diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-12 09:11:31 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-12 09:11:31 +0300 |
commit | acc3d48da4fa0dcd2f2c8500c7cb7cc5c957300f (patch) | |
tree | d3e22e382039cc800ac1840b51f5d79333566950 /spec/policies | |
parent | 129d7ea3db19359600b5e03f0070b8be831b3fee (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/personal_snippet_policy_spec.rb | 51 | ||||
-rw-r--r-- | spec/policies/project_snippet_policy_spec.rb | 56 |
2 files changed, 106 insertions, 1 deletions
diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb index d546805ce01..3efa96cffe9 100644 --- a/spec/policies/personal_snippet_policy_spec.rb +++ b/spec/policies/personal_snippet_policy_spec.rb @@ -170,4 +170,55 @@ RSpec.describe PersonalSnippetPolicy do it_behaves_like 'admin access with admin mode' end + + context 'when the author of the snippet is banned', feature_category: :insider_threat do + let(:banned_user) { build(:user, :banned) } + let(:snippet) { build(:personal_snippet, :public, author: banned_user) } + + context 'no user' do + subject { permissions(nil) } + + it do + is_expected.to be_disallowed(:read_snippet) + is_expected.to be_disallowed(:create_note) + is_expected.to be_disallowed(:award_emoji) + is_expected.to be_disallowed(*author_permissions) + end + end + + context 'regular user' do + subject { permissions(regular_user) } + + it do + is_expected.to be_disallowed(:read_snippet) + is_expected.to be_disallowed(:read_note) + is_expected.to be_disallowed(:create_note) + is_expected.to be_disallowed(*author_permissions) + end + end + + context 'external user' do + subject { permissions(external_user) } + + it do + is_expected.to be_disallowed(:read_snippet) + is_expected.to be_disallowed(:read_note) + is_expected.to be_disallowed(:create_note) + is_expected.to be_disallowed(*author_permissions) + end + end + + context 'snippet author' do + subject { permissions(snippet.author) } + + it do + is_expected.to be_disallowed(:read_snippet) + is_expected.to be_disallowed(:read_note) + is_expected.to be_disallowed(:create_note) + is_expected.to be_disallowed(*author_permissions) + end + end + + it_behaves_like 'admin access with admin mode' + end end diff --git a/spec/policies/project_snippet_policy_spec.rb b/spec/policies/project_snippet_policy_spec.rb index c6d8ef05cfd..b02fc53db21 100644 --- a/spec/policies/project_snippet_policy_spec.rb +++ b/spec/policies/project_snippet_policy_spec.rb @@ -7,6 +7,7 @@ RSpec.describe ProjectSnippetPolicy do let_it_be(:group) { create(:group, :public) } let_it_be(:regular_user) { create(:user) } let_it_be(:external_user) { create(:user, :external) } + let_it_be(:admin_user) { create(:user, :admin) } let_it_be(:author) { create(:user) } let_it_be(:author_permissions) do [ @@ -296,7 +297,7 @@ RSpec.describe ProjectSnippetPolicy do context 'admin user' do let(:snippet_visibility) { :private } - let(:current_user) { create(:admin) } + let(:current_user) { admin_user } context 'when admin mode is enabled', :enable_admin_mode do it do @@ -327,4 +328,57 @@ RSpec.describe ProjectSnippetPolicy do it_behaves_like 'regular user member permissions' end end + + context 'when the author of the snippet is banned', feature_category: :insider_threat do + let(:banned_user) { build(:user, :banned) } + let(:project) { build(:project, :public, group: group) } + let(:snippet) { build(:project_snippet, :public, project: project, author: banned_user) } + + context 'no user' do + let(:current_user) { nil } + + it do + expect_disallowed(:read_snippet) + expect_disallowed(:read_note) + expect_disallowed(:create_note) + expect_disallowed(*author_permissions) + end + end + + context 'regular user' do + let(:current_user) { regular_user } + let(:membership_target) { project } + + it do + expect_disallowed(:read_snippet) + expect_disallowed(:read_note) + expect_disallowed(:create_note) + expect_disallowed(*author_permissions) + end + end + + context 'external user' do + let(:current_user) { external_user } + let(:membership_target) { project } + + it do + expect_disallowed(:read_snippet) + expect_disallowed(:read_note) + expect_disallowed(:create_note) + expect_disallowed(*author_permissions) + end + end + + context 'admin user', :enable_admin_mode do + let(:current_user) { admin_user } + let(:membership_target) { project } + + it do + expect_allowed(:read_snippet) + expect_allowed(:read_note) + expect_allowed(:create_note) + expect_allowed(*author_permissions) + end + end + end end |