Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-20 13:00:54 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-20 13:00:54 +0300
commit: 3cccd102ba543e02725d247893729e5c73b38295 (patch)
tree: f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/policies
parent: 205943281328046ef7b4528031b90fbda70c75ac (diff)
4 files changed, 82 insertions, 39 deletions
diff --git a/spec/policies/alert_management/alert_policy_spec.rb b/spec/policies/alert_management/alert_policy_spec.rb
index 3e08d8b4ccc..2027c205c7b 100644
--- a/spec/policies/alert_management/alert_policy_spec.rb
+++ b/spec/policies/alert_management/alert_policy_spec.rb
@@ -3,9 +3,10 @@
 require 'spec_helper'
 
 RSpec.describe AlertManagement::AlertPolicy, :models do
-  let(:alert) { create(:alert_management_alert) }
-  let(:project) { alert.project }
-  let(:user) { create(:user) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project) { create(:project) }
+  let_it_be(:alert) { create(:alert_management_alert, project: project, issue: incident) }
+  let_it_be(:incident) { nil }
 
   subject(:policy) { described_class.new(user, alert) }
 
@@ -21,5 +22,50 @@ RSpec.describe AlertManagement::AlertPolicy, :models do
       it { is_expected.to be_allowed :read_alert_management_alert }
       it { is_expected.to be_allowed :update_alert_management_alert }
     end
+
+    shared_examples 'does not allow metric image reads' do
+      it { expect(policy).to be_disallowed(:read_alert_management_metric_image) }
+    end
+
+    shared_examples 'does not allow metric image updates' do
+      specify do
+        expect(policy).to be_disallowed(:upload_alert_management_metric_image)
+        expect(policy).to be_disallowed(:destroy_alert_management_metric_image)
+      end
+    end
+
+    shared_examples 'allows metric image reads' do
+      it { expect(policy).to be_allowed(:read_alert_management_metric_image) }
+    end
+
+    shared_examples 'allows metric image updates' do
+      specify do
+        expect(policy).to be_allowed(:upload_alert_management_metric_image)
+        expect(policy).to be_allowed(:destroy_alert_management_metric_image)
+      end
+    end
+
+    context 'when user is not a member' do
+      include_examples 'does not allow metric image reads'
+      include_examples 'does not allow metric image updates'
+    end
+
+    context 'when user is a guest' do
+      before do
+        project.add_guest(user)
+      end
+
+      include_examples 'does not allow metric image reads'
+      include_examples 'does not allow metric image updates'
+    end
+
+    context 'when user is a developer' do
+      before do
+        project.add_developer(user)
+      end
+
+      include_examples 'allows metric image reads'
+      include_examples 'allows metric image updates'
+    end
   end
 end
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb
index f6cd84f29ae..eeaa77a4589 100644
--- a/spec/policies/note_policy_spec.rb
+++ b/spec/policies/note_policy_spec.rb
@@ -359,39 +359,6 @@ RSpec.describe NotePolicy do
             expect(permissions(assignee, confidential_note)).to be_disallowed(:admin_note, :reposition_note, :resolve_note)
           end
         end
-
-        context 'for merge requests' do
-          let(:merge_request) { create(:merge_request, source_project: project, author: author, assignees: [assignee]) }
-          let(:confidential_note) { create(:note, :confidential, project: project, noteable: merge_request) }
-
-          it_behaves_like 'confidential notes permissions'
-
-          it 'allows noteable assignees to read all notes' do
-            expect(permissions(assignee, confidential_note)).to be_allowed(:read_note, :award_emoji)
-            expect(permissions(assignee, confidential_note)).to be_disallowed(:admin_note, :reposition_note, :resolve_note)
-          end
-        end
-
-        context 'for project snippets' do
-          let(:project_snippet) { create(:project_snippet, project: project, author: author) }
-          let(:confidential_note) { create(:note, :confidential, project: project, noteable: project_snippet) }
-
-          it_behaves_like 'confidential notes permissions'
-        end
-
-        context 'for personal snippets' do
-          let(:personal_snippet) { create(:personal_snippet, author: author) }
-          let(:confidential_note) { create(:note, :confidential, project: nil, noteable: personal_snippet) }
-
-          it 'allows snippet author to read and resolve all notes' do
-            expect(permissions(author, confidential_note)).to be_allowed(:read_note, :resolve_note, :award_emoji)
-            expect(permissions(author, confidential_note)).to be_disallowed(:admin_note, :reposition_note)
-          end
-
-          it 'does not allow maintainers to read confidential notes and replies' do
-            expect(permissions(maintainer, confidential_note)).to be_disallowed(:read_note, :admin_note, :reposition_note, :resolve_note, :award_emoji)
-          end
-        end
       end
     end
   end
diff --git a/spec/policies/project_member_policy_spec.rb b/spec/policies/project_member_policy_spec.rb
index 12b3e60fdb2..b19ab71fcb5 100644
--- a/spec/policies/project_member_policy_spec.rb
+++ b/spec/policies/project_member_policy_spec.rb
@@ -23,9 +23,9 @@ RSpec.describe ProjectMemberPolicy do
     it { is_expected.not_to be_allowed(:destroy_project_bot_member) }
   end
 
-  context 'when user is project owner' do
-    let(:member_user) { project.first_owner }
-    let(:member) { project.members.find_by!(user: member_user) }
+  context 'when user is the holder of personal namespace in which the project resides' do
+    let(:namespace_holder) { project.namespace.owner }
+    let(:member) { project.members.find_by!(user: namespace_holder) }
 
     it { is_expected.to be_allowed(:read_project) }
     it { is_expected.to be_disallowed(:update_project_member) }
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index fb1c5874335..bde83d647db 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -346,6 +346,36 @@ RSpec.describe ProjectPolicy do
     end
   end
 
+  context 'reading usage quotas' do
+    %w(maintainer owner).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_allowed(:read_usage_quotas) }
+      end
+    end
+
+    %w(guest reporter developer anonymous).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_disallowed(:read_usage_quotas) }
+      end
+    end
+
+    context 'with an admin' do
+      let(:current_user) { admin }
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it { expect_allowed(:read_usage_quotas) }
+      end
+
+      context 'when admin mode is disabled' do
+        it { expect_disallowed(:read_usage_quotas) }
+      end
+    end
+  end
+
   it_behaves_like 'clusterable policies' do
     let_it_be(:clusterable) { create(:project, :repository) }
     let_it_be(:cluster) do
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-20 13:00:54 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-20 13:00:54 +0300
commit	3cccd102ba543e02725d247893729e5c73b38295 (patch)
tree	f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/policies
parent	205943281328046ef7b4528031b90fbda70c75ac (diff)