Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
96fc1d90
Commit
96fc1d90
authored
Mar 09, 2016
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add security specs
parent
c3e70280
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
330 additions
and
41 deletions
+330
-41
app/models/ability.rb
app/models/ability.rb
+1
-1
spec/features/security/group/internal_access_spec.rb
spec/features/security/group/internal_access_spec.rb
+104
-0
spec/features/security/group/private_access_spec.rb
spec/features/security/group/private_access_spec.rb
+104
-0
spec/features/security/group/public_access_spec.rb
spec/features/security/group/public_access_spec.rb
+104
-0
spec/features/security/group_access_spec.rb
spec/features/security/group_access_spec.rb
+0
-40
spec/support/group_access_helper.rb
spec/support/group_access_helper.rb
+17
-0
No files found.
app/models/ability.rb
View file @
96fc1d90
...
...
@@ -296,7 +296,7 @@ class Ability
def
can_read_group?
(
user
,
group
)
is_project_member
=
ProjectsFinder
.
new
.
execute
(
user
,
group:
group
).
any?
user
.
admin?
||
group
.
public?
||
group
.
internal?
||
group
.
users
.
include?
(
user
)
user
.
admin?
||
group
.
public?
||
group
.
internal?
||
is_project_member
||
group
.
users
.
include?
(
user
)
end
def
namespace_abilities
(
user
,
namespace
)
...
...
spec/features/security/group/internal_access_spec.rb
0 → 100644
View file @
96fc1d90
require
'rails_helper'
describe
'Internal group access'
,
feature:
true
do
include
AccessMatchers
include
GroupAccessHelper
describe
'GET /groups/:path'
do
subject
{
group_path
(
group
(
Gitlab
::
VisibilityLevel
::
INTERNAL
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/issues'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
INTERNAL
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/merge_requests'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
INTERNAL
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/group_members'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
INTERNAL
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/edit'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
INTERNAL
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
end
spec/features/security/group/private_access_spec.rb
0 → 100644
View file @
96fc1d90
require
'rails_helper'
describe
'Private group access'
,
feature:
true
do
include
AccessMatchers
include
GroupAccessHelper
describe
'GET /groups/:path'
do
subject
{
group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PRIVATE
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to_not
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/issues'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PRIVATE
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to_not
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/merge_requests'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PRIVATE
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to_not
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/group_members'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PRIVATE
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to_not
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/edit'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PRIVATE
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to_not
be_allowed_for
:user
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to_not
be_allowed_for
:visitor
}
end
end
end
spec/features/security/group/public_access_spec.rb
0 → 100644
View file @
96fc1d90
require
'rails_helper'
describe
'Public group access'
,
feature:
true
do
include
AccessMatchers
include
GroupAccessHelper
describe
'GET /groups/:path'
do
subject
{
group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PUBLIC
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/issues'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PUBLIC
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/merge_requests'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PUBLIC
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/group_members'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PUBLIC
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
end
describe
'GET /groups/:path/edit'
do
subject
{
issues_group_path
(
group
(
Gitlab
::
VisibilityLevel
::
PUBLIC
))
}
context
"when user not in group project"
do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:owner
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:master
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
"when user in group project"
do
it
{
is_expected
.
to
be_allowed_for
project_group_member
(
:user
)
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
end
end
spec/features/security/group_access_spec.rb
View file @
96fc1d90
...
...
@@ -43,8 +43,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with mixed projects'
do
...
...
@@ -55,8 +53,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with internal projects'
do
...
...
@@ -67,8 +63,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with no projects'
do
...
...
@@ -77,8 +71,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
end
...
...
@@ -93,8 +85,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with mixed projects'
do
...
...
@@ -105,8 +95,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with internal projects'
do
...
...
@@ -117,8 +105,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
context
'with no projects'
do
...
...
@@ -127,8 +113,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
...
...
@@ -143,8 +127,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with mixed projects'
do
...
...
@@ -155,8 +137,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with internal projects'
do
...
...
@@ -167,8 +147,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
context
'with no projects'
do
...
...
@@ -177,8 +155,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
...
...
@@ -193,8 +169,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with mixed projects'
do
...
...
@@ -205,8 +179,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_allowed_for
:visitor
}
end
context
'with internal projects'
do
...
...
@@ -217,8 +189,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_allowed_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
context
'with no projects'
do
...
...
@@ -227,8 +197,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_allowed_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_allowed_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
...
...
@@ -243,8 +211,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_denied_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_denied_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
context
'with mixed projects'
do
...
...
@@ -255,8 +221,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_denied_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_denied_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
context
'with internal projects'
do
...
...
@@ -267,8 +231,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_denied_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_denied_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
context
'with no projects'
do
...
...
@@ -277,8 +239,6 @@ describe 'Group access', feature: true do
it
{
is_expected
.
to
be_denied_for
group_member
(
:reporter
)
}
it
{
is_expected
.
to
be_denied_for
group_member
(
:guest
)
}
it
{
is_expected
.
to
be_allowed_for
:admin
}
it
{
is_expected
.
to
be_denied_for
:user
}
it
{
is_expected
.
to
be_denied_for
:visitor
}
end
end
end
spec/support/group_access_helper.rb
0 → 100644
View file @
96fc1d90
module
GroupAccessHelper
def
group
(
visibility_level
=
0
)
@group
||=
create
(
:group
,
visibility_level:
visibility_level
)
end
def
project_group_member
(
access_level
)
project
=
create
(
:project
,
visibility_level:
group
.
visibility_level
,
group:
group
,
name:
'B'
,
path:
'B'
)
create
(
:user
).
tap
{
|
user
|
project
.
team
.
add_user
(
user
,
Gitlab
::
Access
::
DEVELOPER
)
}
end
def
group_member
(
access_level
,
grp
=
group
())
level
=
Object
.
const_get
(
"Gitlab::Access::
#{
access_level
.
upcase
}
"
)
create
(
:user
).
tap
{
|
user
|
grp
.
add_user
(
user
,
level
)
}
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment