gitlab-org--gitlab-foss/spec/policies/clusters/cluster_policy_spec.rb
Thong Kuah dcf0caaa06 Add policy for clusters on group level
- maintainer for group can read, create, update, and admin cluster
- project user, at any level, cannot do anything with group cluster
2018-11-08 23:14:06 +13:00

70 lines
1.8 KiB
Ruby

require 'spec_helper'
describe Clusters::ClusterPolicy, :models do
let(:cluster) { create(:cluster, :project) }
let(:project) { cluster.project }
let(:user) { create(:user) }
let(:policy) { described_class.new(user, cluster) }
describe 'rules' do
context 'when developer' do
before do
project.add_developer(user)
end
it { expect(policy).to be_disallowed :update_cluster }
it { expect(policy).to be_disallowed :admin_cluster }
end
context 'when maintainer' do
before do
project.add_maintainer(user)
end
it { expect(policy).to be_allowed :update_cluster }
it { expect(policy).to be_allowed :admin_cluster }
end
context 'group cluster' do
let(:cluster) { create(:cluster, :group) }
let(:group) { cluster.group }
let(:project) { create(:project, namespace: group) }
context 'when group developer' do
before do
group.add_developer(user)
end
it { expect(policy).to be_disallowed :update_cluster }
it { expect(policy).to be_disallowed :admin_cluster }
end
context 'when group maintainer' do
before do
group.add_maintainer(user)
end
it { expect(policy).to be_allowed :update_cluster }
it { expect(policy).to be_allowed :admin_cluster }
end
context 'when project maintainer' do
before do
project.add_maintainer(user)
end
it { expect(policy).to be_disallowed :update_cluster }
it { expect(policy).to be_disallowed :admin_cluster }
end
context 'when project developer' do
before do
project.add_developer(user)
end
it { expect(policy).to be_disallowed :update_cluster }
it { expect(policy).to be_disallowed :admin_cluster }
end
end
end
end