gitlab-org--gitlab-foss/spec/policies/design_management/design_policy_spec.rb

200 lines
5.6 KiB
Ruby

# frozen_string_literal: true
require "spec_helper"
RSpec.describe DesignManagement::DesignPolicy do
include DesignManagementTestHelpers
let(:guest_design_abilities) { %i[read_design] }
let(:developer_design_abilities) { %i[create_design destroy_design move_design] }
let(:design_abilities) { guest_design_abilities + developer_design_abilities }
let_it_be(:guest) { create(:user) }
let_it_be(:reporter) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:owner) { create(:user) }
let_it_be(:admin) { create(:admin) }
let_it_be(:project) { create(:project, :public, namespace: owner.namespace) }
let_it_be(:issue) { create(:issue, project: project) }
let(:design) { create(:design, issue: issue) }
subject(:design_policy) { described_class.new(current_user, design) }
before_all do
project.add_guest(guest)
project.add_maintainer(maintainer)
project.add_developer(developer)
project.add_reporter(reporter)
end
shared_examples_for "design abilities not available" do
context "for owners" do
let(:current_user) { owner }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for admins" do
let(:current_user) { admin }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for maintainers" do
let(:current_user) { maintainer }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for developers" do
let(:current_user) { developer }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for reporters" do
let(:current_user) { reporter }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for guests" do
let(:current_user) { guest }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for anonymous users" do
let(:current_user) { nil }
it { is_expected.to be_disallowed(*design_abilities) }
end
end
shared_examples_for "design abilities available for members" do
context "for owners" do
let(:current_user) { owner }
it { is_expected.to be_allowed(*design_abilities) }
end
context "for admins" do
let(:current_user) { admin }
context "when admin mode enabled", :enable_admin_mode do
it { is_expected.to be_allowed(*design_abilities) }
end
context "when admin mode disabled" do
it { is_expected.to be_allowed(*guest_design_abilities) }
it { is_expected.to be_disallowed(*developer_design_abilities) }
end
end
context "for maintainers" do
let(:current_user) { maintainer }
it { is_expected.to be_allowed(*design_abilities) }
end
context "for developers" do
let(:current_user) { developer }
it { is_expected.to be_allowed(*design_abilities) }
end
context "for reporters" do
let(:current_user) { reporter }
it { is_expected.to be_allowed(*guest_design_abilities) }
it { is_expected.to be_disallowed(*developer_design_abilities) }
end
end
shared_examples_for "read-only design abilities" do
it { is_expected.to be_allowed(:read_design) }
it { is_expected.to be_disallowed(:create_design, :destroy_design) }
end
context "when DesignManagement is not enabled" do
before do
enable_design_management(false)
end
it_behaves_like "design abilities not available"
end
context "when the feature is available" do
before do
enable_design_management
end
it_behaves_like "design abilities available for members"
context 'when reorder_designs is not enabled' do
before do
stub_feature_flags(reorder_designs: false)
end
let(:current_user) { developer }
it { is_expected.to be_allowed(*(developer_design_abilities - [:move_design])) }
it { is_expected.to be_disallowed(:move_design) }
end
context "for guests in private projects" do
let_it_be(:project) { create(:project, :private) }
let(:current_user) { guest }
it { is_expected.to be_allowed(*guest_design_abilities) }
it { is_expected.to be_disallowed(*developer_design_abilities) }
end
context "for anonymous users in public projects" do
let(:current_user) { nil }
it { is_expected.to be_allowed(*guest_design_abilities) }
it { is_expected.to be_disallowed(*developer_design_abilities) }
end
context "when the issue is confidential" do
let_it_be(:issue) { create(:issue, :confidential, project: project) }
it_behaves_like "design abilities available for members"
context "for guests" do
let(:current_user) { guest }
it { is_expected.to be_disallowed(*design_abilities) }
end
context "for anonymous users" do
let(:current_user) { nil }
it { is_expected.to be_disallowed(*design_abilities) }
end
end
context "when the issue is locked" do
let_it_be(:issue) { create(:issue, :locked, project: project) }
let(:current_user) { owner }
it_behaves_like "read-only design abilities"
end
context "when the issue has moved" do
let_it_be(:issue) { create(:issue, project: project, moved_to: create(:issue)) }
let(:current_user) { owner }
it_behaves_like "read-only design abilities"
end
context "when the project is archived" do
let_it_be(:project) { create(:project, :public, :archived) }
let_it_be(:issue) { create(:issue, project: project) }
let(:current_user) { owner }
it_behaves_like "read-only design abilities"
end
end
end