Commit 963b374d authored by http://jneen.net/'s avatar http://jneen.net/

update the specs to not require a set to be returned

parent 80d6e5bb
...@@ -2,8 +2,8 @@ require 'spec_helper' ...@@ -2,8 +2,8 @@ require 'spec_helper'
describe Ability, lib: true do describe Ability, lib: true do
context 'using a nil subject' do context 'using a nil subject' do
it 'is always empty' do it 'has no permissions' do
expect(Ability.allowed(nil, nil).to_set).to be_empty expect(Ability.policy_for(nil, nil)).to be_banned
end end
end end
...@@ -255,12 +255,15 @@ describe Ability, lib: true do ...@@ -255,12 +255,15 @@ describe Ability, lib: true do
describe '.project_disabled_features_rules' do describe '.project_disabled_features_rules' do
let(:project) { create(:empty_project, :wiki_disabled) } let(:project) { create(:empty_project, :wiki_disabled) }
subject { described_class.allowed(project.owner, project) } subject { described_class.policy_for(project.owner, project) }
context 'wiki named abilities' do context 'wiki named abilities' do
it 'disables wiki abilities if the project has no wiki' do it 'disables wiki abilities if the project has no wiki' do
expect(project).to receive(:has_external_wiki?).and_return(false) expect(project).to receive(:has_external_wiki?).and_return(false)
expect(subject).not_to include(:read_wiki, :create_wiki, :update_wiki, :admin_wiki) expect(subject).not_to be_allowed(:read_wiki)
expect(subject).not_to be_allowed(:create_wiki)
expect(subject).not_to be_allowed(:update_wiki)
expect(subject).not_to be_allowed(:admin_wiki)
end end
end end
end end
......
...@@ -3,17 +3,17 @@ require 'spec_helper' ...@@ -3,17 +3,17 @@ require 'spec_helper'
describe BasePolicy, models: true do describe BasePolicy, models: true do
describe '.class_for' do describe '.class_for' do
it 'detects policy class based on the subject ancestors' do it 'detects policy class based on the subject ancestors' do
expect(described_class.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy) expect(DeclarativePolicy.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy)
end end
it 'detects policy class for a presented subject' do it 'detects policy class for a presented subject' do
presentee = Ci::BuildPresenter.new(Ci::Build.new) presentee = Ci::BuildPresenter.new(Ci::Build.new)
expect(described_class.class_for(presentee)).to eq(Ci::BuildPolicy) expect(DeclarativePolicy.class_for(presentee)).to eq(Ci::BuildPolicy)
end end
it 'uses GlobalPolicy when :global is given' do it 'uses GlobalPolicy when :global is given' do
expect(described_class.class_for(:global)).to eq(GlobalPolicy) expect(DeclarativePolicy.class_for(:global)).to eq(GlobalPolicy)
end end
end end
end end
...@@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do ...@@ -5,8 +5,8 @@ describe Ci::BuildPolicy, :models do
let(:build) { create(:ci_build, pipeline: pipeline) } let(:build) { create(:ci_build, pipeline: pipeline) }
let(:pipeline) { create(:ci_empty_pipeline, project: project) } let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:policies) do let(:policy) do
described_class.abilities(user, build).to_set described_class.new(user, build)
end end
shared_context 'public pipelines disabled' do shared_context 'public pipelines disabled' do
...@@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do ...@@ -21,7 +21,7 @@ describe Ci::BuildPolicy, :models do
context 'when public builds are enabled' do context 'when public builds are enabled' do
it 'does not include ability to read build' do it 'does not include ability to read build' do
expect(policies).not_to include :read_build expect(policy).not_to be_allowed :read_build
end end
end end
...@@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do ...@@ -29,7 +29,7 @@ describe Ci::BuildPolicy, :models do
include_context 'public pipelines disabled' include_context 'public pipelines disabled'
it 'does not include ability to read build' do it 'does not include ability to read build' do
expect(policies).not_to include :read_build expect(policy).not_to be_allowed :read_build
end end
end end
end end
...@@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do ...@@ -39,7 +39,7 @@ describe Ci::BuildPolicy, :models do
context 'when public builds are enabled' do context 'when public builds are enabled' do
it 'includes ability to read build' do it 'includes ability to read build' do
expect(policies).to include :read_build expect(policy).to be_allowed :read_build
end end
end end
...@@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do ...@@ -47,7 +47,7 @@ describe Ci::BuildPolicy, :models do
include_context 'public pipelines disabled' include_context 'public pipelines disabled'
it 'does not include ability to read build' do it 'does not include ability to read build' do
expect(policies).not_to include :read_build expect(policy).not_to be_allowed :read_build
end end
end end
end end
...@@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do ...@@ -62,7 +62,7 @@ describe Ci::BuildPolicy, :models do
context 'when public builds are enabled' do context 'when public builds are enabled' do
it 'includes ability to read build' do it 'includes ability to read build' do
expect(policies).to include :read_build expect(policy).to be_allowed :read_build
end end
end end
...@@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do ...@@ -70,7 +70,7 @@ describe Ci::BuildPolicy, :models do
include_context 'public pipelines disabled' include_context 'public pipelines disabled'
it 'does not include ability to read build' do it 'does not include ability to read build' do
expect(policies).not_to include :read_build expect(policy).not_to be_allowed :read_build
end end
end end
end end
...@@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do ...@@ -82,7 +82,7 @@ describe Ci::BuildPolicy, :models do
context 'when public builds are enabled' do context 'when public builds are enabled' do
it 'includes ability to read build' do it 'includes ability to read build' do
expect(policies).to include :read_build expect(policy).to be_allowed :read_build
end end
end end
...@@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do ...@@ -90,7 +90,7 @@ describe Ci::BuildPolicy, :models do
include_context 'public pipelines disabled' include_context 'public pipelines disabled'
it 'does not include ability to read build' do it 'does not include ability to read build' do
expect(policies).to include :read_build expect(policy).to be_allowed :read_build
end end
end end
end end
...@@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do ...@@ -115,7 +115,7 @@ describe Ci::BuildPolicy, :models do
end end
it 'does not include ability to update build' do it 'does not include ability to update build' do
expect(policies).not_to include :update_build expect(policy).to be_disallowed :update_build
end end
end end
...@@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do ...@@ -125,7 +125,7 @@ describe Ci::BuildPolicy, :models do
end end
it 'includes ability to update build' do it 'includes ability to update build' do
expect(policies).to include :update_build expect(policy).to be_allowed :update_build
end end
end end
end end
...@@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do ...@@ -135,7 +135,7 @@ describe Ci::BuildPolicy, :models do
let(:build) { create(:ci_build, :manual, pipeline: pipeline) } let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
it 'includes ability to update build' do it 'includes ability to update build' do
expect(policies).to include :update_build expect(policy).to be_allowed :update_build
end end
end end
...@@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do ...@@ -143,7 +143,7 @@ describe Ci::BuildPolicy, :models do
let(:build) { create(:ci_build, pipeline: pipeline) } let(:build) { create(:ci_build, pipeline: pipeline) }
it 'includes ability to update build' do it 'includes ability to update build' do
expect(policies).to include :update_build expect(policy).to be_allowed :update_build
end end
end end
end end
......
...@@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do ...@@ -6,36 +6,36 @@ describe Ci::TriggerPolicy, :models do
let(:trigger) { create(:ci_trigger, project: project, owner: owner) } let(:trigger) { create(:ci_trigger, project: project, owner: owner) }
let(:policies) do let(:policies) do
described_class.abilities(user, trigger).to_set described_class.new(user, trigger)
end end
shared_examples 'allows to admin and manage trigger' do shared_examples 'allows to admin and manage trigger' do
it 'does include ability to admin trigger' do it 'does include ability to admin trigger' do
expect(policies).to include :admin_trigger expect(policies).to be_allowed :admin_trigger
end end
it 'does include ability to manage trigger' do it 'does include ability to manage trigger' do
expect(policies).to include :manage_trigger expect(policies).to be_allowed :manage_trigger
end end
end end
shared_examples 'allows to manage trigger' do shared_examples 'allows to manage trigger' do
it 'does not include ability to admin trigger' do it 'does not include ability to admin trigger' do
expect(policies).not_to include :admin_trigger expect(policies).not_to be_allowed :admin_trigger
end end
it 'does include ability to manage trigger' do it 'does include ability to manage trigger' do
expect(policies).to include :manage_trigger expect(policies).to be_allowed :manage_trigger
end end
end end
shared_examples 'disallows to admin and manage trigger' do shared_examples 'disallows to admin and manage trigger' do
it 'does not include ability to admin trigger' do it 'does not include ability to admin trigger' do
expect(policies).not_to include :admin_trigger expect(policies).not_to be_allowed :admin_trigger
end end
it 'does not include ability to manage trigger' do it 'does not include ability to manage trigger' do
expect(policies).not_to include :manage_trigger expect(policies).not_to be_allowed :manage_trigger
end end
end end
......
require 'spec_helper' require 'spec_helper'
describe DeployKeyPolicy, models: true do describe DeployKeyPolicy, models: true do
subject { described_class.abilities(current_user, deploy_key).to_set } subject { described_class.new(current_user, deploy_key) }
describe 'updating a deploy_key' do describe 'updating a deploy_key' do
context 'when a regular user' do context 'when a regular user' do
...@@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do ...@@ -16,7 +16,7 @@ describe DeployKeyPolicy, models: true do
project.deploy_keys << deploy_key project.deploy_keys << deploy_key
end end
it { is_expected.to include(:update_deploy_key) } it { is_expected.to be_allowed(:update_deploy_key) }
end end
context 'tries to update private deploy key attached to other project' do context 'tries to update private deploy key attached to other project' do
...@@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do ...@@ -27,13 +27,13 @@ describe DeployKeyPolicy, models: true do
other_project.deploy_keys << deploy_key other_project.deploy_keys << deploy_key
end end
it { is_expected.not_to include(:update_deploy_key) } it { is_expected.to be_disallowed(:update_deploy_key) }
end end
context 'tries to update public deploy key' do context 'tries to update public deploy key' do
let(:deploy_key) { create(:another_deploy_key, public: true) } let(:deploy_key) { create(:another_deploy_key, public: true) }
it { is_expected.not_to include(:update_deploy_key) } it { is_expected.to be_disallowed(:update_deploy_key) }
end end
end end
...@@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do ...@@ -43,13 +43,13 @@ describe DeployKeyPolicy, models: true do
context ' tries to update private deploy key' do context ' tries to update private deploy key' do
let(:deploy_key) { create(:deploy_key, public: false) } let(:deploy_key) { create(:deploy_key, public: false) }
it { is_expected.to include(:update_deploy_key) } it { is_expected.to be_allowed(:update_deploy_key) }
end end
context 'when an admin user tries to update public deploy key' do context 'when an admin user tries to update public deploy key' do
let(:deploy_key) { create(:another_deploy_key, public: true) } let(:deploy_key) { create(:another_deploy_key, public: true) }
it { is_expected.to include(:update_deploy_key) } it { is_expected.to be_allowed(:update_deploy_key) }
end end
end end
end end
......
...@@ -8,8 +8,8 @@ describe EnvironmentPolicy do ...@@ -8,8 +8,8 @@ describe EnvironmentPolicy do
create(:environment, :with_review_app, project: project) create(:environment, :with_review_app, project: project)
end end
let(:policies) do let(:policy) do
described_class.abilities(user, environment).to_set described_class.new(user, environment)
end end
describe '#rules' do describe '#rules' do
...@@ -17,7 +17,7 @@ describe EnvironmentPolicy do ...@@ -17,7 +17,7 @@ describe EnvironmentPolicy do
let(:project) { create(:project, :private) } let(:project) { create(:project, :private) }
it 'does not include ability to stop environment' do it 'does not include ability to stop environment' do
expect(policies).not_to include :stop_environment expect(policy).to be_disallowed :stop_environment
end end
end end
...@@ -25,7 +25,7 @@ describe EnvironmentPolicy do ...@@ -25,7 +25,7 @@ describe EnvironmentPolicy do
let(:project) { create(:project, :public) } let(:project) { create(:project, :public) }
it 'does not include ability to stop environment' do it 'does not include ability to stop environment' do
expect(policies).not_to include :stop_environment expect(policy).to be_disallowed :stop_environment
end end
end end
...@@ -38,7 +38,7 @@ describe EnvironmentPolicy do ...@@ -38,7 +38,7 @@ describe EnvironmentPolicy do
context 'when team member has ability to stop environment' do context 'when team member has ability to stop environment' do
it 'does includes ability to stop environment' do it 'does includes ability to stop environment' do
expect(policies).to include :stop_environment expect(policy).to be_allowed :stop_environment
end end
end end
...@@ -49,7 +49,7 @@ describe EnvironmentPolicy do ...@@ -49,7 +49,7 @@ describe EnvironmentPolicy do
end end
it 'does not include ability to stop environment' do it 'does not include ability to stop environment' do
expect(policies).not_to include :stop_environment expect(policy).to be_disallowed :stop_environment
end end
end end
end end
......
...@@ -36,16 +36,24 @@ describe GroupPolicy, models: true do ...@@ -36,16 +36,24 @@ describe GroupPolicy, models: true do
group.add_owner(owner) group.add_owner(owner)
end end
subject { described_class.abilities(current_user, group).to_set } subject { described_class.new(current_user, group) }
def expect_allowed(*permissions)
permissions.each { |p| is_expected.to be_allowed(p) }
end
def expect_disallowed(*permissions)
permissions.each { |p| is_expected.not_to be_allowed(p) }
end
context 'with no user' do context 'with no user' do
let(:current_user) { nil } let(:current_user) { nil }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.not_to include(*reporter_permissions) expect_disallowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -53,10 +61,10 @@ describe GroupPolicy, models: true do ...@@ -53,10 +61,10 @@ describe GroupPolicy, models: true do
let(:current_user) { guest } let(:current_user) { guest }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.not_to include(*reporter_permissions) expect_disallowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -64,10 +72,10 @@ describe GroupPolicy, models: true do ...@@ -64,10 +72,10 @@ describe GroupPolicy, models: true do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -75,10 +83,10 @@ describe GroupPolicy, models: true do ...@@ -75,10 +83,10 @@ describe GroupPolicy, models: true do
let(:current_user) { developer } let(:current_user) { developer }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -86,10 +94,10 @@ describe GroupPolicy, models: true do ...@@ -86,10 +94,10 @@ describe GroupPolicy, models: true do
let(:current_user) { master } let(:current_user) { master }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -97,10 +105,10 @@ describe GroupPolicy, models: true do ...@@ -97,10 +105,10 @@ describe GroupPolicy, models: true do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.to include(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
...@@ -108,10 +116,10 @@ describe GroupPolicy, models: true do ...@@ -108,10 +116,10 @@ describe GroupPolicy, models: true do
let(:current_user) { admin } let(:current_user) { admin }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.to include(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
...@@ -130,16 +138,16 @@ describe GroupPolicy, models: true do ...@@ -130,16 +138,16 @@ describe GroupPolicy, models: true do
nested_group.add_owner(owner) nested_group.add_owner(owner)
end end
subject { described_class.abilities(current_user, nested_group).to_set } subject { described_class.new(current_user, nested_group) }
context 'with no user' do context 'with no user' do
let(:current_user) { nil } let(:current_user) { nil }
it do it do
is_expected.not_to include(:read_group) expect_disallowed(:read_group)
is_expected.not_to include(*reporter_permissions) expect_disallowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -147,10 +155,10 @@ describe GroupPolicy, models: true do ...@@ -147,10 +155,10 @@ describe GroupPolicy, models: true do
let(:current_user) { guest } let(:current_user) { guest }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.not_to include(*reporter_permissions) expect_disallowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -158,10 +166,10 @@ describe GroupPolicy, models: true do ...@@ -158,10 +166,10 @@ describe GroupPolicy, models: true do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -169,10 +177,10 @@ describe GroupPolicy, models: true do ...@@ -169,10 +177,10 @@ describe GroupPolicy, models: true do
let(:current_user) { developer } let(:current_user) { developer }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -180,10 +188,10 @@ describe GroupPolicy, models: true do ...@@ -180,10 +188,10 @@ describe GroupPolicy, models: true do
let(:current_user) { master } let(:current_user) { master }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -191,10 +199,10 @@ describe GroupPolicy, models: true do ...@@ -191,10 +199,10 @@ describe GroupPolicy, models: true do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
is_expected.to include(:read_group) expect_allowed(:read_group)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.to include(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
end end
......
...@@ -9,7 +9,7 @@ describe IssuePolicy, models: true do ...@@ -9,7 +9,7 @@ describe IssuePolicy, models: true do
let(:reporter_from_group_link) { create(:user) } let(:reporter_from_group_link) { create(:user) }
def permissions(user, issue) def permissions(user, issue)
described_class.abilities(user, issue).to_set described_class.new(user, issue)
end end
context 'a private project' do context 'a private project' do
...@@ -30,42 +30,42 @@ describe IssuePolicy, models: true do ...@@ -30,42 +30,42 @@ describe IssuePolicy, models: true do
end end
it 'does not allow non-members to read issues' do it 'does not allow non-members to read issues' do
expect(permissions(non_member, issue)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(non_member, issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(non_member, issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(non_member, issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows guests to read issues' do it 'allows guests to read issues' do
expect(permissions(guest, issue)).to include(:read_issue) expect(permissions(guest, issue)).to be_allowed(:read_issue)
expect(permissions(guest, issue)).not_to include(:update_issue, :admin_issue) expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue)
expect(permissions(guest, issue_no_assignee)).to include(:read_issue) expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue)
expect(permissions(guest, issue_no_assignee)).not_to include(:update_issue, :admin_issue) expect(permissions(guest, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
end end
it 'allows reporters to read, update, and admin issues' do it 'allows reporters to read, update, and admin issues' do
expect(permissions(reporter, issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows reporters from group links to read, update, and admin issues' do it 'allows reporters from group links to read, update, and admin issues' do
expect(permissions(reporter_from_group_link, issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter_from_group_link, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows issue authors to read and update their issues' do it 'allows issue authors to read and update their issues' do
expect(permissions(author, issue)).to include(:read_issue, :update_issue) expect(permissions(author, issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(author, issue)).not_to include(:admin_issue) expect(permissions(author, issue)).to be_disallowed(:admin_issue)
expect(permissions(author, issue_no_assignee)).to include(:read_issue) expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue)
expect(permissions(author, issue_no_assignee)).not_to include(:update_issue, :admin_issue) expect(permissions(author, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
end end
it 'allows issue assignees to read and update their issues' do it 'allows issue assignees to read and update their issues' do
expect(permissions(assignee, issue)).to include(:read_issue, :update_issue) expect(permissions(assignee, issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(assignee, issue)).not_to include(:admin_issue) expect(permissions(assignee, issue)).to be_disallowed(:admin_issue)
expect(permissions(assignee, issue_no_assignee)).to include(:read_issue) expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue)
expect(permissions(assignee, issue_no_assignee)).not_to include(:update_issue, :admin_issue) expect(permissions(assignee, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
end end
context 'with confidential issues' do context 'with confidential issues' do
...@@ -73,37 +73,37 @@ describe IssuePolicy, models: true do ...@@ -73,37 +73,37 @@ describe IssuePolicy, models: true do
let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) } let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) }
it 'does not allow non-members to read confidential issues' do it 'does not allow non-members to read confidential issues' do
expect(permissions(non_member, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(non_member, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(non_member, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(non_member, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
it 'does not allow guests to read confidential issues' do it 'does not allow guests to read confidential issues' do
expect(permissions(guest, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(guest, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows reporters to read, update, and admin confidential issues' do it 'allows reporters to read, update, and admin confidential issues' do
expect(permissions(reporter, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows reporters from group links to read, update, and admin confidential issues' do it 'allows reporters from group links to read, update, and admin confidential issues' do
expect(permissions(reporter_from_group_link, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows issue authors to read and update their confidential issues' do it 'allows issue authors to read and update their confidential issues' do
expect(permissions(author, confidential_issue)).to include(:read_issue, :update_issue) expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(author, confidential_issue)).not_to include(:admin_issue) expect(permissions(author, confidential_issue)).to be_disallowed(:admin_issue)
expect(permissions(author, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows issue assignees to read and update their confidential issues' do it 'allows issue assignees to read and update their confidential issues' do
expect(permissions(assignee, confidential_issue)).to include(:read_issue, :update_issue) expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(assignee, confidential_issue)).not_to include(:admin_issue) expect(permissions(assignee, confidential_issue)).to be_disallowed(:admin_issue)
expect(permissions(assignee, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
end end
end end
...@@ -123,37 +123,37 @@ describe IssuePolicy, models: true do ...@@ -123,37 +123,37 @@ describe IssuePolicy, models: true do
end end
it 'allows guests to read issues' do it 'allows guests to read issues' do
expect(permissions(guest, issue)).to include(:read_issue) expect(permissions(guest, issue)).to be_allowed(:read_issue)
expect(permissions(guest, issue)).not_to include(:update_issue, :admin_issue) expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue)
expect(permissions(guest, issue_no_assignee)).to include(:read_issue) expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue)
expect(permissions(guest, issue_no_assignee)).not_to include(:update_issue, :admin_issue) expect(permissions(guest, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
end end
it 'allows reporters to read, update, and admin issues' do it 'allows reporters to read, update, and admin issues' do
expect(permissions(reporter, issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows reporters from group links to read, update, and admin issues' do it 'allows reporters from group links to read, update, and admin issues' do
expect(permissions(reporter_from_group_link, issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter_from_group_link, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows issue authors to read and update their issues' do it 'allows issue authors to read and update their issues' do
expect(permissions(author, issue)).to include(:read_issue, :update_issue) expect(permissions(author, issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(author, issue)).not_to include(:admin_issue) expect(permissions(author, issue)).to be_disallowed(:admin_issue)
expect(permissions(author, issue_no_assignee)).to include(:read_issue) expect(permissions(author, issue_no_assignee)).to be_allowed(:read_issue)
expect(permissions(author, issue_no_assignee)).not_to include(:update_issue, :admin_issue) expect(permissions(author, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
end end
it 'allows issue assignees to read and update their issues' do it 'allows issue assignees to read and update their issues' do
expect(permissions(assignee, issue)).to include(:read_issue, :update_issue) expect(permissions(assignee, issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(assignee, issue)).not_to include(:admin_issue) expect(permissions(assignee, issue)).to be_disallowed(:admin_issue)
expect(permissions(assignee, issue_no_assignee)).to include(:read_issue) expect(permissions(assignee, issue_no_assignee)).to be_allowed(:read_issue)
expect(permissions(assignee, issue_no_assignee)).not_to include(:update_issue, :admin_issue) expect(permissions(assignee, issue_no_assignee)).to be_disallowed(:update_issue, :admin_issue)
end end
context 'with confidential issues' do context 'with confidential issues' do
...@@ -161,32 +161,32 @@ describe IssuePolicy, models: true do ...@@ -161,32 +161,32 @@ describe IssuePolicy, models: true do
let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) } let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) }
it 'does not allow guests to read confidential issues' do it 'does not allow guests to read confidential issues' do
expect(permissions(guest, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(guest, confidential_issue)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(guest, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(guest, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows reporters to read, update, and admin confidential issues' do it 'allows reporters to read, update, and admin confidential issues' do
expect(permissions(reporter, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows reporter from group links to read, update, and admin confidential issues' do it 'allows reporter from group links to read, update, and admin confidential issues' do
expect(permissions(reporter_from_group_link, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, confidential_issue)).to be_allowed(:read_issue, :update_issue, :admin_issue)
expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue) expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to be_allowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows issue authors to read and update their confidential issues' do it 'allows issue authors to read and update their confidential issues' do
expect(permissions(author, confidential_issue)).to include(:read_issue, :update_issue) expect(permissions(author, confidential_issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(author, confidential_issue)).not_to include(:admin_issue) expect(permissions(author, confidential_issue)).to be_disallowed(:admin_issue)
expect(permissions(author, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(author, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
it 'allows issue assignees to read and update their confidential issues' do it 'allows issue assignees to read and update their confidential issues' do
expect(permissions(assignee, confidential_issue)).to include(:read_issue, :update_issue) expect(permissions(assignee, confidential_issue)).to be_allowed(:read_issue, :update_issue)
expect(permissions(assignee, confidential_issue)).not_to include(:admin_issue) expect(permissions(assignee, confidential_issue)).to be_disallowed(:admin_issue)
expect(permissions(assignee, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue) expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :update_issue, :admin_issue)
end end
end end
end end
......
...@@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do ...@@ -14,7 +14,7 @@ describe PersonalSnippetPolicy, models: true do
end end
def permissions(user) def permissions(user)
described_class.abilities(user, snippet).to_set described_class.new(user, snippet)
end end
context 'public snippet' do context 'public snippet' do
...@@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -24,9 +24,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(nil) } subject { permissions(nil) }
it do it do
is_expected.to include(:read_personal_snippet) is_expected.to be_allowed(:read_personal_snippet)
is_expected.not_to include(:comment_personal_snippet) is_expected.to be_disallowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -34,9 +34,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(regular_user) } subject { permissions(regular_user) }
it do it do
is_expected.to include(:read_personal_snippet) is_expected.to be_allowed(:read_personal_snippet)
is_expected.to include(:comment_personal_snippet) is_expected.to be_allowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -44,9 +44,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(snippet.author) } subject { permissions(snippet.author) }
it do it do
is_expected.to include(:read_personal_snippet) is_expected.to be_allowed(:read_personal_snippet)
is_expected.to include(:comment_personal_snippet) is_expected.to be_allowed(:comment_personal_snippet)
is_expected.to include(*author_permissions) is_expected.to be_allowed(*author_permissions)
end end
end end
end end
...@@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -58,9 +58,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(nil) } subject { permissions(nil) }
it do it do
is_expected.not_to include(:read_personal_snippet) is_expected.to be_disallowed(:read_personal_snippet)
is_expected.not_to include(:comment_personal_snippet) is_expected.to be_disallowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -68,9 +68,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(regular_user) } subject { permissions(regular_user) }
it do it do
is_expected.to include(:read_personal_snippet) is_expected.to be_allowed(:read_personal_snippet)
is_expected.to include(:comment_personal_snippet) is_expected.to be_allowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -78,9 +78,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(external_user) } subject { permissions(external_user) }
it do it do
is_expected.not_to include(:read_personal_snippet) is_expected.to be_disallowed(:read_personal_snippet)
is_expected.not_to include(:comment_personal_snippet) is_expected.to be_disallowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -88,9 +88,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(snippet.author) } subject { permissions(snippet.author) }
it do it do
is_expected.to include(:read_personal_snippet) is_expected.to be_allowed(:read_personal_snippet)
is_expected.to include(:comment_personal_snippet) is_expected.to be_allowed(:comment_personal_snippet)
is_expected.to include(*author_permissions) is_expected.to be_allowed(*author_permissions)
end end
end end
end end
...@@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -102,9 +102,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(nil) } subject { permissions(nil) }
it do it do
is_expected.not_to include(:read_personal_snippet) is_expected.to be_disallowed(:read_personal_snippet)
is_expected.not_to include(:comment_personal_snippet) is_expected.to be_disallowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -112,9 +112,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(regular_user) } subject { permissions(regular_user) }
it do it do
is_expected.not_to include(:read_personal_snippet) is_expected.to be_disallowed(:read_personal_snippet)
is_expected.not_to include(:comment_personal_snippet) is_expected.to be_disallowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -122,9 +122,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(external_user) } subject { permissions(external_user) }
it do it do
is_expected.not_to include(:read_personal_snippet) is_expected.to be_disallowed(:read_personal_snippet)
is_expected.not_to include(:comment_personal_snippet) is_expected.to be_disallowed(:comment_personal_snippet)
is_expected.not_to include(*author_permissions) is_expected.to be_disallowed(*author_permissions)
end end
end end
...@@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do ...@@ -132,9 +132,9 @@ describe PersonalSnippetPolicy, models: true do
subject { permissions(snippet.author) } subject { permissions(snippet.author) }
it do it do
is_expected.to include(:read_personal_snippet) is_expected.to be_allowed(:read_personal_snippet)
is_expected.to include(:comment_personal_snippet) is_expected.to be_allowed(:comment_personal_snippet)
is_expected.to include(*author_permissions) is_expected.to be_allowed(*author_permissions)
end end
end end
end end
......
...@@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do ...@@ -73,37 +73,45 @@ describe ProjectPolicy, models: true do
project.team << [reporter, :reporter] project.team << [reporter, :reporter]
end end
def expect_allowed(*permissions)
permissions.each { |p| is_expected.to be_allowed(p) }
end
def expect_disallowed(*permissions)
permissions.each { |p| is_expected.not_to be_allowed(p) }
end
it 'does not include the read_issue permission when the issue author is not a member of the private project' do it 'does not include the read_issue permission when the issue author is not a member of the private project' do
project = create(:empty_project, :private) project = create(:empty_project, :private)
issue = create(:issue, project: project) issue = create(:issue, project: project)
user = issue.author user = issue.author
expect(project.team.member?(issue.author)).to eq(false) expect(project.team.member?(issue.author)).to be false
expect(BasePolicy.class_for(project).abilities(user, project).can_set) expect(Ability).not_to be_allowed(user, :read_issue, project)
.not_to include(:read_issue)
expect(Ability.allowed?(user, :read_issue, project)).to be_falsy
end end
it 'does not include the wiki permissions when the feature is disabled' do context 'when the feature is disabled' do
project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED) subject { described_class.new(owner, project) }
wiki_permissions = [:read_wiki, :create_wiki, :update_wiki, :admin_wiki, :download_wiki_code]
permissions = described_class.abilities(owner, project).to_set before do
project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED)
end
expect(permissions).not_to include(*wiki_permissions) it 'does not include the wiki permissions' do
expect_disallowed :read_wiki, :create_wiki, :update_wiki, :admin_wiki, :download_wiki_code
end
end end
context 'abilities for non-public projects' do context 'abilities for non-public projects' do
let(:project) { create(:empty_project, namespace: owner.namespace) } let(:project) { create(:empty_project, namespace: owner.namespace) }
subject { described_class.abilities(current_user, project).to_set } subject { described_class.new(current_user, project) }
context 'with no user' do context 'with no user' do
let(:current_user) { nil } let(:current_user) { nil }
it { is_expected.to be_empty } it { is_expected.to be_banned }
end end
context 'guests' do context 'guests' do
...@@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do ...@@ -114,18 +122,18 @@ describe ProjectPolicy, models: true do
end end
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.not_to include(*reporter_public_build_permissions) expect_disallowed(*reporter_public_build_permissions)
is_expected.not_to include(*team_member_reporter_permissions) expect_disallowed(*team_member_reporter_permissions)
is_expected.not_to include(*developer_permissions) expect_disallowed(*developer_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
context 'public builds enabled' do context 'public builds enabled' do
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.to include(:read_build, :read_pipeline) expect_allowed(:read_build, :read_pipeline)
end end
end end
...@@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do ...@@ -135,8 +143,8 @@ describe ProjectPolicy, models: true do
end end
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.not_to include(:read_build, :read_pipeline) expect_disallowed(:read_build, :read_pipeline)
end end
end end
...@@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do ...@@ -157,12 +165,13 @@ describe ProjectPolicy, models: true do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*team_member_reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.not_to include(*developer_permissions) expect_allowed(*team_member_reporter_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*developer_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
end end
end end
...@@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do ...@@ -170,12 +179,12 @@ describe ProjectPolicy, models: true do
let(:current_user) { dev } let(:current_user) { dev }
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*team_member_reporter_permissions) expect_allowed(*team_member_reporter_permissions)
is_expected.to include(*developer_permissions) expect_allowed(*developer_permissions)
is_expected.not_to include(*master_permissions) expect_disallowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do ...@@ -183,12 +192,12 @@ describe ProjectPolicy, models: true do
let(:current_user) { master } let(:current_user) { master }
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*team_member_reporter_permissions) expect_allowed(*team_member_reporter_permissions)
is_expected.to include(*developer_permissions) expect_allowed(*developer_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.not_to include(*owner_permissions) expect_disallowed(*owner_permissions)
end end
end end
...@@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do ...@@ -196,12 +205,12 @@ describe ProjectPolicy, models: true do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.to include(*team_member_reporter_permissions) expect_allowed(*team_member_reporter_permissions)
is_expected.to include(*developer_permissions) expect_allowed(*developer_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.to include(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
...@@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do ...@@ -209,12 +218,12 @@ describe ProjectPolicy, models: true do
let(:current_user) { admin } let(:current_user) { admin }
it do it do
is_expected.to include(*guest_permissions) expect_allowed(*guest_permissions)
is_expected.to include(*reporter_permissions) expect_allowed(*reporter_permissions)
is_expected.not_to include(*team_member_reporter_permissions) expect_disallowed(*team_member_reporter_permissions)
is_expected.to include(*developer_permissions) expect_allowed(*developer_permissions)
is_expected.to include(*master_permissions) expect_allowed(*master_permissions)
is_expected.to include(*owner_permissions) expect_allowed(*owner_permissions)
end end
end end
end end
......
...@@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do ...@@ -15,7 +15,15 @@ describe ProjectSnippetPolicy, models: true do
def abilities(user, snippet_visibility) def abilities(user, snippet_visibility)
snippet = create(:project_snippet, snippet_visibility, project: project) snippet = create(:project_snippet, snippet_visibility, project: project)
described_class.abilities(user, snippet).to_set described_class.new(user, snippet)
end
def expect_allowed(*permissions)
permissions.each { |p| is_expected.to be_allowed(p) }
end
def expect_disallowed(*permissions)
permissions.each { |p| is_expected.not_to be_allowed(p) }
end end
context 'public snippet' do context 'public snippet' do
...@@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -23,8 +31,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(nil, :public) } subject { abilities(nil, :public) }
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -32,8 +40,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(regular_user, :public) } subject { abilities(regular_user, :public) }
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -41,8 +49,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(external_user, :public) } subject { abilities(external_user, :public) }
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
end end
...@@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -52,8 +60,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(nil, :internal) } subject { abilities(nil, :internal) }
it do it do
is_expected.not_to include(:read_project_snippet) expect_disallowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -61,8 +69,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(regular_user, :internal) } subject { abilities(regular_user, :internal) }
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -70,8 +78,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(external_user, :internal) } subject { abilities(external_user, :internal) }
it do it do
is_expected.not_to include(:read_project_snippet) expect_disallowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -83,8 +91,8 @@ describe ProjectSnippetPolicy, models: true do
end end
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
end end
...@@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -94,8 +102,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(nil, :private) } subject { abilities(nil, :private) }
it do it do
is_expected.not_to include(:read_project_snippet) expect_disallowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do ...@@ -103,19 +111,19 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(regular_user, :private) } subject { abilities(regular_user, :private) }
it do it do
is_expected.not_to include(:read_project_snippet) expect_disallowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
context 'snippet author' do context 'snippet author' do
let(:snippet) { create(:project_snippet, :private, author: regular_user, project: project) } let(:snippet) { create(:project_snippet, :private, author: regular_user, project: project) }
subject { described_class.abilities(regular_user, snippet).to_set } subject { described_class(regular_user, snippet) }
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.to include(*author_permissions) expect_allowed(*author_permissions)
end end
end end
...@@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -127,8 +135,8 @@ describe ProjectSnippetPolicy, models: true do
end end
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -140,8 +148,8 @@ describe ProjectSnippetPolicy, models: true do
end end
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.not_to include(*author_permissions) expect_disallowed(*author_permissions)
end end
end end
...@@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do ...@@ -149,8 +157,8 @@ describe ProjectSnippetPolicy, models: true do
subject { abilities(create(:admin), :private) } subject { abilities(create(:admin), :private) }
it do it do
is_expected.to include(:read_project_snippet) expect_allowed(:read_project_snippet)
is_expected.to include(*author_permissions) expect_allowed(*author_permissions)
end end
end end
end end
......
...@@ -4,34 +4,34 @@ describe UserPolicy, models: true do ...@@ -4,34 +4,34 @@ describe UserPolicy, models: true do
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
let(:user) { create(:user) } let(:user) { create(:user) }
subject { described_class.abilities(current_user, user).to_set } subject { UserPolicy.new(current_user, user) }
describe "reading a user's information" do describe "reading a user's information" do
it { is_expected.to include(:read_user) } it { is_expected.to be_allowed(:read_user) }
end end
describe "destroying a user" do describe "destroying a user" do
context "when a regular user tries to destroy another regular user" do context "when a regular user tries to destroy another regular user" do
it { is_expected.not_to include(:destroy_user) } it { is_expected.not_to be_allowed(:destroy_user) }
end end
context "when a regular user tries to destroy themselves" do context "when a regular user tries to destroy themselves" do
let(:current_user) { user } let(:current_user) { user }
it { is_expected.to include(:destroy_user) } it { is_expected.to be_allowed(:destroy_user) }
end end
context "when an admin user tries to destroy a regular user" do context "when an admin user tries to destroy a regular user" do
let(:current_user) { create(:user, :admin) } let(:current_user) { create(:user, :admin) }
it { is_expected.to include(:destroy_user) } it { is_expected.to be_allowed(:destroy_user) }
end end
context "when an admin user tries to destroy a ghost user" do context "when an admin user tries to destroy a ghost user" do
let(:current_user) { create(:user, :admin) } let(:current_user) { create(:user, :admin) }
let(:user) { create(:user, :ghost) } let(:user) { create(:user, :ghost) }
it { is_expected.not_to include(:destroy_user) } it { is_expected.not_to be_allowed(:destroy_user) }
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment