Commit 4b90cccb authored by Vijay Hawoldar's avatar Vijay Hawoldar

Move change_repository_storage to BasePolicy

The change_repository_storage policy will be used
not only for Project repositories, but also
PersonalSnippet and ProjectSnippet repositories,
so it should be moved out of ProjectPolicy
parent 4ba00f14
...@@ -57,6 +57,8 @@ class BasePolicy < DeclarativePolicy::Base ...@@ -57,6 +57,8 @@ class BasePolicy < DeclarativePolicy::Base
rule { default }.enable :read_cross_project rule { default }.enable :read_cross_project
condition(:is_gitlab_com) { ::Gitlab.dev_env_or_com? } condition(:is_gitlab_com) { ::Gitlab.dev_env_or_com? }
rule { admin }.enable :change_repository_storage
end end
BasePolicy.prepend_if_ee('EE::BasePolicy') BasePolicy.prepend_if_ee('EE::BasePolicy')
...@@ -546,8 +546,6 @@ class ProjectPolicy < BasePolicy ...@@ -546,8 +546,6 @@ class ProjectPolicy < BasePolicy
prevent :create_pipeline prevent :create_pipeline
end end
rule { admin }.enable :change_repository_storage
rule { can?(:read_issue) }.policy do rule { can?(:read_issue) }.policy do
enable :read_design enable :read_design
enable :read_design_activity enable :read_design_activity
......
...@@ -22,6 +22,34 @@ RSpec.describe BasePolicy do ...@@ -22,6 +22,34 @@ RSpec.describe BasePolicy do
end end
end end
shared_examples 'admin only access' do |policy|
let(:current_user) { build_stubbed(:user) }
subject { described_class.new(current_user, nil) }
it { is_expected.not_to be_allowed(policy) }
context 'for admins' do
let(:current_user) { build_stubbed(:admin) }
it 'allowed when in admin mode' do
enable_admin_mode!(current_user)
is_expected.to be_allowed(policy)
end
it 'prevented when not in admin mode' do
is_expected.not_to be_allowed(policy)
end
end
context 'for anonymous' do
let(:current_user) { nil }
it { is_expected.not_to be_allowed(policy) }
end
end
describe 'read cross project' do describe 'read cross project' do
let(:current_user) { build_stubbed(:user) } let(:current_user) { build_stubbed(:user) }
let(:user) { build_stubbed(:user) } let(:user) { build_stubbed(:user) }
...@@ -41,51 +69,15 @@ RSpec.describe BasePolicy do ...@@ -41,51 +69,15 @@ RSpec.describe BasePolicy do
enable_external_authorization_service_check enable_external_authorization_service_check
end end
it { is_expected.not_to be_allowed(:read_cross_project) } it_behaves_like 'admin only access', :read_cross_project
context 'for admins' do
let(:current_user) { build_stubbed(:admin) }
subject { described_class.new(current_user, nil) }
it 'allowed when in admin mode' do
enable_admin_mode!(current_user)
is_expected.to be_allowed(:read_cross_project)
end
it 'prevented when not in admin mode' do
is_expected.not_to be_allowed(:read_cross_project)
end
end
context 'for anonymous' do
let(:current_user) { nil }
it { is_expected.not_to be_allowed(:read_cross_project) }
end
end end
end end
describe 'full private access' do describe 'full private access' do
let(:current_user) { build_stubbed(:user) } it_behaves_like 'admin only access', :read_all_resources
end
subject { described_class.new(current_user, nil) }
it { is_expected.not_to be_allowed(:read_all_resources) }
context 'for admins' do
let(:current_user) { build_stubbed(:admin) }
it 'allowed when in admin mode' do
enable_admin_mode!(current_user)
is_expected.to be_allowed(:read_all_resources)
end
it 'prevented when not in admin mode' do describe 'change_repository_storage' do
is_expected.not_to be_allowed(:read_all_resources) it_behaves_like 'admin only access', :change_repository_storage
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment