:read_issue)
|
||||
expect(permissions(author, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue)
|
||||
expect(permissions(author, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue assignees to read and update their issues' do
|
||||
expect(permissions(assignee, issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, issue)).not_to include(:admin_issue)
|
||||
expect(permissions(assignee, issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(assignee, issue_no_assignee)).to include(:read_issue)
|
||||
expect(permissions(assignee, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
|
||||
expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue)
|
||||
expect(permissions(assignee, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
context 'with confidential issues' do
|
||||
|
|
@ -161,32 +161,32 @@ describe IssuePolicy, models: true do
|
|||
let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) }
|
||||
|
||||
it 'does not allow guests to read confidential issues' do
|
||||
expect(permissions(guest, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(guest, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporters to read, update, and admin confidential issues' do
|
||||
expect(permissions(reporter, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows reporter from group links to read, update, and admin confidential issues' do
|
||||
expect(permissions(reporter_from_group_link, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue authors to read and update their confidential issues' do
|
||||
expect(permissions(author, confidential_issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(author, confidential_issue)).not_to include(:admin_issue)
|
||||
expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(author, confidential_issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(author, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
|
||||
it 'allows issue assignees to read and update their confidential issues' do
|
||||
expect(permissions(assignee, confidential_issue)).to include(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, confidential_issue)).not_to include(:admin_issue)
|
||||
expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :update_issue)
|
||||
expect(permissions(assignee, confidential_issue)).to be_disallowed(:admin_issue)
|
||||
|
||||
expect(permissions(assignee, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
|
||||
expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do
|
|||
end
|
||||
|
||||
def permissions(user)
|
||||
described_class.abilities(user, snippet).to_set
|
||||
described_class.new(user, snippet)
|
||||
end
|
||||
|
||||
context 'public snippet' do
|
||||
|
|
@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(nil) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_personal_snippet)
|
||||
is_expected.not_to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_allowed(:read_personal_snippet)
|
||||
is_expected.to be_disallowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(regular_user) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_personal_snippet)
|
||||
is_expected.to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_allowed(:read_personal_snippet)
|
||||
is_expected.to be_allowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(snippet.author) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_personal_snippet)
|
||||
is_expected.to include(:comment_personal_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
is_expected.to be_allowed(:read_personal_snippet)
|
||||
is_expected.to be_allowed(:comment_personal_snippet)
|
||||
is_expected.to be_allowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(nil) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_personal_snippet)
|
||||
is_expected.not_to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_disallowed(:read_personal_snippet)
|
||||
is_expected.to be_disallowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(regular_user) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_personal_snippet)
|
||||
is_expected.to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_allowed(:read_personal_snippet)
|
||||
is_expected.to be_allowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(external_user) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_personal_snippet)
|
||||
is_expected.not_to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_disallowed(:read_personal_snippet)
|
||||
is_expected.to be_disallowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(snippet.author) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_personal_snippet)
|
||||
is_expected.to include(:comment_personal_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
is_expected.to be_allowed(:read_personal_snippet)
|
||||
is_expected.to be_allowed(:comment_personal_snippet)
|
||||
is_expected.to be_allowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(nil) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_personal_snippet)
|
||||
is_expected.not_to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_disallowed(:read_personal_snippet)
|
||||
is_expected.to be_disallowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(regular_user) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_personal_snippet)
|
||||
is_expected.not_to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_disallowed(:read_personal_snippet)
|
||||
is_expected.to be_disallowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(external_user) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_personal_snippet)
|
||||
is_expected.not_to include(:comment_personal_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
is_expected.to be_disallowed(:read_personal_snippet)
|
||||
is_expected.to be_disallowed(:comment_personal_snippet)
|
||||
is_expected.to be_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do
|
|||
subject { permissions(snippet.author) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_personal_snippet)
|
||||
is_expected.to include(:comment_personal_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
is_expected.to be_allowed(:read_personal_snippet)
|
||||
is_expected.to be_allowed(:comment_personal_snippet)
|
||||
is_expected.to be_allowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do
|
|||
project.team << [reporter, :reporter]
|
||||
end
|
||||
|
||||
def expect_allowed(*permissions)
|
||||
permissions.each { |p| is_expected.to be_allowed(p) }
|
||||
end
|
||||
|
||||
def expect_disallowed(*permissions)
|
||||
permissions.each { |p| is_expected.not_to be_allowed(p) }
|
||||
end
|
||||
|
||||
it 'does not include the read_issue permission when the issue author is not a member of the private project' do
|
||||
project = create(:empty_project, :private)
|
||||
issue = create(:issue, project: project)
|
||||
user = issue.author
|
||||
|
||||
expect(project.team.member?(issue.author)).to eq(false)
|
||||
expect(project.team.member?(issue.author)).to be false
|
||||
|
||||
expect(BasePolicy.class_for(project).abilities(user, project).can_set)
|
||||
.not_to include(:read_issue)
|
||||
|
||||
expect(Ability.allowed?(user, :read_issue, project)).to be_falsy
|
||||
expect(Ability).not_to be_allowed(user, :read_issue, project)
|
||||
end
|
||||
|
||||
it 'does not include the wiki permissions when the feature is disabled' do
|
||||
project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED)
|
||||
wiki_permissions = [:read_wiki, :create_wiki, :update_wiki, :admin_wiki, :download_wiki_code]
|
||||
context 'when the feature is disabled' do
|
||||
subject { described_class.new(owner, project) }
|
||||
|
||||
permissions = described_class.abilities(owner, project).to_set
|
||||
before do
|
||||
project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED)
|
||||
end
|
||||
|
||||
expect(permissions).not_to include(*wiki_permissions)
|
||||
it 'does not include the wiki permissions' do
|
||||
expect_disallowed :read_wiki, :create_wiki, :update_wiki, :admin_wiki, :download_wiki_code
|
||||
end
|
||||
end
|
||||
|
||||
context 'abilities for non-public projects' do
|
||||
let(:project) { create(:empty_project, namespace: owner.namespace) }
|
||||
|
||||
subject { described_class.abilities(current_user, project).to_set }
|
||||
subject { described_class.new(current_user, project) }
|
||||
|
||||
context 'with no user' do
|
||||
let(:current_user) { nil }
|
||||
|
||||
it { is_expected.to be_empty }
|
||||
it { is_expected.to be_banned }
|
||||
end
|
||||
|
||||
context 'guests' do
|
||||
|
|
@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do
|
|||
end
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.not_to include(*reporter_public_build_permissions)
|
||||
is_expected.not_to include(*team_member_reporter_permissions)
|
||||
is_expected.not_to include(*developer_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_disallowed(*reporter_public_build_permissions)
|
||||
expect_disallowed(*team_member_reporter_permissions)
|
||||
expect_disallowed(*developer_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
|
||||
context 'public builds enabled' do
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.to include(:read_build, :read_pipeline)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(:read_build, :read_pipeline)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do
|
|||
end
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.not_to include(:read_build, :read_pipeline)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_disallowed(:read_build, :read_pipeline)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do
|
|||
let(:current_user) { reporter }
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*team_member_reporter_permissions)
|
||||
is_expected.not_to include(*developer_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*team_member_reporter_permissions)
|
||||
expect_disallowed(*developer_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do
|
|||
let(:current_user) { dev }
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*team_member_reporter_permissions)
|
||||
is_expected.to include(*developer_permissions)
|
||||
is_expected.not_to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*team_member_reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_disallowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do
|
|||
let(:current_user) { master }
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*team_member_reporter_permissions)
|
||||
is_expected.to include(*developer_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.not_to include(*owner_permissions)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*team_member_reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_disallowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do
|
|||
let(:current_user) { owner }
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.to include(*team_member_reporter_permissions)
|
||||
is_expected.to include(*developer_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.to include(*owner_permissions)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_allowed(*team_member_reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_allowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do
|
|||
let(:current_user) { admin }
|
||||
|
||||
it do
|
||||
is_expected.to include(*guest_permissions)
|
||||
is_expected.to include(*reporter_permissions)
|
||||
is_expected.not_to include(*team_member_reporter_permissions)
|
||||
is_expected.to include(*developer_permissions)
|
||||
is_expected.to include(*master_permissions)
|
||||
is_expected.to include(*owner_permissions)
|
||||
expect_allowed(*guest_permissions)
|
||||
expect_allowed(*reporter_permissions)
|
||||
expect_disallowed(*team_member_reporter_permissions)
|
||||
expect_allowed(*developer_permissions)
|
||||
expect_allowed(*master_permissions)
|
||||
expect_allowed(*owner_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do
|
|||
def abilities(user, snippet_visibility)
|
||||
snippet = create(:project_snippet, snippet_visibility, project: project)
|
||||
|
||||
described_class.abilities(user, snippet).to_set
|
||||
described_class.new(user, snippet)
|
||||
end
|
||||
|
||||
def expect_allowed(*permissions)
|
||||
permissions.each { |p| is_expected.to be_allowed(p) }
|
||||
end
|
||||
|
||||
def expect_disallowed(*permissions)
|
||||
permissions.each { |p| is_expected.not_to be_allowed(p) }
|
||||
end
|
||||
|
||||
context 'public snippet' do
|
||||
|
|
@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(nil, :public) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(regular_user, :public) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(external_user, :public) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(nil, :internal) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_disallowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(regular_user, :internal) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(external_user, :internal) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_disallowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
end
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(nil, :private) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_disallowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(regular_user, :private) }
|
||||
|
||||
it do
|
||||
is_expected.not_to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_disallowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
context 'snippet author' do
|
||||
let(:snippet) { create(:project_snippet, :private, author: regular_user, project: project) }
|
||||
|
||||
subject { described_class.abilities(regular_user, snippet).to_set }
|
||||
subject { described_class(regular_user, snippet) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_allowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
end
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
end
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.not_to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_disallowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do
|
|||
subject { abilities(create(:admin), :private) }
|
||||
|
||||
it do
|
||||
is_expected.to include(:read_project_snippet)
|
||||
is_expected.to include(*author_permissions)
|
||||
expect_allowed(:read_project_snippet)
|
||||
expect_allowed(*author_permissions)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -4,34 +4,34 @@ describe UserPolicy, models: true do
|
|||
let(:current_user) { create(:user) }
|
||||
let(:user) { create(:user) }
|
||||
|
||||
subject { described_class.abilities(current_user, user).to_set }
|
||||
subject { UserPolicy.new(current_user, user) }
|
||||
|
||||
describe "reading a user's information" do
|
||||
it { is_expected.to include(:read_user) }
|
||||
it { is_expected.to be_allowed(:read_user) }
|
||||
end
|
||||
|
||||
describe "destroying a user" do
|
||||
context "when a regular user tries to destroy another regular user" do
|
||||
it { is_expected.not_to include(:destroy_user) }
|
||||
it { is_expected.not_to be_allowed(:destroy_user) }
|
||||
end
|
||||
|
||||
context "when a regular user tries to destroy themselves" do
|
||||
let(:current_user) { user }
|
||||
|
||||
it { is_expected.to include(:destroy_user) }
|
||||
it { is_expected.to be_allowed(:destroy_user) }
|
||||
end
|
||||
|
||||
context "when an admin user tries to destroy a regular user" do
|
||||
let(:current_user) { create(:user, :admin) }
|
||||
|
||||
it { is_expected.to include(:destroy_user) }
|
||||
it { is_expected.to be_allowed(:destroy_user) }
|
||||
end
|
||||
|
||||
context "when an admin user tries to destroy a ghost user" do
|
||||
let(:current_user) { create(:user, :admin) }
|
||||
let(:user) { create(:user, :ghost) }
|
||||
|
||||
it { is_expected.not_to include(:destroy_user) }
|
||||
it { is_expected.not_to be_allowed(:destroy_user) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue