update the specs to not require a set to be returned

963b374d · http://jneen.net/ · 80d6e5bb · 963b374d · 963b374d · 963b374d
Commit 963b374d authored Apr 06, 2017 by http://jneen.net/
12 changed files
--- a/spec/models/ability_spec.rb
+++ b/spec/models/ability_spec.rb
@@ -2,8 +2,8 @@ require 'spec_helper'
 describe Ability, lib: true do
  context 'using a nil subject' do
-    it 'is always empty' do
+    it 'has no permissions' do
-      expect(Ability.allowed(nil, nil).to_set).to be_empty
+      expect(Ability.policy_for(nil, nil)).to be_banned
    end
  end
@@ -255,12 +255,15 @@ describe Ability, lib: true do
  describe '.project_disabled_features_rules' do
    let(:project) { create(:empty_project, :wiki_disabled) }
-    subject { described_class.allowed(project.owner, project) }
+    subject { described_class.policy_for(project.owner, project) }
    context 'wiki named abilities' do
      it 'disables wiki abilities if the project has no wiki' do
        expect(project).to receive(:has_external_wiki?).and_return(false)
-        expect(subject).not_to include(:read_wiki, :create_wiki, :update_wiki, :admin_wiki)
+        expect(subject).not_to be_allowed(:read_wiki)
+        expect(subject).not_to be_allowed(:create_wiki)
+        expect(subject).not_to be_allowed(:update_wiki)
+        expect(subject).not_to be_allowed(:admin_wiki)
      end
    end
  end

--- a/spec/policies/base_policy_spec.rb
+++ b/spec/policies/base_policy_spec.rb
@@ -3,17 +3,17 @@ require 'spec_helper'
 describe BasePolicy, models: true do
  describe '.class_for' do
    it 'detects policy class based on the subject ancestors' do
-      expect(described_class.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy)
+      expect(DeclarativePolicy.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy)
    end
    it 'detects policy class for a presented subject' do
      presentee = Ci::BuildPresenter.new(Ci::Build.new)
-      expect(described_class.class_for(presentee)).to eq(Ci::BuildPolicy)
+      expect(DeclarativePolicy.class_for(presentee)).to eq(Ci::BuildPolicy)
    end
    it 'uses GlobalPolicy when :global is given' do
-      expect(described_class.class_for(:global)).to eq(GlobalPolicy)
+      expect(DeclarativePolicy.class_for(:global)).to eq(GlobalPolicy)
    end
  end
 end
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do
  let(:build) { create(:ci_build, pipeline: pipeline) }
  let(:pipeline) { create(:ci_empty_pipeline, project: project) }
-  let(:policies) do
+  let(:policy) do
-    described_class.abilities(user, build).to_set
+    described_class.new(user, build)
  end
  shared_context 'public pipelines disabled' do
@@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do
      context 'when public builds are enabled' do
        it 'does not include ability to read build' do
-          expect(policies).not_to include :read_build
+          expect(policy).not_to be_allowed :read_build
        end
      end
@@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do
        include_context 'public pipelines disabled'
        it 'does not include ability to read build' do
-          expect(policies).not_to include :read_build
+          expect(policy).not_to be_allowed :read_build
        end
      end
    end
@@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do
      context 'when public builds are enabled' do
        it 'includes ability to read build' do
-          expect(policies).to include :read_build
+          expect(policy).to be_allowed :read_build
        end
      end
@@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do
        include_context 'public pipelines disabled'
        it 'does not include ability to read build' do
-          expect(policies).not_to include :read_build
+          expect(policy).not_to be_allowed :read_build
        end
      end
    end
@@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do
        context 'when public builds are enabled' do
          it 'includes ability to read build' do
-            expect(policies).to include :read_build
+            expect(policy).to be_allowed :read_build
          end
        end
@@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do
          include_context 'public pipelines disabled'
          it 'does not include ability to read build' do
-            expect(policies).not_to include :read_build
+            expect(policy).not_to be_allowed :read_build
          end
        end
      end
@@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do
        context 'when public builds are enabled' do
          it 'includes ability to read build' do
-            expect(policies).to include :read_build
+            expect(policy).to be_allowed :read_build
          end
        end
@@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do
          include_context 'public pipelines disabled'
          it 'does not include ability to read build' do
-            expect(policies).to include :read_build
+            expect(policy).to be_allowed :read_build
          end
        end
      end
@@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do
          end
          it 'does not include ability to update build' do
-            expect(policies).not_to include :update_build
+            expect(policy).to be_disallowed :update_build
          end
        end
@@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do
          end
          it 'includes ability to update build' do
-            expect(policies).to include :update_build
+            expect(policy).to be_allowed :update_build
          end
        end
      end
@@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do
          let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
          it 'includes ability to update build' do
-            expect(policies).to include :update_build
+            expect(policy).to be_allowed :update_build
          end
        end
@@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do
          let(:build) { create(:ci_build, pipeline: pipeline) }
          it 'includes ability to update build' do
-            expect(policies).to include :update_build
+            expect(policy).to be_allowed :update_build
          end
        end
      end

--- a/spec/policies/ci/trigger_policy_spec.rb
+++ b/spec/policies/ci/trigger_policy_spec.rb
@@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do
  let(:trigger) { create(:ci_trigger, project: project, owner: owner) }
  let(:policies) do
-    described_class.abilities(user, trigger).to_set
+    described_class.new(user, trigger)
  end
  shared_examples 'allows to admin and manage trigger' do
    it 'does include ability to admin trigger' do
-      expect(policies).to include :admin_trigger
+      expect(policies).to be_allowed :admin_trigger
    end
    it 'does include ability to manage trigger' do
-      expect(policies).to include :manage_trigger
+      expect(policies).to be_allowed :manage_trigger
    end
  end
  shared_examples 'allows to manage trigger' do
    it 'does not include ability to admin trigger' do
-      expect(policies).not_to include :admin_trigger
+      expect(policies).not_to be_allowed :admin_trigger
    end
    it 'does include ability to manage trigger' do
-      expect(policies).to include :manage_trigger
+      expect(policies).to be_allowed :manage_trigger
    end
  end
  shared_examples 'disallows to admin and manage trigger' do
    it 'does not include ability to admin trigger' do
-      expect(policies).not_to include :admin_trigger
+      expect(policies).not_to be_allowed :admin_trigger
    end
    it 'does not include ability to manage trigger' do
-      expect(policies).not_to include :manage_trigger
+      expect(policies).not_to be_allowed :manage_trigger
    end
  end

--- a/spec/policies/deploy_key_policy_spec.rb
+++ b/spec/policies/deploy_key_policy_spec.rb
 require 'spec_helper'
 describe DeployKeyPolicy, models: true do
-  subject { described_class.abilities(current_user, deploy_key).to_set }
+  subject { described_class.new(current_user, deploy_key) }
  describe 'updating a deploy_key' do
    context 'when a regular user' do
@@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do
          project.deploy_keys << deploy_key
        end
-        it { is_expected.to include(:update_deploy_key) }
+        it { is_expected.to be_allowed(:update_deploy_key) }
      end
      context 'tries to update private deploy key attached to other project' do
@@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do
          other_project.deploy_keys << deploy_key
        end
-        it { is_expected.not_to include(:update_deploy_key) }
+        it { is_expected.to be_disallowed(:update_deploy_key) }
      end
      context 'tries to update public deploy key' do
        let(:deploy_key) { create(:another_deploy_key, public: true) }
-        it { is_expected.not_to include(:update_deploy_key) }
+        it { is_expected.to be_disallowed(:update_deploy_key) }
      end
    end
@@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do
      context ' tries to update private deploy key' do
        let(:deploy_key) { create(:deploy_key, public: false) }
-        it { is_expected.to include(:update_deploy_key) }
+        it { is_expected.to be_allowed(:update_deploy_key) }
      end
      context 'when an admin user tries to update public deploy key' do
        let(:deploy_key) { create(:another_deploy_key, public: true) }
-        it { is_expected.to include(:update_deploy_key) }
+        it { is_expected.to be_allowed(:update_deploy_key) }
      end
    end
  end

--- a/spec/policies/environment_policy_spec.rb
+++ b/spec/policies/environment_policy_spec.rb
@@ -8,8 +8,8 @@ describe EnvironmentPolicy do
    create(:environment, :with_review_app, project: project)
  end
-  let(:policies) do
+  let(:policy) do
-    described_class.abilities(user, environment).to_set
+    described_class.new(user, environment)
  end
  describe '#rules' do
@@ -17,7 +17,7 @@ describe EnvironmentPolicy do
      let(:project) { create(:project, :private) }
      it 'does not include ability to stop environment' do
-        expect(policies).not_to include :stop_environment
+        expect(policy).to be_disallowed :stop_environment
      end
    end
@@ -25,7 +25,7 @@ describe EnvironmentPolicy do
      let(:project) { create(:project, :public) }
      it 'does not include ability to stop environment' do
-        expect(policies).not_to include :stop_environment
+        expect(policy).to be_disallowed :stop_environment
      end
    end
@@ -38,7 +38,7 @@ describe EnvironmentPolicy do
      context 'when team member has ability to stop environment' do
        it 'does includes ability to stop environment' do
-          expect(policies).to include :stop_environment
+          expect(policy).to be_allowed :stop_environment
        end
      end
@@ -49,7 +49,7 @@ describe EnvironmentPolicy do
        end
        it 'does not include ability to stop environment' do
-          expect(policies).not_to include :stop_environment
+          expect(policy).to be_disallowed :stop_environment
        end
      end
    end

--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -36,16 +36,24 @@ describe GroupPolicy, models: true do
    group.add_owner(owner)
  end
-  subject { described_class.abilities(current_user, group).to_set }
+  subject { described_class.new(current_user, group) }
+  def expect_allowed(*permissions)
+    permissions.each { |p| is_expected.to be_allowed(p) }
+  end
+  def expect_disallowed(*permissions)
+    permissions.each { |p| is_expected.not_to be_allowed(p) }
+  end
  context 'with no user' do
    let(:current_user) { nil }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.not_to include(*reporter_permissions)
+      expect_disallowed(*reporter_permissions)
-      is_expected.not_to include(*master_permissions)
+      expect_disallowed(*master_permissions)
-      is_expected.not_to include(*owner_permissions)
+      expect_disallowed(*owner_permissions)
    end
  end
@@ -53,10 +61,10 @@ describe GroupPolicy, models: true do
    let(:current_user) { guest }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.not_to include(*reporter_permissions)
+      expect_disallowed(*reporter_permissions)
-      is_expected.not_to include(*master_permissions)
+      expect_disallowed(*master_permissions)
-      is_expected.not_to include(*owner_permissions)
+      expect_disallowed(*owner_permissions)
    end
  end
@@ -64,10 +72,10 @@ describe GroupPolicy, models: true do
    let(:current_user) { reporter }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.to include(*reporter_permissions)
+      expect_allowed(*reporter_permissions)
-      is_expected.not_to include(*master_permissions)
+      expect_disallowed(*master_permissions)
-      is_expected.not_to include(*owner_permissions)
+      expect_disallowed(*owner_permissions)
    end
  end
@@ -75,10 +83,10 @@ describe GroupPolicy, models: true do
    let(:current_user) { developer }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.to include(*reporter_permissions)
+      expect_allowed(*reporter_permissions)
-      is_expected.not_to include(*master_permissions)
+      expect_disallowed(*master_permissions)
-      is_expected.not_to include(*owner_permissions)
+      expect_disallowed(*owner_permissions)
    end
  end
@@ -86,10 +94,10 @@ describe GroupPolicy, models: true do
    let(:current_user) { master }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.to include(*reporter_permissions)
+      expect_allowed(*reporter_permissions)
-      is_expected.to include(*master_permissions)
+      expect_allowed(*master_permissions)
-      is_expected.not_to include(*owner_permissions)
+      expect_disallowed(*owner_permissions)
    end
  end
@@ -97,10 +105,10 @@ describe GroupPolicy, models: true do
    let(:current_user) { owner }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.to include(*reporter_permissions)
+      expect_allowed(*reporter_permissions)
-      is_expected.to include(*master_permissions)
+      expect_allowed(*master_permissions)
-      is_expected.to include(*owner_permissions)
+      expect_allowed(*owner_permissions)
    end
  end
@@ -108,10 +116,10 @@ describe GroupPolicy, models: true do
    let(:current_user) { admin }
    it do
-      is_expected.to include(:read_group)
+      expect_allowed(:read_group)
-      is_expected.to include(*reporter_permissions)
+      expect_allowed(*reporter_permissions)
-      is_expected.to include(*master_permissions)
+      expect_allowed(*master_permissions)
-      is_expected.to include(*owner_permissions)
+      expect_allowed(*owner_permissions)
    end
  end
@@ -130,16 +138,16 @@ describe GroupPolicy, models: true do
      nested_group.add_owner(owner)
    end
-    subject { described_class.abilities(current_user, nested_group).to_set }
+    subject { described_class.new(current_user, nested_group) }
    context 'with no user' do
      let(:current_user) { nil }
      it do
-        is_expected.not_to include(:read_group)
+        expect_disallowed(:read_group)
-        is_expected.not_to include(*reporter_permissions)
+        expect_disallowed(*reporter_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -147,10 +155,10 @@ describe GroupPolicy, models: true do
      let(:current_user) { guest }
      it do
-        is_expected.to include(:read_group)
+        expect_allowed(:read_group)
-        is_expected.not_to include(*reporter_permissions)
+        expect_disallowed(*reporter_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -158,10 +166,10 @@ describe GroupPolicy, models: true do
      let(:current_user) { reporter }
      it do
-        is_expected.to include(:read_group)
+        expect_allowed(:read_group)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -169,10 +177,10 @@ describe GroupPolicy, models: true do
      let(:current_user) { developer }
      it do
-        is_expected.to include(:read_group)
+        expect_allowed(:read_group)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -180,10 +188,10 @@ describe GroupPolicy, models: true do
      let(:current_user) { master }
      it do
-        is_expected.to include(:read_group)
+        expect_allowed(:read_group)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.to include(*master_permissions)
+        expect_allowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -191,10 +199,10 @@ describe GroupPolicy, models: true do
      let(:current_user) { owner }
      it do
-        is_expected.to include(:read_group)
+        expect_allowed(:read_group)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.to include(*master_permissions)
+        expect_allowed(*master_permissions)
-        is_expected.to include(*owner_permissions)
+        expect_allowed(*owner_permissions)
      end
    end
  end

--- a/spec/policies/issue_policy_spec.rb
+++ b/spec/policies/issue_policy_spec.rb
--- a/spec/policies/personal_snippet_policy_spec.rb
+++ b/spec/policies/personal_snippet_policy_spec.rb
@@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do
  end
  def permissions(user)
-    described_class.abilities(user, snippet).to_set
+    described_class.new(user, snippet)
  end
  context 'public snippet' do
@@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(nil) }
      it do
-        is_expected.to include(:read_personal_snippet)
+        is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.not_to include(:comment_personal_snippet)
+        is_expected.to be_disallowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(regular_user) }
      it do
-        is_expected.to include(:read_personal_snippet)
+        is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to include(:comment_personal_snippet)
+        is_expected.to be_allowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(snippet.author) }
      it do
-        is_expected.to include(:read_personal_snippet)
+        is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to include(:comment_personal_snippet)
+        is_expected.to be_allowed(:comment_personal_snippet)
-        is_expected.to include(*author_permissions)
+        is_expected.to be_allowed(*author_permissions)
      end
    end
  end
@@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(nil) }
      it do
-        is_expected.not_to include(:read_personal_snippet)
+        is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.not_to include(:comment_personal_snippet)
+        is_expected.to be_disallowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(regular_user) }
      it do
-        is_expected.to include(:read_personal_snippet)
+        is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to include(:comment_personal_snippet)
+        is_expected.to be_allowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(external_user) }
      it do
-        is_expected.not_to include(:read_personal_snippet)
+        is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.not_to include(:comment_personal_snippet)
+        is_expected.to be_disallowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(snippet.author) }
      it do
-        is_expected.to include(:read_personal_snippet)
+        is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to include(:comment_personal_snippet)
+        is_expected.to be_allowed(:comment_personal_snippet)
-        is_expected.to include(*author_permissions)
+        is_expected.to be_allowed(*author_permissions)
      end
    end
  end
@@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(nil) }
      it do
-        is_expected.not_to include(:read_personal_snippet)
+        is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.not_to include(:comment_personal_snippet)
+        is_expected.to be_disallowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(regular_user) }
      it do
-        is_expected.not_to include(:read_personal_snippet)
+        is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.not_to include(:comment_personal_snippet)
+        is_expected.to be_disallowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(external_user) }
      it do
-        is_expected.not_to include(:read_personal_snippet)
+        is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.not_to include(:comment_personal_snippet)
+        is_expected.to be_disallowed(:comment_personal_snippet)
-        is_expected.not_to include(*author_permissions)
+        is_expected.to be_disallowed(*author_permissions)
      end
    end
@@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do
      subject { permissions(snippet.author) }
      it do
-        is_expected.to include(:read_personal_snippet)
+        is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to include(:comment_personal_snippet)
+        is_expected.to be_allowed(:comment_personal_snippet)
-        is_expected.to include(*author_permissions)
+        is_expected.to be_allowed(*author_permissions)
      end
    end
  end

--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do
    project.team << [reporter, :reporter]
  end
+  def expect_allowed(*permissions)
+    permissions.each { |p| is_expected.to be_allowed(p) }
+  end
+  def expect_disallowed(*permissions)
+    permissions.each { |p| is_expected.not_to be_allowed(p) }
+  end
  it 'does not include the read_issue permission when the issue author is not a member of the private project' do
    project = create(:empty_project, :private)
    issue   = create(:issue, project: project)
    user    = issue.author
-    expect(project.team.member?(issue.author)).to eq(false)
+    expect(project.team.member?(issue.author)).to be false
-    expect(BasePolicy.class_for(project).abilities(user, project).can_set)
-      .not_to include(:read_issue)
-    expect(Ability.allowed?(user, :read_issue, project)).to be_falsy
+    expect(Ability).not_to be_allowed(user, :read_issue, project)
  end
-  it 'does not include the wiki permissions when the feature is disabled' do
+  context 'when the feature is disabled' do
-    project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED)
+    subject { described_class.new(owner, project) }
-    wiki_permissions = [:read_wiki, :create_wiki, :update_wiki, :admin_wiki, :download_wiki_code]
-    permissions = described_class.abilities(owner, project).to_set
+    before do
+      project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED)
+    end
-    expect(permissions).not_to include(*wiki_permissions)
+    it 'does not include the wiki permissions' do
+      expect_disallowed :read_wiki, :create_wiki, :update_wiki, :admin_wiki, :download_wiki_code
+    end
  end
  context 'abilities for non-public projects' do
    let(:project) { create(:empty_project, namespace: owner.namespace) }
-    subject { described_class.abilities(current_user, project).to_set }
+    subject { described_class.new(current_user, project) }
    context 'with no user' do
      let(:current_user) { nil }
-      it { is_expected.to be_empty }
+      it { is_expected.to be_banned }
    end
    context 'guests' do
@@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do
      end
      it do
-        is_expected.to include(*guest_permissions)
+        expect_allowed(*guest_permissions)
-        is_expected.not_to include(*reporter_public_build_permissions)
+        expect_disallowed(*reporter_public_build_permissions)
-        is_expected.not_to include(*team_member_reporter_permissions)
+        expect_disallowed(*team_member_reporter_permissions)
-        is_expected.not_to include(*developer_permissions)
+        expect_disallowed(*developer_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
      context 'public builds enabled' do
        it do
-          is_expected.to include(*guest_permissions)
+          expect_allowed(*guest_permissions)
-          is_expected.to include(:read_build, :read_pipeline)
+          expect_allowed(:read_build, :read_pipeline)
        end
      end
@@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do
        end
        it do
-          is_expected.to include(*guest_permissions)
+          expect_allowed(*guest_permissions)
-          is_expected.not_to include(:read_build, :read_pipeline)
+          expect_disallowed(:read_build, :read_pipeline)
        end
      end
@@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do
      let(:current_user) { reporter }
      it do
-        is_expected.to include(*guest_permissions)
+        expect_allowed(*guest_permissions)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.to include(*team_member_reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.not_to include(*developer_permissions)
+        expect_allowed(*team_member_reporter_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*developer_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*master_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do
      let(:current_user) { dev }
      it do
-        is_expected.to include(*guest_permissions)
+        expect_allowed(*guest_permissions)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.to include(*team_member_reporter_permissions)
+        expect_allowed(*team_member_reporter_permissions)
-        is_expected.to include(*developer_permissions)
+        expect_allowed(*developer_permissions)
-        is_expected.not_to include(*master_permissions)
+        expect_disallowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do
      let(:current_user) { master }
      it do
-        is_expected.to include(*guest_permissions)
+        expect_allowed(*guest_permissions)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.to include(*team_member_reporter_permissions)
+        expect_allowed(*team_member_reporter_permissions)
-        is_expected.to include(*developer_permissions)
+        expect_allowed(*developer_permissions)
-        is_expected.to include(*master_permissions)
+        expect_allowed(*master_permissions)
-        is_expected.not_to include(*owner_permissions)
+        expect_disallowed(*owner_permissions)
      end
    end
@@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do
      let(:current_user) { owner }
      it do
-        is_expected.to include(*guest_permissions)
+        expect_allowed(*guest_permissions)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.to include(*team_member_reporter_permissions)
+        expect_allowed(*team_member_reporter_permissions)
-        is_expected.to include(*developer_permissions)
+        expect_allowed(*developer_permissions)
-        is_expected.to include(*master_permissions)
+        expect_allowed(*master_permissions)
-        is_expected.to include(*owner_permissions)
+        expect_allowed(*owner_permissions)
      end
    end
@@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do
      let(:current_user) { admin }
      it do
-        is_expected.to include(*guest_permissions)
+        expect_allowed(*guest_permissions)
-        is_expected.to include(*reporter_permissions)
+        expect_allowed(*reporter_permissions)
-        is_expected.not_to include(*team_member_reporter_permissions)
+        expect_disallowed(*team_member_reporter_permissions)
-        is_expected.to include(*developer_permissions)
+        expect_allowed(*developer_permissions)
-        is_expected.to include(*master_permissions)
+        expect_allowed(*master_permissions)
-        is_expected.to include(*owner_permissions)
+        expect_allowed(*owner_permissions)
      end
    end
  end

--- a/spec/policies/project_snippet_policy_spec.rb
+++ b/spec/policies/project_snippet_policy_spec.rb
@@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do
  def abilities(user, snippet_visibility)
    snippet = create(:project_snippet, snippet_visibility, project: project)
-    described_class.abilities(user, snippet).to_set
+    described_class.new(user, snippet)
+  end
+  def expect_allowed(*permissions)
+    permissions.each { |p| is_expected.to be_allowed(p) }
+  end
+  def expect_disallowed(*permissions)
+    permissions.each { |p| is_expected.not_to be_allowed(p) }
  end
  context 'public snippet' do
@@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(nil, :public) }
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(regular_user, :public) }
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(external_user, :public) }
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
  end
@@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(nil, :internal) }
      it do
-        is_expected.not_to include(:read_project_snippet)
+        expect_disallowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(regular_user, :internal) }
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(external_user, :internal) }
      it do
-        is_expected.not_to include(:read_project_snippet)
+        expect_disallowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do
      end
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
  end
@@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(nil, :private) }
      it do
-        is_expected.not_to include(:read_project_snippet)
+        expect_disallowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(regular_user, :private) }
      it do
-        is_expected.not_to include(:read_project_snippet)
+        expect_disallowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
    context 'snippet author' do
      let(:snippet) { create(:project_snippet, :private, author: regular_user, project: project) }
-      subject { described_class.abilities(regular_user, snippet).to_set }
+      subject { described_class(regular_user, snippet) }
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.to include(*author_permissions)
+        expect_allowed(*author_permissions)
      end
    end
@@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do
      end
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do
      end
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.not_to include(*author_permissions)
+        expect_disallowed(*author_permissions)
      end
    end
@@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do
      subject { abilities(create(:admin), :private) }
      it do
-        is_expected.to include(:read_project_snippet)
+        expect_allowed(:read_project_snippet)
-        is_expected.to include(*author_permissions)
+        expect_allowed(*author_permissions)
      end
    end
  end

--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -4,34 +4,34 @@ describe UserPolicy, models: true do
  let(:current_user) { create(:user) }
  let(:user) { create(:user) }
-  subject { described_class.abilities(current_user, user).to_set }
+  subject { UserPolicy.new(current_user, user) }
  describe "reading a user's information" do
-    it { is_expected.to include(:read_user) }
+    it { is_expected.to be_allowed(:read_user) }
  end
  describe "destroying a user" do
    context "when a regular user tries to destroy another regular user" do
-      it { is_expected.not_to include(:destroy_user) }
+      it { is_expected.not_to be_allowed(:destroy_user) }
    end
    context "when a regular user tries to destroy themselves" do
      let(:current_user) { user }
-      it { is_expected.to include(:destroy_user) }
+      it { is_expected.to be_allowed(:destroy_user) }
    end
    context "when an admin user tries to destroy a regular user" do
      let(:current_user) { create(:user, :admin) }
-      it { is_expected.to include(:destroy_user) }
+      it { is_expected.to be_allowed(:destroy_user) }
    end
    context "when an admin user tries to destroy a ghost user" do
      let(:current_user) { create(:user, :admin) }
      let(:user) { create(:user, :ghost) }
-      it { is_expected.not_to include(:destroy_user) }
+      it { is_expected.not_to be_allowed(:destroy_user) }
    end
  end
 end