Skip to content

G
gitlab-ce
Commit 389a76b3 authored by Jason Goodman's avatar Jason Goodman Committed by Imre Farkas
Browse files
Options

Extract public permissions from group policy specs into shared context 

Refactor group policy specs to reuse public permissions
Add spec for public group with a foreign user
parent c9e02b8a
Hide whitespace changes
Inline Side-by-side
Showing with 52 additions and 44 deletions
spec/policies/group_policy_spec.rb
View file @ 389a76b3
...@@ -10,21 +10,32 @@ RSpec.describe GroupPolicy do ...@@ -10,21 +10,32 @@ RSpec.describe GroupPolicy do
let(:current_user) { nil } let(:current_user) { nil }
it do it do
expect_allowed(:read_group) expect_allowed(*public_permissions)
expect_allowed(:read_counts)
expect_allowed(*read_group_permissions)
expect_disallowed(:upload_file) expect_disallowed(:upload_file)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
expect_disallowed(*maintainer_permissions) expect_disallowed(*maintainer_permissions)
expect_disallowed(*owner_permissions) expect_disallowed(*owner_permissions)
expect_disallowed(:read_namespace) expect_disallowed(:read_namespace)
expect_disallowed(:read_crm_organization)
expect_disallowed(:read_crm_contact)
end end
end end
context 'with no user and public project' do context 'public group with user who is not a member' do
let(:group) { create(:group, :public, :crm_enabled) }
let(:current_user) { create(:user) }
it do
expect_allowed(*public_permissions)
expect_disallowed(:upload_file)
expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions)
expect_disallowed(*maintainer_permissions)
expect_disallowed(*owner_permissions)
expect_disallowed(:read_namespace)
end
end
context 'private group that has been invited to a public project and with no user' do
let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) } let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) }
let(:current_user) { nil } let(:current_user) { nil }
...@@ -32,15 +43,14 @@ RSpec.describe GroupPolicy do ...@@ -32,15 +43,14 @@ RSpec.describe GroupPolicy do
create(:project_group_link, project: project, group: group) create(:project_group_link, project: project, group: group)
end end
it { expect_disallowed(:read_group) } it do
it { expect_disallowed(:read_crm_organization) } expect_disallowed(*public_permissions)
it { expect_disallowed(:read_crm_contact) } expect_disallowed(*reporter_permissions)
it { expect_disallowed(:read_counts) } expect_disallowed(*owner_permissions)
it { expect_disallowed(:read_group_runners) } end
it { expect_disallowed(*read_group_permissions) }
end end
context 'with foreign user and public project' do context 'private group that has been invited to a public project and with a foreign user' do
let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) } let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) }
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
...@@ -48,12 +58,11 @@ RSpec.describe GroupPolicy do ...@@ -48,12 +58,11 @@ RSpec.describe GroupPolicy do
create(:project_group_link, project: project, group: group) create(:project_group_link, project: project, group: group)
end end
it { expect_disallowed(:read_group) } it do
it { expect_disallowed(:read_crm_organization) } expect_disallowed(*public_permissions)
it { expect_disallowed(:read_crm_contact) } expect_disallowed(*reporter_permissions)
it { expect_disallowed(:read_counts) } expect_disallowed(*owner_permissions)
it { expect_disallowed(:read_group_runners) } end
it { expect_disallowed(*read_group_permissions) }
end end
context 'has projects' do context 'has projects' do
...@@ -64,13 +73,13 @@ RSpec.describe GroupPolicy do ...@@ -64,13 +73,13 @@ RSpec.describe GroupPolicy do
project.add_developer(current_user) project.add_developer(current_user)
end end
it { expect_allowed(*read_group_permissions) } it { expect_allowed(*(public_permissions - [:read_counts])) }
context 'in subgroups' do context 'in subgroups' do
let(:subgroup) { create(:group, :private, :crm_enabled, parent: group) } let(:subgroup) { create(:group, :private, :crm_enabled, parent: group) }
let(:project) { create(:project, namespace: subgroup) } let(:project) { create(:project, namespace: subgroup) }
it { expect_allowed(*read_group_permissions) } it { expect_allowed(*(public_permissions - [:read_counts])) }
end end
end end
...@@ -83,7 +92,7 @@ RSpec.describe GroupPolicy do ...@@ -83,7 +92,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { deploy_token } let(:current_user) { deploy_token }
it do it do
expect_disallowed(*read_group_permissions) expect_disallowed(*public_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -96,7 +105,7 @@ RSpec.describe GroupPolicy do ...@@ -96,7 +105,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { guest } let(:current_user) { guest }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -113,7 +122,7 @@ RSpec.describe GroupPolicy do ...@@ -113,7 +122,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -130,7 +139,7 @@ RSpec.describe GroupPolicy do ...@@ -130,7 +139,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { developer } let(:current_user) { developer }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -158,7 +167,7 @@ RSpec.describe GroupPolicy do ...@@ -158,7 +167,7 @@ RSpec.describe GroupPolicy do
updated_owner_permissions = updated_owner_permissions =
owner_permissions - create_subgroup_permission owner_permissions - create_subgroup_permission
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -169,7 +178,7 @@ RSpec.describe GroupPolicy do ...@@ -169,7 +178,7 @@ RSpec.describe GroupPolicy do
context 'with subgroup_creation_level set to owner' do context 'with subgroup_creation_level set to owner' do
it 'allows every maintainer permission' do it 'allows every maintainer permission' do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -187,7 +196,7 @@ RSpec.describe GroupPolicy do ...@@ -187,7 +196,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -204,7 +213,7 @@ RSpec.describe GroupPolicy do ...@@ -204,7 +213,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { admin } let(:current_user) { admin }
specify do specify do
expect_disallowed(*read_group_permissions) expect_disallowed(*public_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -214,7 +223,7 @@ RSpec.describe GroupPolicy do ...@@ -214,7 +223,7 @@ RSpec.describe GroupPolicy do
context 'with admin mode', :enable_admin_mode do context 'with admin mode', :enable_admin_mode do
specify do specify do
expect_allowed(*read_group_permissions) expect_allowed(*public_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -256,8 +265,7 @@ RSpec.describe GroupPolicy do ...@@ -256,8 +265,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { nil } let(:current_user) { nil }
it do it do
expect_disallowed(:read_counts) expect_disallowed(*public_permissions)
expect_disallowed(*read_group_permissions)
expect_disallowed(*guest_permissions) expect_disallowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -270,8 +278,7 @@ RSpec.describe GroupPolicy do ...@@ -270,8 +278,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { guest } let(:current_user) { guest }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_disallowed(*reporter_permissions) expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -284,8 +291,7 @@ RSpec.describe GroupPolicy do ...@@ -284,8 +291,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { reporter } let(:current_user) { reporter }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_disallowed(*developer_permissions) expect_disallowed(*developer_permissions)
...@@ -298,8 +304,7 @@ RSpec.describe GroupPolicy do ...@@ -298,8 +304,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { developer } let(:current_user) { developer }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -312,8 +317,7 @@ RSpec.describe GroupPolicy do ...@@ -312,8 +317,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { maintainer } let(:current_user) { maintainer }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
...@@ -326,8 +330,7 @@ RSpec.describe GroupPolicy do ...@@ -326,8 +330,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { owner } let(:current_user) { owner }
it do it do
expect_allowed(:read_counts) expect_allowed(*public_permissions)
expect_allowed(*read_group_permissions)
expect_allowed(*guest_permissions) expect_allowed(*guest_permissions)
expect_allowed(*reporter_permissions) expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions) expect_allowed(*developer_permissions)
......
spec/support/shared_contexts/policies/group_policy_shared_context.rb
View file @ 389a76b3
...@@ -10,6 +10,13 @@ RSpec.shared_context 'GroupPolicy context' do ...@@ -10,6 +10,13 @@ RSpec.shared_context 'GroupPolicy context' do
let_it_be(:non_group_member) { create(:user) } let_it_be(:non_group_member) { create(:user) }
let_it_be(:group, refind: true) { create(:group, :private, :owner_subgroup_creation_only, :crm_enabled) } let_it_be(:group, refind: true) { create(:group, :private, :owner_subgroup_creation_only, :crm_enabled) }
let(:public_permissions) do
%i[
read_group read_counts
read_label read_issue_board_list read_milestone read_issue_board
]
end
let(:guest_permissions) do let(:guest_permissions) do
%i[ %i[
read_label read_group upload_file read_namespace read_group_activity read_label read_group upload_file read_namespace read_group_activity
...@@ -18,8 +25,6 @@ RSpec.shared_context 'GroupPolicy context' do ...@@ -18,8 +25,6 @@ RSpec.shared_context 'GroupPolicy context' do
] ]
end end
let(:read_group_permissions) { %i[read_label read_issue_board_list read_milestone read_issue_board] }
let(:reporter_permissions) do let(:reporter_permissions) do
%i[ %i[
admin_label admin_label
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7