Merge branch 'rs-project-security-spec-speed' into 'master'

Speed up Project security access specs

Prior, every single test was creating four `ProjectMember` objects, each
of which created one `User` record, even though each test only used
_one_ of those Users, if any.

Now each test only creates the single user record it needs, if it needs
one. This shaves minutes off of each spec file changed here.

Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899

See merge request !7779

spec/support/matchers/access_matchers.rb

@@ -7,7 +7,7 @@ module AccessMatchers
   extend RSpec::Matchers::DSL
   include Warden::Test::Helpers
 
-  def emulate_user(user)
+  def emulate_user(user, project = nil)
     case user
     when :user
       login_as(create(:user))
@@ -18,6 +18,18 @@ module AccessMatchers
     when :external
       login_as(create(:user, external: true))
     when User
+      login_as(user)
+    when :owner
+      raise ArgumentError, "cannot emulate owner without project" unless project
+
+      login_as(project.owner)
+    when *Gitlab::Access.sym_options.keys
+      raise ArgumentError, "cannot emulate user #{user} without project" unless project
+
+      role = user
+      user = create(:user)
+      project.public_send(:"add_#{role}", user)
+
       login_as(user)
     else
       raise ArgumentError, "cannot emulate user #{user}"
@@ -26,8 +38,7 @@ module AccessMatchers
 
   def description_for(user, type)
     if user.kind_of?(User)
-      # User#inspect displays too much information for RSpec's description
-      # messages
+      # User#inspect displays too much information for RSpec's descriptions
       "be #{type} for the specified user"
     else
       "be #{type} for #{user}"
@@ -36,21 +47,31 @@ module AccessMatchers
 
   matcher :be_allowed_for do |user|
     match do |url|
-      emulate_user(user)
-      visit url
+      emulate_user(user, @project)
+      visit(url)
+
       status_code != 404 && current_path != new_user_session_path
     end
 
+    chain :of do |project|
+      @project = project
+    end
+
     description { description_for(user, 'allowed') }
   end
 
   matcher :be_denied_for do |user|
     match do |url|
-      emulate_user(user)
-      visit url
+      emulate_user(user, @project)
+      visit(url)
+
       status_code == 404 || current_path == new_user_session_path
     end
 
+    chain :of do |project|
+      @project = project
+    end
+
     description { description_for(user, 'denied') }
   end
 end