Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/policies
diff options
context:
space:
mode:
authorAndreas Brandl <abrandl@gitlab.com>2019-04-05 16:02:56 +0300
committerAndreas Brandl <abrandl@gitlab.com>2019-04-05 16:02:56 +0300
commit46b1b9c1d61c269588bd3cd4203420608ddd7f0b (patch)
treea877f5366d3367e1264e96f3f5e8a4b23bdbd62a /spec/policies
parent7a48a06cf3b454021aa466464686fee8c82d6862 (diff)
Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"
This reverts merge request !26823
Diffstat (limited to 'spec/policies')
-rw-r--r--spec/policies/base_policy_spec.rb23
-rw-r--r--spec/policies/issue_policy_spec.rb19
-rw-r--r--spec/policies/merge_request_policy_spec.rb19
-rw-r--r--spec/policies/project_policy_spec.rb53
4 files changed, 0 insertions, 114 deletions
diff --git a/spec/policies/base_policy_spec.rb b/spec/policies/base_policy_spec.rb
index 09be831dcd5..c03d95b34db 100644
--- a/spec/policies/base_policy_spec.rb
+++ b/spec/policies/base_policy_spec.rb
@@ -1,8 +1,6 @@
require 'spec_helper'
describe BasePolicy do
- include ExternalAuthorizationServiceHelpers
-
describe '.class_for' do
it 'detects policy class based on the subject ancestors' do
expect(DeclarativePolicy.class_for(GenericCommitStatus.new)).to eq(CommitStatusPolicy)
@@ -18,25 +16,4 @@ describe BasePolicy do
expect(DeclarativePolicy.class_for(:global)).to eq(GlobalPolicy)
end
end
-
- describe 'read cross project' do
- let(:current_user) { create(:user) }
- let(:user) { create(:user) }
-
- subject { described_class.new(current_user, [user]) }
-
- it { is_expected.to be_allowed(:read_cross_project) }
-
- context 'when an external authorization service is enabled' do
- before do
- enable_external_authorization_service_check
- end
-
- it { is_expected.not_to be_allowed(:read_cross_project) }
-
- it 'allows admins' do
- expect(described_class.new(build(:admin), nil)).to be_allowed(:read_cross_project)
- end
- end
- end
end
diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb
index b149dbcf871..008d118b557 100644
--- a/spec/policies/issue_policy_spec.rb
+++ b/spec/policies/issue_policy_spec.rb
@@ -1,8 +1,6 @@
require 'spec_helper'
describe IssuePolicy do
- include ExternalAuthorizationServiceHelpers
-
let(:guest) { create(:user) }
let(:author) { create(:user) }
let(:assignee) { create(:user) }
@@ -206,21 +204,4 @@ describe IssuePolicy do
end
end
end
-
- context 'with external authorization enabled' do
- let(:user) { create(:user) }
- let(:project) { create(:project, :public) }
- let(:issue) { create(:issue, project: project) }
- let(:policies) { described_class.new(user, issue) }
-
- before do
- enable_external_authorization_service_check
- end
-
- it 'can read the issue iid without accessing the external service' do
- expect(::Gitlab::ExternalAuthorization).not_to receive(:access_allowed?)
-
- expect(policies).to be_allowed(:read_issue_iid)
- end
- end
end
diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb
index 81279225d61..1efa70addc2 100644
--- a/spec/policies/merge_request_policy_spec.rb
+++ b/spec/policies/merge_request_policy_spec.rb
@@ -1,8 +1,6 @@
require 'spec_helper'
describe MergeRequestPolicy do
- include ExternalAuthorizationServiceHelpers
-
let(:guest) { create(:user) }
let(:author) { create(:user) }
let(:developer) { create(:user) }
@@ -49,21 +47,4 @@ describe MergeRequestPolicy do
expect(permissions(guest, merge_request_locked)).to be_disallowed(:reopen_merge_request)
end
end
-
- context 'with external authorization enabled' do
- let(:user) { create(:user) }
- let(:project) { create(:project, :public) }
- let(:merge_request) { create(:merge_request, source_project: project) }
- let(:policies) { described_class.new(user, merge_request) }
-
- before do
- enable_external_authorization_service_check
- end
-
- it 'can read the issue iid without accessing the external service' do
- expect(::Gitlab::ExternalAuthorization).not_to receive(:access_allowed?)
-
- expect(policies).to be_allowed(:read_merge_request_iid)
- end
- end
end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 42f8bf3137b..125ed818bc6 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -1,7 +1,6 @@
require 'spec_helper'
describe ProjectPolicy do
- include ExternalAuthorizationServiceHelpers
include_context 'ProjectPolicy context'
set(:guest) { create(:user) }
set(:reporter) { create(:user) }
@@ -293,56 +292,4 @@ describe ProjectPolicy do
projects: [clusterable])
end
end
-
- context 'reading a project' do
- it 'allows access when a user has read access to the repo' do
- expect(described_class.new(owner, project)).to be_allowed(:read_project)
- expect(described_class.new(developer, project)).to be_allowed(:read_project)
- expect(described_class.new(admin, project)).to be_allowed(:read_project)
- end
-
- it 'never checks the external service' do
- expect(::Gitlab::ExternalAuthorization).not_to receive(:access_allowed?)
-
- expect(described_class.new(owner, project)).to be_allowed(:read_project)
- end
-
- context 'with an external authorization service' do
- before do
- enable_external_authorization_service_check
- end
-
- it 'allows access when the external service allows it' do
- external_service_allow_access(owner, project)
- external_service_allow_access(developer, project)
-
- expect(described_class.new(owner, project)).to be_allowed(:read_project)
- expect(described_class.new(developer, project)).to be_allowed(:read_project)
- end
-
- it 'does not check the external service for admins and allows access' do
- expect(::Gitlab::ExternalAuthorization).not_to receive(:access_allowed?)
-
- expect(described_class.new(admin, project)).to be_allowed(:read_project)
- end
-
- it 'prevents all but seeing a public project in a list when access is denied' do
- [developer, owner, build(:user), nil].each do |user|
- external_service_deny_access(user, project)
- policy = described_class.new(user, project)
-
- expect(policy).not_to be_allowed(:read_project)
- expect(policy).not_to be_allowed(:owner_access)
- expect(policy).not_to be_allowed(:change_namespace)
- end
- end
-
- it 'passes the full path to external authorization for logging purposes' do
- expect(::Gitlab::ExternalAuthorization)
- .to receive(:access_allowed?).with(owner, 'default_label', project.full_path).and_call_original
-
- described_class.new(owner, project).allowed?(:read_project)
- end
- end
- end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-02 05:50:35 +0300