diff options
author | Z.J. van de Weg <zegerjan@gitlab.com> | 2016-10-13 10:38:03 +0300 |
---|---|---|
committer | Z.J. van de Weg <git@zjvandeweg.nl> | 2016-12-04 17:48:50 +0300 |
commit | 617f43c74b967a085f6cd7afb1408cfa28187b52 (patch) | |
tree | de6e860add1690c240806c5de4289bf2a633d3f7 /spec/policies/project_policy_spec.rb | |
parent | bd67459131e22273b502eb27d97709827ff42262 (diff) |
Guests can read builds if those are public
Fixes #18448
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r-- | spec/policies/project_policy_spec.rb | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index b49e4f3a8bc..34a0937d9bc 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -111,13 +111,35 @@ describe ProjectPolicy, models: true do context 'guests' do let(:current_user) { guest } - it do - is_expected.to include(*guest_permissions) - is_expected.not_to include(*reporter_permissions) - is_expected.not_to include(*team_member_reporter_permissions) - is_expected.not_to include(*developer_permissions) - is_expected.not_to include(*master_permissions) - is_expected.not_to include(*owner_permissions) + context 'public builds enabled' do + let(:reporter_public_build_permissions) do + reporter_permissions - [:read_build, :read_pipeline] + end + + it do + is_expected.to include(*guest_permissions) + is_expected.not_to include(*reporter_public_build_permissions) + is_expected.not_to include(*team_member_reporter_permissions) + is_expected.not_to include(*developer_permissions) + is_expected.not_to include(*master_permissions) + is_expected.not_to include(*owner_permissions) + end + end + + context 'public builds disabled' do + before do + project.public_builds = false + project.save + end + + it do + is_expected.to include(*guest_permissions) + is_expected.not_to include(*reporter_permissions) + is_expected.not_to include(*team_member_reporter_permissions) + is_expected.not_to include(*developer_permissions) + is_expected.not_to include(*master_permissions) + is_expected.not_to include(*owner_permissions) + end end end |