diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-30 14:02:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-30 14:02:35 +0300 |
commit | 434a0ce52d75e13d48eac9ce83774954c7c5d48d (patch) | |
tree | de3b7a7cf1ce8b07555f28df592297c76894c90f /spec/features/security | |
parent | 0a0d9493ca481c56b739a3df27c31262283150fe (diff) |
Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc2
Diffstat (limited to 'spec/features/security')
7 files changed, 170 insertions, 76 deletions
diff --git a/spec/features/security/admin_access_spec.rb b/spec/features/security/admin_access_spec.rb index 38f00f399f3..8070ae066e7 100644 --- a/spec/features/security/admin_access_spec.rb +++ b/spec/features/security/admin_access_spec.rb @@ -8,7 +8,14 @@ RSpec.describe "Admin::Projects" do describe "GET /admin/projects" do subject { admin_projects_path } - it { is_expected.to be_allowed_for :admin } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for :admin } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for :admin } + end + it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :visitor } end @@ -16,7 +23,14 @@ RSpec.describe "Admin::Projects" do describe "GET /admin/users" do subject { admin_users_path } - it { is_expected.to be_allowed_for :admin } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for :admin } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for :admin } + end + it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :visitor } end @@ -24,7 +38,14 @@ RSpec.describe "Admin::Projects" do describe "GET /admin/hooks" do subject { admin_hooks_path } - it { is_expected.to be_allowed_for :admin } + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed_for :admin } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_denied_for :admin } + end + it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :visitor } end diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index 051bd601c1d..cb9f9a6e680 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -102,7 +102,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/-/settings/ci_cd" do subject { project_settings_ci_cd_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -116,7 +117,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/-/settings/repository" do subject { project_settings_repository_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -146,7 +148,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/edit" do subject { edit_project_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -160,7 +163,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/deploy_keys" do subject { project_deploy_keys_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -190,7 +194,8 @@ RSpec.describe "Internal Project Access" do subject { edit_project_issue_path(project, issue) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -218,7 +223,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/snippets/new" do subject { new_project_snippet_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -246,7 +252,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/-/merge_requests/new" do subject { project_new_merge_request_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -302,7 +309,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/-/settings/integrations" do subject { project_settings_integrations_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -367,7 +375,8 @@ RSpec.describe "Internal Project Access" do project.update(public_builds: false) end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -406,7 +415,8 @@ RSpec.describe "Internal Project Access" do project.update(public_builds: false) end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -445,7 +455,8 @@ RSpec.describe "Internal Project Access" do project.update(public_builds: false) end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -460,7 +471,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/pipeline_schedules" do subject { project_pipeline_schedules_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -474,7 +486,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/-/environments" do subject { project_environments_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -490,7 +503,8 @@ RSpec.describe "Internal Project Access" do subject { project_environment_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -506,7 +520,8 @@ RSpec.describe "Internal Project Access" do subject { project_environment_deployments_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -520,7 +535,8 @@ RSpec.describe "Internal Project Access" do describe "GET /:project_path/-/environments/new" do subject { new_project_environment_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index e891e79db70..dda218c5de5 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -18,7 +18,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path" do subject { project_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -32,7 +33,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/tree/master" do subject { project_tree_path(project, project.repository.root_ref) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -46,7 +48,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/commits/master" do subject { project_commits_path(project, project.repository.root_ref, limit: 1) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -60,7 +63,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/commit/:sha" do subject { project_commit_path(project, project.repository.commit) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -74,7 +78,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/compare" do subject { project_compare_index_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -88,7 +93,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/project_members" do subject { project_project_members_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -102,7 +108,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/settings/ci_cd" do subject { project_settings_ci_cd_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -116,7 +123,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/settings/repository" do subject { project_settings_repository_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -132,7 +140,8 @@ RSpec.describe "Private Project Access" do subject { project_blob_path(project, File.join(commit.id, '.gitignore')) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -146,7 +155,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/edit" do subject { edit_project_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -160,7 +170,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/deploy_keys" do subject { project_deploy_keys_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -174,7 +185,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/issues" do subject { project_issues_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -190,7 +202,8 @@ RSpec.describe "Private Project Access" do subject { edit_project_issue_path(project, issue) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -204,7 +217,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/snippets" do subject { project_snippets_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -218,7 +232,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/merge_requests" do subject { project_merge_requests_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -239,7 +254,8 @@ RSpec.describe "Private Project Access" do end end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -260,7 +276,8 @@ RSpec.describe "Private Project Access" do end end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -274,7 +291,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/settings/integrations" do subject { project_settings_integrations_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -288,7 +306,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/pipelines" do subject { project_pipelines_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -316,7 +335,8 @@ RSpec.describe "Private Project Access" do subject { project_pipeline_path(project, pipeline) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -342,7 +362,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/builds" do subject { project_jobs_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -371,7 +392,8 @@ RSpec.describe "Private Project Access" do subject { project_job_path(project, build.id) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -405,7 +427,8 @@ RSpec.describe "Private Project Access" do subject { trace_project_job_path(project, build.id) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -435,7 +458,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/environments" do subject { project_environments_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -451,7 +475,8 @@ RSpec.describe "Private Project Access" do subject { project_environment_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -467,7 +492,8 @@ RSpec.describe "Private Project Access" do subject { project_environment_deployments_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -481,7 +507,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/environments/new" do subject { new_project_environment_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -495,7 +522,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/pipeline_schedules" do subject { project_pipeline_schedules_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -509,7 +537,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/pipeline_schedules/new" do subject { new_project_pipeline_schedule_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -523,7 +552,8 @@ RSpec.describe "Private Project Access" do describe "GET /:project_path/-/environments/new" do subject { new_project_pipeline_schedule_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -545,7 +575,8 @@ RSpec.describe "Private Project Access" do subject { project_container_registry_index_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index 75993959f6e..f2dbab72a48 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -102,7 +102,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/-/settings/ci_cd" do subject { project_settings_ci_cd_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -116,7 +117,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/-/settings/repository" do subject { project_settings_repository_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -181,7 +183,8 @@ RSpec.describe "Public Project Access" do project.update(public_builds: false) end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -220,7 +223,8 @@ RSpec.describe "Public Project Access" do project.update(public_builds: false) end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -259,7 +263,8 @@ RSpec.describe "Public Project Access" do project.update(public_builds: false) end - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -274,7 +279,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/pipeline_schedules" do subject { project_pipeline_schedules_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -288,7 +294,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/-/environments" do subject { project_environments_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -304,7 +311,8 @@ RSpec.describe "Public Project Access" do subject { project_environment_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -320,7 +328,8 @@ RSpec.describe "Public Project Access" do subject { project_environment_deployments_path(project, environment) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is disabled') { is_expected.to be_allowed_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -334,7 +343,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/-/environments/new" do subject { new_project_environment_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -363,7 +373,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/edit" do subject { edit_project_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -377,7 +388,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/deploy_keys" do subject { project_deploy_keys_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } @@ -407,7 +419,8 @@ RSpec.describe "Public Project Access" do subject { edit_project_issue_path(project, issue) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -435,7 +448,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/snippets/new" do subject { new_project_snippet_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -463,7 +477,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/-/merge_requests/new" do subject { project_new_merge_request_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -519,7 +534,8 @@ RSpec.describe "Public Project Access" do describe "GET /:project_path/-/settings/integrations" do subject { project_settings_integrations_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_denied_for(:developer).of(project) } diff --git a/spec/features/security/project/snippet/internal_access_spec.rb b/spec/features/security/project/snippet/internal_access_spec.rb index 0667a2fd48a..12237863188 100644 --- a/spec/features/security/project/snippet/internal_access_spec.rb +++ b/spec/features/security/project/snippet/internal_access_spec.rb @@ -26,7 +26,8 @@ RSpec.describe "Internal Project Snippets Access" do describe "GET /:project_path/snippets/new" do subject { new_project_snippet_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -55,7 +56,8 @@ RSpec.describe "Internal Project Snippets Access" do context "for a private snippet" do subject { project_snippet_path(project, private_snippet) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -85,7 +87,8 @@ RSpec.describe "Internal Project Snippets Access" do context "for a private snippet" do subject { raw_project_snippet_path(project, private_snippet) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } diff --git a/spec/features/security/project/snippet/private_access_spec.rb b/spec/features/security/project/snippet/private_access_spec.rb index 0c97b012ad1..0f7ae06a6c5 100644 --- a/spec/features/security/project/snippet/private_access_spec.rb +++ b/spec/features/security/project/snippet/private_access_spec.rb @@ -12,7 +12,8 @@ RSpec.describe "Private Project Snippets Access" do describe "GET /:project_path/snippets" do subject { project_snippets_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -26,7 +27,8 @@ RSpec.describe "Private Project Snippets Access" do describe "GET /:project_path/snippets/new" do subject { new_project_snippet_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -40,7 +42,8 @@ RSpec.describe "Private Project Snippets Access" do describe "GET /:project_path/snippets/:id for a private snippet" do subject { project_snippet_path(project, private_snippet) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -54,7 +57,8 @@ RSpec.describe "Private Project Snippets Access" do describe "GET /:project_path/snippets/:id/raw for a private snippet" do subject { raw_project_snippet_path(project, private_snippet) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } diff --git a/spec/features/security/project/snippet/public_access_spec.rb b/spec/features/security/project/snippet/public_access_spec.rb index 20a271f9c0e..2ae08205602 100644 --- a/spec/features/security/project/snippet/public_access_spec.rb +++ b/spec/features/security/project/snippet/public_access_spec.rb @@ -27,7 +27,8 @@ RSpec.describe "Public Project Snippets Access" do describe "GET /:project_path/snippets/new" do subject { new_project_snippet_path(project) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -70,7 +71,8 @@ RSpec.describe "Public Project Snippets Access" do context "for a private snippet" do subject { project_snippet_path(project, private_snippet) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } @@ -114,7 +116,8 @@ RSpec.describe "Public Project Snippets Access" do context "for a private snippet" do subject { raw_project_snippet_path(project, private_snippet) } - it { is_expected.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) } it { is_expected.to be_allowed_for(:owner).of(project) } it { is_expected.to be_allowed_for(:maintainer).of(project) } it { is_expected.to be_allowed_for(:developer).of(project) } |