Block access to API & git when terms are enforced

When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms.
author: Bob Van Landuyt <bob@vanlanduyt.co> 2018-05-08 16:07:55 +0300
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2018-05-10 18:02:27 +0300
commit: f7f13f9db0da92c7b43481dfe5559f317711e533 (patch)
tree: 59359aecb555f844de1a81a0aebbd70336fbb8c1 /spec/lib/gitlab/auth
parent: f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb b/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb
new file mode 100644
index 00000000000..fa209bed74e
--- /dev/null
+++ b/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb
@@ -0,0 +1,34 @@
+require 'spec_helper'
+
+describe Gitlab::Auth::UserAccessDeniedReason do
+  include TermsHelper
+  let(:user) { build(:user) }
+
+  let(:reason) { described_class.new(user) }
+
+  describe '#rejection_message' do
+    subject { reason.rejection_message }
+
+    context 'when a user is blocked' do
+      before do
+        user.block!
+      end
+
+      it { is_expected.to match /blocked/ }
+    end
+
+    context 'a user did not accept the enforced terms' do
+      before do
+        enforce_terms
+      end
+
+      it { is_expected.to match /You must accept the Terms of Service/ }
+    end
+
+    context 'when the user is internal' do
+      let(:user) { User.ghost }
+
+      it { is_expected.to match /This action cannot be performed by internal users/ }
+    end
+  end
+end
author	Bob Van Landuyt <bob@vanlanduyt.co>	2018-05-08 16:07:55 +0300
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2018-05-10 18:02:27 +0300
commit	f7f13f9db0da92c7b43481dfe5559f317711e533 (patch)
tree	59359aecb555f844de1a81a0aebbd70336fbb8c1 /spec/lib/gitlab/auth
parent	f667bbceaba7556d5fb2adadce4b7d170b914e8a (diff)