diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-17 13:07:47 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-17 13:07:47 +0300 |
commit | d670c3006e6e44901bce0d53cc4768d1d80ffa92 (patch) | |
tree | 8f65743c232e5b76850c4cc264ba15e1185815ff /spec/policies | |
parent | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (diff) |
Add latest changes from gitlab-org/gitlab@14-0-stable-ee
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/base_policy_spec.rb | 30 | ||||
-rw-r--r-- | spec/policies/global_policy_spec.rb | 24 |
2 files changed, 46 insertions, 8 deletions
diff --git a/spec/policies/base_policy_spec.rb b/spec/policies/base_policy_spec.rb index 44ff909872d..ec20616d357 100644 --- a/spec/policies/base_policy_spec.rb +++ b/spec/policies/base_policy_spec.rb @@ -22,31 +22,45 @@ RSpec.describe BasePolicy do end end - shared_examples 'admin only access' do |policy| + shared_examples 'admin only access' do |ability| + def policy + # method, because we want a fresh cache each time. + described_class.new(current_user, nil) + end + let(:current_user) { build_stubbed(:user) } - subject { described_class.new(current_user, nil) } + subject { policy } - it { is_expected.not_to be_allowed(policy) } + it { is_expected.not_to be_allowed(ability) } - context 'for admins' do + context 'with an admin' do let(:current_user) { build_stubbed(:admin) } it 'allowed when in admin mode' do enable_admin_mode!(current_user) - is_expected.to be_allowed(policy) + is_expected.to be_allowed(ability) end it 'prevented when not in admin mode' do - is_expected.not_to be_allowed(policy) + is_expected.not_to be_allowed(ability) end end - context 'for anonymous' do + context 'with anonymous' do let(:current_user) { nil } - it { is_expected.not_to be_allowed(policy) } + it { is_expected.not_to be_allowed(ability) } + end + + describe 'bypassing the session for sessionless login', :request_store do + let(:current_user) { build_stubbed(:admin) } + + it 'changes from prevented to allowed' do + expect { Gitlab::Auth::CurrentUserMode.bypass_session!(current_user.id) } + .to change { policy.allowed?(ability) }.from(false).to(true) + end end end diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index 9e995366c17..e88619b9527 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -245,6 +245,14 @@ RSpec.describe GlobalPolicy do end it { is_expected.not_to be_allowed(:access_api) } + + context 'when user is using ldap' do + before do + allow(current_user).to receive(:ldap_user?).and_return(true) + end + + it { is_expected.to be_allowed(:access_api) } + end end context 'when terms are enforced' do @@ -433,6 +441,14 @@ RSpec.describe GlobalPolicy do end it { is_expected.not_to be_allowed(:access_git) } + + context 'when user is using ldap' do + before do + allow(current_user).to receive(:ldap_user?).and_return(true) + end + + it { is_expected.to be_allowed(:access_git) } + end end end @@ -517,6 +533,14 @@ RSpec.describe GlobalPolicy do end it { is_expected.not_to be_allowed(:use_slash_commands) } + + context 'when user is using ldap' do + before do + allow(current_user).to receive(:ldap_user?).and_return(true) + end + + it { is_expected.to be_allowed(:use_slash_commands) } + end end end |