gitlab-org--gitlab-foss/spec/policies/environment_policy_spec.rb

require 'spec_helper'

describe EnvironmentPolicy do
  using RSpec::Parameterized::TableSyntax

  let(:user) { create(:user) }

  let(:policy) do
    described_class.new(user, environment)
  end

  describe '#rules' do
    shared_examples 'project permissions' do
      context 'with stop action' do
        let(:environment) do
          create(:environment, :with_review_app, project: project)
        end

        where(:access_level, :allowed?) do
          nil         | false
          :guest      | false
          :reporter   | false
          :developer  | true
          :maintainer | true
        end

        with_them do
          before do
            project.add_user(user, access_level) unless access_level.nil?
          end

          it { expect(policy.allowed?(:stop_environment)).to be allowed? }
        end

        context 'when an admin user' do
          let(:user) { create(:user, :admin) }

          it { expect(policy).to be_allowed :stop_environment }
        end

        context 'with protected branch' do
          with_them do
            before do
              project.add_user(user, access_level) unless access_level.nil?
              create(:protected_branch, :no_one_can_push,
                     name: 'master', project: project)
            end

            it { expect(policy).to be_disallowed :stop_environment }
          end

          context 'when an admin user' do
            let(:user) { create(:user, :admin) }

            it { expect(policy).to be_allowed :stop_environment }
          end
        end
      end

      context 'without stop action' do
        let(:environment) do
          create(:environment, project: project)
        end

        where(:access_level, :allowed?) do
          nil         | false
          :guest      | false
          :reporter   | false
          :developer  | false
          :maintainer | true
        end

        with_them do
          before do
            project.add_user(user, access_level) unless access_level.nil?
          end

          it { expect(policy.allowed?(:stop_environment)).to be allowed? }
        end

        context 'when an admin user' do
          let(:user) { create(:user, :admin) }

          it { expect(policy).to be_allowed :stop_environment }
        end
      end
    end

    context 'when project is public' do
      let(:project) { create(:project, :public, :repository) }

      include_examples 'project permissions'
    end

    context 'when project is private' do
      let(:project) { create(:project, :private, :repository) }

      include_examples 'project permissions'
    end
  end
end