diff options
author | Robert Speicher <rspeicher@gmail.com> | 2021-01-20 22:34:23 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2021-01-20 22:34:23 +0300 |
commit | 6438df3a1e0fb944485cebf07976160184697d72 (patch) | |
tree | 00b09bfd170e77ae9391b1a2f5a93ef6839f2597 /spec/policies/group_member_policy_spec.rb | |
parent | 42bcd54d971da7ef2854b896a7b34f4ef8601067 (diff) |
Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42
Diffstat (limited to 'spec/policies/group_member_policy_spec.rb')
-rw-r--r-- | spec/policies/group_member_policy_spec.rb | 65 |
1 files changed, 53 insertions, 12 deletions
diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb index 9e58ea81ef3..6099e4549b1 100644 --- a/spec/policies/group_member_policy_spec.rb +++ b/spec/policies/group_member_policy_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' RSpec.describe GroupMemberPolicy do + include DesignManagementTestHelpers + let(:guest) { create(:user) } let(:owner) { create(:user) } let(:group) { create(:group, :private) } @@ -28,22 +30,64 @@ RSpec.describe GroupMemberPolicy do permissions.each { |p| is_expected.not_to be_allowed(p) } end - context 'with guest user' do - let(:current_user) { guest } + context 'with anonymous user' do + let(:group) { create(:group, :public) } + let(:current_user) { nil } + let(:membership) { guest.members.first } it do - expect_disallowed(:member_related_permissions) + expect_disallowed(:read_design_activity, *member_related_permissions) + expect_allowed(:read_group) + end + + context 'design management is enabled' do + before do + create(:project, :public, group: group) # Necessary to enable design management + enable_design_management + end + + specify do + expect_allowed(:read_design_activity) + end + end + + context 'for a private group' do + let(:group) { create(:group, :private) } + + specify do + expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) + end + end + + context 'for an internal group' do + let(:group) { create(:group, :internal) } + + specify do + expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) + end end end + context 'with guest user, for own membership' do + let(:current_user) { guest } + + specify { expect_disallowed(:update_group_member) } + specify { expect_allowed(:read_group, :destroy_group_member) } + end + + context 'with guest user, for other membership' do + let(:current_user) { guest } + let(:membership) { owner.members.first } + + specify { expect_disallowed(:destroy_group_member, :update_group_member) } + specify { expect_allowed(:read_group) } + end + context 'with one owner' do let(:current_user) { owner } - it do - expect_disallowed(:destroy_group_member) - expect_disallowed(:update_group_member) - expect_allowed(:read_group) - end + specify { expect_disallowed(*member_related_permissions) } + specify { expect_allowed(:read_group) } end context 'with more than one owner' do @@ -53,10 +97,7 @@ RSpec.describe GroupMemberPolicy do group.add_owner(create(:user)) end - it do - expect_allowed(:destroy_group_member) - expect_allowed(:update_group_member) - end + specify { expect_allowed(*member_related_permissions) } end context 'with the group parent' do |