require 'spec_helper' describe Gitlab::GitAccess do let(:access) { Gitlab::GitAccess.new } let(:project) { create(:project) } let(:user) { create(:user) } describe 'download_allowed?' do describe 'master permissions' do before { project.team << [user, :master] } context 'pull code' do subject { access.download_allowed?(user, project) } it { should be_true } end end describe 'guest permissions' do before { project.team << [user, :guest] } context 'pull code' do subject { access.download_allowed?(user, project) } it { should be_false } end end describe 'blocked user' do before do project.team << [user, :master] user.block end context 'pull code' do subject { access.download_allowed?(user, project) } it { should be_false } end end describe 'without acccess to project' do context 'pull code' do subject { access.download_allowed?(user, project) } it { should be_false } end end end describe 'push_allowed?' do def protect_feature_branch create(:protected_branch, name: 'feature', project: project) end def changes { push_new_branch: '000000000 570e7b2ab refs/heads/wow', push_master: '6f6d7e7ed 570e7b2ab refs/heads/master', push_protected_branch: '6f6d7e7ed 570e7b2ab refs/heads/feature', push_remove_protected_branch: '570e7b2ab 000000000 refs/heads/feature', push_tag: '6f6d7e7ed 570e7b2ab refs/tags/v1.0.0', push_new_tag: '000000000 570e7b2ab refs/tags/v7.8.9', push_all: ['6f6d7e7ed 570e7b2ab refs/heads/master', '6f6d7e7ed 570e7b2ab refs/heads/feature'] } end def self.permissions_matrix { master: { push_new_branch: true, push_master: true, push_protected_branch: true, push_remove_protected_branch: false, push_tag: true, push_new_tag: true, push_all: true, }, developer: { push_new_branch: true, push_master: true, push_protected_branch: false, push_remove_protected_branch: false, push_tag: false, push_new_tag: true, push_all: false, }, reporter: { push_new_branch: false, push_master: false, push_protected_branch: false, push_remove_protected_branch: false, push_tag: false, push_new_tag: false, push_all: false, }, guest: { push_new_branch: false, push_master: false, push_protected_branch: false, push_remove_protected_branch: false, push_tag: false, push_new_tag: false, push_all: false, } } end permissions_matrix.keys.each do |role| describe "#{role} access" do before { protect_feature_branch } before { project.team << [user, role] } permissions_matrix[role].each do |action, allowed| context action do subject { access.push_allowed?(user, project, changes[action]) } it { should allowed ? be_true : be_false } end end end end end end