diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-10-15 03:42:02 +0300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-11-08 13:14:06 +0300 |
commit | dcf0caaa0656b421b5a80e45c4a3e14785cb269a (patch) | |
tree | b7c07925bfcef146a8e1169dbcc0db837b1e3c13 /spec/policies/clusters | |
parent | df8f663689aba29424406ebf2a9e786fb6dcdd14 (diff) |
Add policy for clusters on group level
- maintainer for group can read, create, update, and admin cluster
- project user, at any level, cannot do anything with group cluster
Diffstat (limited to 'spec/policies/clusters')
-rw-r--r-- | spec/policies/clusters/cluster_policy_spec.rb | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/spec/policies/clusters/cluster_policy_spec.rb b/spec/policies/clusters/cluster_policy_spec.rb index ced969830d8..b2f0ca1bc30 100644 --- a/spec/policies/clusters/cluster_policy_spec.rb +++ b/spec/policies/clusters/cluster_policy_spec.rb @@ -24,5 +24,47 @@ describe Clusters::ClusterPolicy, :models do it { expect(policy).to be_allowed :update_cluster } it { expect(policy).to be_allowed :admin_cluster } end + + context 'group cluster' do + let(:cluster) { create(:cluster, :group) } + let(:group) { cluster.group } + let(:project) { create(:project, namespace: group) } + + context 'when group developer' do + before do + group.add_developer(user) + end + + it { expect(policy).to be_disallowed :update_cluster } + it { expect(policy).to be_disallowed :admin_cluster } + end + + context 'when group maintainer' do + before do + group.add_maintainer(user) + end + + it { expect(policy).to be_allowed :update_cluster } + it { expect(policy).to be_allowed :admin_cluster } + end + + context 'when project maintainer' do + before do + project.add_maintainer(user) + end + + it { expect(policy).to be_disallowed :update_cluster } + it { expect(policy).to be_disallowed :admin_cluster } + end + + context 'when project developer' do + before do + project.add_developer(user) + end + + it { expect(policy).to be_disallowed :update_cluster } + it { expect(policy).to be_disallowed :admin_cluster } + end + end end end |