292 lines
9.9 KiB
Ruby
292 lines
9.9 KiB
Ruby
# frozen_string_literal: true
|
||
|
||
require 'spec_helper'
|
||
|
||
RSpec.describe Groups::CreateService, '#execute' do
|
||
let!(:user) { create(:user) }
|
||
let!(:group_params) { { path: "group_path", visibility_level: Gitlab::VisibilityLevel::PUBLIC } }
|
||
|
||
subject { service.execute }
|
||
|
||
describe 'visibility level restrictions' do
|
||
let!(:service) { described_class.new(user, group_params) }
|
||
|
||
context "create groups without restricted visibility level" do
|
||
it { is_expected.to be_persisted }
|
||
end
|
||
|
||
context "cannot create group with restricted visibility level" do
|
||
before do
|
||
allow_any_instance_of(ApplicationSetting).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC])
|
||
end
|
||
|
||
it { is_expected.not_to be_persisted }
|
||
end
|
||
end
|
||
|
||
context 'when `setup_for_company:true` is passed' do
|
||
let(:params) { group_params.merge(setup_for_company: true) }
|
||
let(:service) { described_class.new(user, params) }
|
||
let(:created_group) { service.execute }
|
||
|
||
it 'creates group with the specified setup_for_company' do
|
||
expect(created_group.setup_for_company).to eq(true)
|
||
end
|
||
end
|
||
|
||
context 'creating a group with `default_branch_protection` attribute' do
|
||
let(:params) { group_params.merge(default_branch_protection: Gitlab::Access::PROTECTION_NONE) }
|
||
let(:service) { described_class.new(user, params) }
|
||
let(:created_group) { service.execute }
|
||
|
||
context 'for users who have the ability to create a group with `default_branch_protection`' do
|
||
it 'creates group with the specified branch protection level' do
|
||
expect(created_group.default_branch_protection).to eq(Gitlab::Access::PROTECTION_NONE)
|
||
end
|
||
end
|
||
|
||
context 'for users who do not have the ability to create a group with `default_branch_protection`' do
|
||
it 'does not create the group with the specified branch protection level' do
|
||
allow(Ability).to receive(:allowed?).and_call_original
|
||
allow(Ability).to receive(:allowed?).with(user, :create_group_with_default_branch_protection) { false }
|
||
|
||
expect(created_group.default_branch_protection).not_to eq(Gitlab::Access::PROTECTION_NONE)
|
||
end
|
||
end
|
||
end
|
||
|
||
context 'creating a group with `allow_mfa_for_subgroups` attribute' do
|
||
let(:params) { group_params.merge(allow_mfa_for_subgroups: false) }
|
||
let(:service) { described_class.new(user, params) }
|
||
|
||
it 'creates group without error' do
|
||
expect(service.execute).to be_persisted
|
||
end
|
||
end
|
||
|
||
describe 'creating a top level group' do
|
||
let(:service) { described_class.new(user, group_params) }
|
||
|
||
context 'when user can create a group' do
|
||
before do
|
||
user.update_attribute(:can_create_group, true)
|
||
end
|
||
|
||
it { is_expected.to be_persisted }
|
||
|
||
it 'adds an onboarding progress record' do
|
||
expect { subject }.to change(OnboardingProgress, :count).from(0).to(1)
|
||
end
|
||
end
|
||
|
||
context 'when user can not create a group' do
|
||
before do
|
||
user.update_attribute(:can_create_group, false)
|
||
end
|
||
|
||
it { is_expected.not_to be_persisted }
|
||
end
|
||
end
|
||
|
||
describe 'creating subgroup' do
|
||
let!(:group) { create(:group) }
|
||
let!(:service) { described_class.new(user, group_params.merge(parent_id: group.id)) }
|
||
|
||
context 'as group owner' do
|
||
before do
|
||
group.add_owner(user)
|
||
end
|
||
|
||
it { is_expected.to be_persisted }
|
||
|
||
it 'does not add an onboarding progress record' do
|
||
expect { subject }.not_to change(OnboardingProgress, :count).from(0)
|
||
end
|
||
end
|
||
|
||
context 'as guest' do
|
||
it 'does not save group and returns an error' do
|
||
is_expected.not_to be_persisted
|
||
|
||
expect(subject.errors[:parent_id].first).to eq(s_('CreateGroup|You don’t have permission to create a subgroup in this group.'))
|
||
expect(subject.parent_id).to be_nil
|
||
end
|
||
end
|
||
|
||
context 'as owner' do
|
||
before do
|
||
group.add_owner(user)
|
||
end
|
||
|
||
it { is_expected.to be_persisted }
|
||
end
|
||
|
||
context 'as maintainer' do
|
||
before do
|
||
group.add_maintainer(user)
|
||
end
|
||
|
||
it { is_expected.to be_persisted }
|
||
end
|
||
end
|
||
|
||
describe "when visibility level is passed as a string" do
|
||
let(:service) { described_class.new(user, group_params) }
|
||
let(:group_params) { { path: 'group_path', visibility: 'public' } }
|
||
|
||
it "assigns the correct visibility level" do
|
||
group = service.execute
|
||
|
||
expect(group.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
|
||
end
|
||
end
|
||
|
||
describe 'creating a mattermost team' do
|
||
let!(:params) { group_params.merge(create_chat_team: "true") }
|
||
let!(:service) { described_class.new(user, params) }
|
||
|
||
before do
|
||
stub_mattermost_setting(enabled: true)
|
||
end
|
||
|
||
it 'create the chat team with the group' do
|
||
allow_any_instance_of(::Mattermost::Team).to receive(:create)
|
||
.and_return({ 'name' => 'tanuki', 'id' => 'lskdjfwlekfjsdifjj' })
|
||
|
||
expect { subject }.to change { ChatTeam.count }.from(0).to(1)
|
||
end
|
||
end
|
||
|
||
describe 'creating a setting record' do
|
||
let(:service) { described_class.new(user, group_params) }
|
||
|
||
it 'create the settings record connected to the group' do
|
||
group = subject
|
||
expect(group.namespace_settings).to be_persisted
|
||
end
|
||
end
|
||
|
||
describe 'create service for the group' do
|
||
let(:service) { described_class.new(user, group_params) }
|
||
let(:created_group) { service.execute }
|
||
|
||
context 'with an active instance-level integration' do
|
||
let!(:instance_integration) { create(:prometheus_integration, :instance, api_url: 'https://prometheus.instance.com/') }
|
||
|
||
it 'creates a service from the instance-level integration' do
|
||
expect(created_group.integrations.count).to eq(1)
|
||
expect(created_group.integrations.first.api_url).to eq(instance_integration.api_url)
|
||
expect(created_group.integrations.first.inherit_from_id).to eq(instance_integration.id)
|
||
end
|
||
|
||
context 'with an active group-level integration' do
|
||
let(:service) { described_class.new(user, group_params.merge(parent_id: group.id)) }
|
||
let!(:group_integration) { create(:prometheus_integration, :group, group: group, api_url: 'https://prometheus.group.com/') }
|
||
let(:group) do
|
||
create(:group).tap do |group|
|
||
group.add_owner(user)
|
||
end
|
||
end
|
||
|
||
it 'creates a service from the group-level integration' do
|
||
expect(created_group.integrations.count).to eq(1)
|
||
expect(created_group.integrations.first.api_url).to eq(group_integration.api_url)
|
||
expect(created_group.integrations.first.inherit_from_id).to eq(group_integration.id)
|
||
end
|
||
|
||
context 'with an active subgroup' do
|
||
let(:service) { described_class.new(user, group_params.merge(parent_id: subgroup.id)) }
|
||
let!(:subgroup_integration) { create(:prometheus_integration, :group, group: subgroup, api_url: 'https://prometheus.subgroup.com/') }
|
||
let(:subgroup) do
|
||
create(:group, parent: group).tap do |subgroup|
|
||
subgroup.add_owner(user)
|
||
end
|
||
end
|
||
|
||
it 'creates a service from the subgroup-level integration' do
|
||
expect(created_group.integrations.count).to eq(1)
|
||
expect(created_group.integrations.first.api_url).to eq(subgroup_integration.api_url)
|
||
expect(created_group.integrations.first.inherit_from_id).to eq(subgroup_integration.id)
|
||
end
|
||
end
|
||
end
|
||
end
|
||
end
|
||
|
||
context 'shared runners configuration' do
|
||
context 'parent group present' do
|
||
using RSpec::Parameterized::TableSyntax
|
||
|
||
where(:shared_runners_config, :descendants_override_disabled_shared_runners_config) do
|
||
true | false
|
||
false | false
|
||
# true | true # invalid at the group level, leaving as comment to make explicit
|
||
false | true
|
||
end
|
||
|
||
with_them do
|
||
let!(:group) { create(:group, shared_runners_enabled: shared_runners_config, allow_descendants_override_disabled_shared_runners: descendants_override_disabled_shared_runners_config) }
|
||
let!(:service) { described_class.new(user, group_params.merge(parent_id: group.id)) }
|
||
|
||
before do
|
||
group.add_owner(user)
|
||
end
|
||
|
||
it 'creates group following the parent config' do
|
||
new_group = service.execute
|
||
|
||
expect(new_group.shared_runners_enabled).to eq(shared_runners_config)
|
||
expect(new_group.allow_descendants_override_disabled_shared_runners).to eq(descendants_override_disabled_shared_runners_config)
|
||
end
|
||
end
|
||
end
|
||
|
||
context 'root group' do
|
||
let!(:service) { described_class.new(user) }
|
||
|
||
it 'follows default config' do
|
||
new_group = service.execute
|
||
|
||
expect(new_group.shared_runners_enabled).to eq(true)
|
||
expect(new_group.allow_descendants_override_disabled_shared_runners).to eq(false)
|
||
end
|
||
end
|
||
end
|
||
|
||
describe 'invite team email' do
|
||
let(:service) { described_class.new(user, group_params) }
|
||
|
||
before do
|
||
allow(Namespaces::InviteTeamEmailWorker).to receive(:perform_in)
|
||
end
|
||
|
||
it 'is sent' do
|
||
group = service.execute
|
||
delay = Namespaces::InviteTeamEmailService::DELIVERY_DELAY_IN_MINUTES
|
||
expect(Namespaces::InviteTeamEmailWorker).to have_received(:perform_in).with(delay, group.id, user.id)
|
||
end
|
||
|
||
context 'when group has not been persisted' do
|
||
let(:service) { described_class.new(user, group_params.merge(name: '<script>alert("Attack!")</script>')) }
|
||
|
||
it 'not sent' do
|
||
expect(Namespaces::InviteTeamEmailWorker).not_to receive(:perform_in)
|
||
service.execute
|
||
end
|
||
end
|
||
|
||
context 'when group is not root' do
|
||
let(:parent_group) { create :group }
|
||
let(:service) { described_class.new(user, group_params.merge(parent_id: parent_group.id)) }
|
||
|
||
before do
|
||
parent_group.add_owner(user)
|
||
end
|
||
|
||
it 'not sent' do
|
||
expect(Namespaces::InviteTeamEmailWorker).not_to receive(:perform_in)
|
||
service.execute
|
||
end
|
||
end
|
||
end
|
||
end
|