diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-09 12:09:19 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-09 12:09:19 +0300 |
commit | e7462f7b49a60b2ee7be14682c23190f7f7c5ba7 (patch) | |
tree | 3437f7c7c7931ff2e017de00e69dea10f3d00b57 /qa | |
parent | 43d38aaae05e2ac7e84c035c50844e084c3e54d3 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'qa')
-rw-r--r-- | qa/qa/specs/features/api/1_manage/user_access_termination_spec.rb | 84 | ||||
-rw-r--r-- | qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb | 65 |
2 files changed, 149 insertions, 0 deletions
diff --git a/qa/qa/specs/features/api/1_manage/user_access_termination_spec.rb b/qa/qa/specs/features/api/1_manage/user_access_termination_spec.rb new file mode 100644 index 00000000000..b7f71ad5bcd --- /dev/null +++ b/qa/qa/specs/features/api/1_manage/user_access_termination_spec.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: true + +module QA + RSpec.describe 'Manage' do + describe 'User', :requires_admin do + before(:all) do + admin_api_client = Runtime::API::Client.as_admin + + @user = Resource::User.fabricate_via_api! do |user| + user.api_client = admin_api_client + end + + @user_api_client = Runtime::API::Client.new(:gitlab, user: @user) + + @group = Resource::Group.fabricate_via_api! + + @group.sandbox.add_member(@user) + + @project = Resource::Project.fabricate_via_api! do |project| + project.group = @group + project.name = "project-for-user-group-access-termination" + project.initialize_with_readme = true + end + end + + context 'after parent group membership termination' do + before do + @group.sandbox.remove_member(@user) + end + + it 'is not allowed to push code via the CLI', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1660' do + expect do + Resource::Repository::Push.fabricate! do |push| + push.repository_http_uri = @project.repository_http_location.uri + push.file_name = 'test.txt' + push.file_content = "# This is a test project named #{@project.name}" + push.commit_message = 'Add test.txt' + push.branch_name = 'new_branch' + push.user = @user + end + end.to raise_error(QA::Support::Run::CommandError, /You are not allowed to push code to this project/) + end + + it 'is not allowed to create a file via the API', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1661' do + expect do + Resource::File.fabricate_via_api! do |file| + file.api_client = @user_api_client + file.project = @project + file.branch = 'new_branch' + file.commit_message = 'Add new file' + file.name = 'test.txt' + file.content = "New file" + end + end.to raise_error(Resource::ApiFabricator::ResourceFabricationFailedError, /403 Forbidden/) + end + + it 'is not allowed to commit via the API', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1662' do + expect do + Resource::Repository::Commit.fabricate_via_api! do |commit| + commit.api_client = @user_api_client + commit.project = @project + commit.branch = 'new_branch' + commit.start_branch = @project.default_branch + commit.commit_message = 'Add new file' + commit.add_files([ + { file_path: 'test.txt', content: 'new file' } + ]) + end + end.to raise_error(Resource::ApiFabricator::ResourceFabricationFailedError, /403 Forbidden - You are not allowed to push into this branch/) + end + end + + after(:all) do + @user.remove_via_api! + @project.remove_via_api! + begin + @group.remove_via_api! + rescue Resource::ApiFabricator::ResourceNotDeletedError + # It is ok if the group is already marked for deletion by another test + end + end + end + end +end diff --git a/qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb new file mode 100644 index 00000000000..7ec217cb47d --- /dev/null +++ b/qa/qa/specs/features/browser_ui/1_manage/user/user_access_termination_spec.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +module QA + RSpec.describe 'Manage' do + describe 'User', :requires_admin do + let(:admin_api_client) { Runtime::API::Client.as_admin } + + let!(:user) do + Resource::User.fabricate_via_api! do |user| + user.api_client = admin_api_client + end + end + + let!(:group) do + group = Resource::Group.fabricate_via_api! + group.sandbox.add_member(user) + group + end + + let!(:project) do + Resource::Project.fabricate_via_api! do |project| + project.group = group + project.name = "project-for-user-access-termination" + project.initialize_with_readme = true + end + end + + context 'after parent group membership termination' do + before do + Flow::Login.while_signed_in_as_admin do + group.sandbox.visit! + + Page::Group::Menu.perform(&:click_group_members_item) + Page::Group::Members.perform do |members_page| + members_page.remove_member(user.username) + end + end + end + + it 'is not allowed to edit the project files', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/1663' do + Flow::Login.sign_in(as: user) + project.visit! + + Page::Project::Show.perform do |project| + project.click_file('README.md') + end + + Page::File::Show.perform(&:click_edit) + + expect(page).to have_text("You're not allowed to edit files in this project directly.") + end + + after do + user.remove_via_api! + project.remove_via_api! + begin + group.remove_via_api! + rescue Resource::ApiFabricator::ResourceNotDeletedError + # It is ok if the group is already marked for deletion by another test + end + end + end + end + end +end |