Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-12 09:11:31 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-12 09:11:31 +0300
commit: acc3d48da4fa0dcd2f2c8500c7cb7cc5c957300f (patch)
tree: d3e22e382039cc800ac1840b51f5d79333566950 /spec/policies
parent: 129d7ea3db19359600b5e03f0070b8be831b3fee (diff)
2 files changed, 106 insertions, 1 deletions
diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb
index d546805ce01..3efa96cffe9 100644
--- a/spec/policies/personal_snippet_policy_spec.rb
+++ b/spec/policies/personal_snippet_policy_spec.rb
@@ -170,4 +170,55 @@ RSpec.describe PersonalSnippetPolicy do
 
     it_behaves_like 'admin access with admin mode'
   end
+
+  context 'when the author of the snippet is banned', feature_category: :insider_threat do
+    let(:banned_user) { build(:user, :banned) }
+    let(:snippet) { build(:personal_snippet, :public, author: banned_user) }
+
+    context 'no user' do
+      subject { permissions(nil) }
+
+      it do
+        is_expected.to be_disallowed(:read_snippet)
+        is_expected.to be_disallowed(:create_note)
+        is_expected.to be_disallowed(:award_emoji)
+        is_expected.to be_disallowed(*author_permissions)
+      end
+    end
+
+    context 'regular user' do
+      subject { permissions(regular_user) }
+
+      it do
+        is_expected.to be_disallowed(:read_snippet)
+        is_expected.to be_disallowed(:read_note)
+        is_expected.to be_disallowed(:create_note)
+        is_expected.to be_disallowed(*author_permissions)
+      end
+    end
+
+    context 'external user' do
+      subject { permissions(external_user) }
+
+      it do
+        is_expected.to be_disallowed(:read_snippet)
+        is_expected.to be_disallowed(:read_note)
+        is_expected.to be_disallowed(:create_note)
+        is_expected.to be_disallowed(*author_permissions)
+      end
+    end
+
+    context 'snippet author' do
+      subject { permissions(snippet.author) }
+
+      it do
+        is_expected.to be_disallowed(:read_snippet)
+        is_expected.to be_disallowed(:read_note)
+        is_expected.to be_disallowed(:create_note)
+        is_expected.to be_disallowed(*author_permissions)
+      end
+    end
+
+    it_behaves_like 'admin access with admin mode'
+  end
 end
diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb
index c6d8ef05cfd..b02fc53db21 100644
--- a/spec/policies/project_snippet_policy_spec.rb
+++ b/spec/policies/project_snippet_policy_spec.rb
@@ -7,6 +7,7 @@ RSpec.describe ProjectSnippetPolicy do
   let_it_be(:group) { create(:group, :public) }
   let_it_be(:regular_user) { create(:user) }
   let_it_be(:external_user) { create(:user, :external) }
+  let_it_be(:admin_user) { create(:user, :admin) }
   let_it_be(:author) { create(:user) }
   let_it_be(:author_permissions) do
     [
@@ -296,7 +297,7 @@ RSpec.describe ProjectSnippetPolicy do
 
       context 'admin user' do
         let(:snippet_visibility) { :private }
-        let(:current_user) { create(:admin) }
+        let(:current_user) { admin_user }
 
         context 'when admin mode is enabled', :enable_admin_mode do
           it do
@@ -327,4 +328,57 @@ RSpec.describe ProjectSnippetPolicy do
       it_behaves_like 'regular user member permissions'
     end
   end
+
+  context 'when the author of the snippet is banned', feature_category: :insider_threat do
+    let(:banned_user) { build(:user, :banned) }
+    let(:project) { build(:project, :public, group: group) }
+    let(:snippet) { build(:project_snippet, :public, project: project, author: banned_user) }
+
+    context 'no user' do
+      let(:current_user) { nil }
+
+      it do
+        expect_disallowed(:read_snippet)
+        expect_disallowed(:read_note)
+        expect_disallowed(:create_note)
+        expect_disallowed(*author_permissions)
+      end
+    end
+
+    context 'regular user' do
+      let(:current_user) { regular_user }
+      let(:membership_target) { project }
+
+      it do
+        expect_disallowed(:read_snippet)
+        expect_disallowed(:read_note)
+        expect_disallowed(:create_note)
+        expect_disallowed(*author_permissions)
+      end
+    end
+
+    context 'external user' do
+      let(:current_user) { external_user }
+      let(:membership_target) { project }
+
+      it do
+        expect_disallowed(:read_snippet)
+        expect_disallowed(:read_note)
+        expect_disallowed(:create_note)
+        expect_disallowed(*author_permissions)
+      end
+    end
+
+    context 'admin user', :enable_admin_mode do
+      let(:current_user) { admin_user }
+      let(:membership_target) { project }
+
+      it do
+        expect_allowed(:read_snippet)
+        expect_allowed(:read_note)
+        expect_allowed(:create_note)
+        expect_allowed(*author_permissions)
+      end
+    end
+  end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-12 09:11:31 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-12 09:11:31 +0300
commit	acc3d48da4fa0dcd2f2c8500c7cb7cc5c957300f (patch)
tree	d3e22e382039cc800ac1840b51f5d79333566950 /spec/policies
parent	129d7ea3db19359600b5e03f0070b8be831b3fee (diff)