Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5f47dabf
Commit
5f47dabf
authored
Mar 26, 2019
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[EE] Reduce the diff with CE in spec/policies/group_policy_spec.rb
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
dec19fa9
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
88 additions
and
172 deletions
+88
-172
ee/spec/policies/group_policy_spec.rb
ee/spec/policies/group_policy_spec.rb
+40
-21
spec/policies/group_policy_spec.rb
spec/policies/group_policy_spec.rb
+1
-151
spec/support/shared_contexts/policies/group_policy_shared_context.rb
...t/shared_contexts/policies/group_policy_shared_context.rb
+47
-0
No files found.
ee/spec/policies/group_policy_spec.rb
View file @
5f47dabf
require
'spec_helper'
describe
GroupPolicy
do
let
(
:guest
)
{
create
(
:user
)
}
let
(
:reporter
)
{
create
(
:user
)
}
let
(
:developer
)
{
create
(
:user
)
}
let
(
:maintainer
)
{
create
(
:user
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:auditor
)
{
create
(
:user
,
:auditor
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:group
)
{
create
(
:group
)
}
before
do
group
.
add_guest
(
guest
)
group
.
add_reporter
(
reporter
)
group
.
add_developer
(
developer
)
group
.
add_maintainer
(
maintainer
)
group
.
add_owner
(
owner
)
end
subject
{
described_class
.
new
(
current_user
,
group
)
}
include_context
'GroupPolicy context'
context
'when epics feature is disabled'
do
let
(
:current_user
)
{
owner
}
...
...
@@ -406,8 +389,6 @@ describe GroupPolicy do
stub_licensed_features
(
security_dashboard:
true
)
end
subject
{
described_class
.
new
(
current_user
,
group
)
}
context
'with admin'
do
let
(
:current_user
)
{
admin
}
...
...
@@ -465,9 +446,47 @@ describe GroupPolicy do
end
end
describe
'private nested group use the highest access level from the group and inherited permissions'
,
:nested_groups
do
let
(
:nested_group
)
{
create
(
:group
,
:private
,
parent:
group
)
}
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
end
def
expect_disallowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
not_to
be_allowed
(
p
)
}
end
before
do
nested_group
.
add_guest
(
guest
)
nested_group
.
add_guest
(
reporter
)
nested_group
.
add_guest
(
developer
)
nested_group
.
add_guest
(
maintainer
)
group
.
owners
.
destroy_all
# rubocop: disable DestroyAll
group
.
add_guest
(
owner
)
nested_group
.
add_owner
(
owner
)
end
subject
{
described_class
.
new
(
current_user
,
nested_group
)
}
context
'auditor'
do
let
(
:current_user
)
{
create
(
:user
,
:auditor
)
}
it
do
expect_allowed
(
:read_group
)
expect_disallowed
(
:upload_file
)
expect_disallowed
(
*
reporter_permissions
)
expect_disallowed
(
*
developer_permissions
)
expect_disallowed
(
*
maintainer_permissions
)
expect_disallowed
(
*
owner_permissions
)
end
end
end
it_behaves_like
'ee clusterable policies'
do
let
(
:clusterable
)
{
create
(
:group
)
}
let
(
:cluster
)
do
create
(
:cluster
,
:provided_by_gcp
,
...
...
spec/policies/group_policy_spec.rb
View file @
5f47dabf
require
'spec_helper'
describe
GroupPolicy
do
let
(
:guest
)
{
create
(
:user
)
}
let
(
:reporter
)
{
create
(
:user
)
}
let
(
:developer
)
{
create
(
:user
)
}
let
(
:maintainer
)
{
create
(
:user
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:auditor
)
{
create
(
:user
,
:auditor
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:group
)
{
create
(
:group
,
:private
)
}
let
(
:guest_permissions
)
do
[
:read_label
,
:read_group
,
:upload_file
,
:read_namespace
,
:read_group_activity
,
:read_group_issues
,
:read_group_boards
,
:read_group_labels
,
:read_group_milestones
,
:read_group_merge_requests
]
end
let
(
:reporter_permissions
)
{
[
:admin_label
]
}
let
(
:developer_permissions
)
{
[
:admin_milestone
]
}
let
(
:maintainer_permissions
)
do
[
:create_projects
,
:read_cluster
,
:create_cluster
,
:update_cluster
,
:admin_cluster
,
:add_cluster
]
end
let
(
:owner_permissions
)
do
[
:admin_group
,
:admin_namespace
,
:admin_group_member
,
:change_visibility_level
,
:set_note_created_at
,
(
Gitlab
::
Database
.
postgresql?
?
:create_subgroup
:
nil
)
].
compact
end
before
do
group
.
add_guest
(
guest
)
group
.
add_reporter
(
reporter
)
group
.
add_developer
(
developer
)
group
.
add_maintainer
(
maintainer
)
group
.
add_owner
(
owner
)
end
subject
{
described_class
.
new
(
current_user
,
group
)
}
include_context
'GroupPolicy context'
def
expect_allowed
(
*
permissions
)
permissions
.
each
{
|
p
|
is_expected
.
to
be_allowed
(
p
)
}
...
...
@@ -312,107 +263,6 @@ describe GroupPolicy do
expect_allowed
(
*
owner_permissions
)
end
end
context
'auditor'
do
let
(
:current_user
)
{
auditor
}
it
do
expect_allowed
(
:read_group
)
expect_disallowed
(
:upload_file
)
is_expected
.
to
be_disallowed
(
*
maintainer_permissions
)
is_expected
.
to
be_disallowed
(
*
owner_permissions
)
end
end
end
describe
'change_share_with_group_lock'
do
context
'when the current_user owns the group'
do
let
(
:current_user
)
{
owner
}
context
'when the group share_with_group_lock is enabled'
do
let
(
:group
)
{
create
(
:group
,
share_with_group_lock:
true
,
parent:
parent
)
}
context
'when the parent group share_with_group_lock is enabled'
do
context
'when the group has a grandparent'
do
let
(
:parent
)
{
create
(
:group
,
share_with_group_lock:
true
,
parent:
grandparent
)
}
context
'when the grandparent share_with_group_lock is enabled'
do
let
(
:grandparent
)
{
create
(
:group
,
share_with_group_lock:
true
)
}
context
'when the current_user owns the parent'
do
before
do
parent
.
add_owner
(
current_user
)
end
context
'when the current_user owns the grandparent'
do
before
do
grandparent
.
add_owner
(
current_user
)
end
it
{
expect_allowed
(
:change_share_with_group_lock
)
}
end
context
'when the current_user does not own the grandparent'
do
it
{
expect_disallowed
(
:change_share_with_group_lock
)
}
end
end
context
'when the current_user does not own the parent'
do
it
{
expect_disallowed
(
:change_share_with_group_lock
)
}
end
end
context
'when the grandparent share_with_group_lock is disabled'
do
let
(
:grandparent
)
{
create
(
:group
)
}
context
'when the current_user owns the parent'
do
before
do
parent
.
add_owner
(
current_user
)
end
it
{
expect_allowed
(
:change_share_with_group_lock
)
}
end
context
'when the current_user does not own the parent'
do
it
{
expect_disallowed
(
:change_share_with_group_lock
)
}
end
end
end
context
'when the group does not have a grandparent'
do
let
(
:parent
)
{
create
(
:group
,
share_with_group_lock:
true
)
}
context
'when the current_user owns the parent'
do
before
do
parent
.
add_owner
(
current_user
)
end
it
{
expect_allowed
(
:change_share_with_group_lock
)
}
end
context
'when the current_user does not own the parent'
do
it
{
expect_disallowed
(
:change_share_with_group_lock
)
}
end
end
end
context
'when the parent group share_with_group_lock is disabled'
do
let
(
:parent
)
{
create
(
:group
)
}
it
{
expect_allowed
(
:change_share_with_group_lock
)
}
end
end
context
'when the group share_with_group_lock is disabled'
do
it
{
expect_allowed
(
:change_share_with_group_lock
)
}
end
end
context
'when the current_user does not own the group'
do
let
(
:current_user
)
{
create
(
:user
)
}
it
{
expect_disallowed
(
:change_share_with_group_lock
)
}
end
end
describe
'change_share_with_group_lock'
do
...
...
spec/support/shared_contexts/policies/group_policy_shared_context.rb
0 → 100644
View file @
5f47dabf
# frozen_string_literal: true
RSpec
.
shared_context
'GroupPolicy context'
do
let
(
:guest
)
{
create
(
:user
)
}
let
(
:reporter
)
{
create
(
:user
)
}
let
(
:developer
)
{
create
(
:user
)
}
let
(
:maintainer
)
{
create
(
:user
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:group
)
{
create
(
:group
,
:private
)
}
let
(
:guest_permissions
)
do
%i[
read_label read_group upload_file read_namespace read_group_activity
read_group_issues read_group_boards read_group_labels read_group_milestones
read_group_merge_requests
]
end
let
(
:reporter_permissions
)
{
[
:admin_label
]
}
let
(
:developer_permissions
)
{
[
:admin_milestone
]
}
let
(
:maintainer_permissions
)
do
%i[
create_projects
read_cluster create_cluster update_cluster admin_cluster add_cluster
]
end
let
(
:owner_permissions
)
do
[
:admin_group
,
:admin_namespace
,
:admin_group_member
,
:change_visibility_level
,
:set_note_created_at
,
(
Gitlab
::
Database
.
postgresql?
?
:create_subgroup
:
nil
)
].
compact
end
before
do
group
.
add_guest
(
guest
)
group
.
add_reporter
(
reporter
)
group
.
add_developer
(
developer
)
group
.
add_maintainer
(
maintainer
)
group
.
add_owner
(
owner
)
end
subject
{
described_class
.
new
(
current_user
,
group
)
}
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Rémy Coutable <remy@rymai.me>Rémy Coutable <remy@rymai.me>