Speed project policy specs for both FOSS and EE

Reuse factories (already `let_it_be`) from shared context where
feasible.

ee/spec/policies/project_policy_spec.rb

@@ -5,16 +5,9 @@ require 'spec_helper'
 RSpec.describe ProjectPolicy do
   include ExternalAuthorizationServiceHelpers
   include AdminModeHelper
+  include_context 'ProjectPolicy context'
 
-  let_it_be(:owner) { create(:user) }
-  let_it_be(:admin) { create(:admin) }
-  let_it_be(:maintainer) { create(:user) }
-  let_it_be(:developer) { create(:user) }
-  let_it_be(:reporter) { create(:user) }
-  let_it_be(:guest) { create(:user) }
-  let_it_be(:non_member) { create(:user) }
-  let_it_be(:project, refind: true) { create(:project, :public, namespace: owner.namespace) }
-  let_it_be(:private_project, refind: true) { create(:project, :private, namespace: owner.namespace) }
+  let(:project) { public_project }
 
   subject { described_class.new(current_user, project) }
 
@@ -22,21 +15,7 @@ RSpec.describe ProjectPolicy do
     stub_licensed_features(license_scanning: true)
   end
 
-  before_all do
-    project.add_maintainer(maintainer)
-    project.add_developer(developer)
-    project.add_reporter(reporter)
-    project.add_guest(guest)
-
-    private_project.add_maintainer(maintainer)
-    private_project.add_developer(developer)
-    private_project.add_reporter(reporter)
-    private_project.add_guest(guest)
-  end
-
   context 'basic permissions' do
-    include_context 'ProjectPolicy context'
-
     let(:additional_reporter_permissions) do
       %i[read_software_license_policy]
     end
@@ -178,7 +157,7 @@ RSpec.describe ProjectPolicy do
       end
 
       context 'when user is logged out' do
-        let(:current_user) { nil }
+        let(:current_user) { anonymous }
 
         it { is_expected.to be_allowed(:read_iteration) }
         it { is_expected.to be_disallowed(:create_iteration, :admin_iteration) }
@@ -194,7 +173,7 @@ RSpec.describe ProjectPolicy do
         end
 
         context 'when user is logged out' do
-          let(:current_user) { nil }
+          let(:current_user) { anonymous }
 
           it { is_expected.to be_disallowed(:read_iteration, :create_iteration, :admin_iteration) }
         end
@@ -207,8 +186,7 @@ RSpec.describe ProjectPolicy do
 
     context 'when the feature is disabled' do
       before do
-        project.issues_enabled = false
-        project.save!
+        project.update!(issues_enabled: false)
       end
 
       it 'disables boards permissions' do
@@ -512,7 +490,7 @@ RSpec.describe ProjectPolicy do
       end
 
       context 'with anonymous' do
-        let(:current_user) { nil }
+        let(:current_user) { anonymous }
 
         it { is_expected.to be_disallowed(permission) }
       end
@@ -595,7 +573,7 @@ RSpec.describe ProjectPolicy do
       end
 
       context 'with anonymous' do
-        let(:current_user) { nil }
+        let(:current_user) { anonymous }
 
         it { is_expected.to be_disallowed(:read_threat_monitoring) }
       end
@@ -735,7 +713,7 @@ RSpec.describe ProjectPolicy do
     end
 
     context 'with anonymous' do
-      let(:current_user) { nil }
+      let(:current_user) { anonymous }
 
       it { is_expected.to be_disallowed(:admin_software_license_policy) }
     end
@@ -763,7 +741,7 @@ RSpec.describe ProjectPolicy do
         let(:current_user) { create(:user) }
 
         context 'with public access to repository' do
-          let(:project) { create(:project, :public) }
+          let(:project) { public_project }
 
           it { is_expected.to be_allowed(:read_dependencies) }
         end
@@ -827,7 +805,7 @@ RSpec.describe ProjectPolicy do
         end
 
         context 'with anonymous' do
-          let(:current_user) { nil }
+          let(:current_user) { anonymous }
 
           it { is_expected.to be_disallowed(:read_dependencies) }
         end
@@ -887,7 +865,7 @@ RSpec.describe ProjectPolicy do
         end
 
         context 'with anonymous' do
-          let(:current_user) { nil }
+          let(:current_user) { anonymous }
 
           it { is_expected.to be_disallowed(:read_licenses) }
         end
@@ -906,7 +884,6 @@ RSpec.describe ProjectPolicy do
   end
 
   describe 'publish_status_page' do
-    let(:anonymous) { nil }
     let(:feature) { :status_page }
     let(:policy) { :publish_status_page }
 
@@ -1152,7 +1129,7 @@ RSpec.describe ProjectPolicy do
     end
 
     context 'with anonymous' do
-      let(:current_user) { nil }
+      let(:current_user) { anonymous }
 
       it { is_expected.to be_disallowed(:read_group_timelogs) }
     end

spec/support/shared_contexts/policies/project_policy_shared_context.rb

 # frozen_string_literal: true
 
 RSpec.shared_context 'ProjectPolicy context' do
+  let_it_be(:anonymous) { nil }
   let_it_be(:guest) { create(:user) }
   let_it_be(:reporter) { create(:user) }
   let_it_be(:developer) { create(:user) }
   let_it_be(:maintainer) { create(:user) }
   let_it_be(:owner) { create(:user) }
   let_it_be(:admin) { create(:admin) }
-  let(:project) { create(:project, :public, namespace: owner.namespace) }
+  let_it_be(:non_member) { create(:user) }
+  let_it_be_with_refind(:private_project) { create(:project, :private, namespace: owner.namespace) }
+  let_it_be_with_refind(:internal_project) { create(:project, :internal, namespace: owner.namespace) }
+  let_it_be_with_refind(:public_project) { create(:project, :public, namespace: owner.namespace) }
 
   let(:base_guest_permissions) do
     %i[
@@ -86,10 +90,12 @@ RSpec.shared_context 'ProjectPolicy context' do
   let(:maintainer_permissions) { base_maintainer_permissions + additional_maintainer_permissions }
   let(:owner_permissions) { base_owner_permissions + additional_owner_permissions }
 
-  before do
-    project.add_guest(guest)
-    project.add_maintainer(maintainer)
-    project.add_developer(developer)
-    project.add_reporter(reporter)
+  before_all do
+    [private_project, internal_project, public_project].each do |project|
+      project.add_guest(guest)
+      project.add_reporter(reporter)
+      project.add_developer(developer)
+      project.add_maintainer(maintainer)
+    end
   end
 end

spec/support/shared_examples/policies/project_policy_shared_examples.rb

@@ -59,8 +59,7 @@ RSpec.shared_examples 'project policies as anonymous' do
       let(:project) { create(:project, :public, namespace: group) }
       let(:user_permissions) { [:create_merge_request_in, :create_project, :create_issue, :create_note, :upload_file, :award_emoji] }
       let(:anonymous_permissions) { guest_permissions - user_permissions }
-
-      subject { described_class.new(nil, project) }
+      let(:current_user) { anonymous }
 
       before do
         create(:group_member, :invited, group: group)
@@ -78,9 +77,8 @@ RSpec.shared_examples 'project policies as anonymous' do
   end
 
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(nil, project) }
+    let(:project) { private_project }
+    let(:current_user) { anonymous }
 
     it { is_expected.to be_banned }
   end
@@ -109,10 +107,10 @@ RSpec.shared_examples 'deploy token does not get confused with user' do
 end
 
 RSpec.shared_examples 'project policies as guest' do
-  subject { described_class.new(guest, project) }
-
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
+    let(:project) { private_project }
+    let(:current_user) { guest }
+
     let(:reporter_public_build_permissions) do
       reporter_permissions - [:read_build, :read_pipeline]
     end
@@ -167,9 +165,8 @@ end
 
 RSpec.shared_examples 'project policies as reporter' do
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(reporter, project) }
+    let(:project) { private_project }
+    let(:current_user) { reporter }
 
     it do
       expect_allowed(*guest_permissions)
@@ -192,9 +189,8 @@ end
 
 RSpec.shared_examples 'project policies as developer' do
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(developer, project) }
+    let(:project) { private_project }
+    let(:current_user) { developer }
 
     it do
       expect_allowed(*guest_permissions)
@@ -217,9 +213,8 @@ end
 
 RSpec.shared_examples 'project policies as maintainer' do
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(maintainer, project) }
+    let(:project) { private_project }
+    let(:current_user) { maintainer }
 
     it do
       expect_allowed(*guest_permissions)
@@ -242,9 +237,8 @@ end
 
 RSpec.shared_examples 'project policies as owner' do
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(owner, project) }
+    let(:project) { private_project }
+    let(:current_user) { owner }
 
     it do
       expect_allowed(*guest_permissions)
@@ -267,9 +261,8 @@ end
 
 RSpec.shared_examples 'project policies as admin with admin mode' do
   context 'abilities for non-public projects', :enable_admin_mode do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(admin, project) }
+    let(:project) { private_project }
+    let(:current_user) { admin }
 
     it do
       expect_allowed(*guest_permissions)
@@ -316,9 +309,8 @@ end
 
 RSpec.shared_examples 'project policies as admin without admin mode' do
   context 'abilities for non-public projects' do
-    let(:project) { create(:project, namespace: owner.namespace) }
-
-    subject { described_class.new(admin, project) }
+    let(:project) { private_project }
+    let(:current_user) { admin }
 
     it { is_expected.to be_banned }