diff options
| author | Douwe Maan <douwe@selenight.nl> | 2018-04-02 21:38:47 +0300 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-10 16:46:20 +0300 |
| commit | 8272ec9a7683863c43d217c97bdf7bf165cb3cf2 (patch) | |
| tree | ae4fba36f47e12514789a309049af230da7135f4 /spec/policies | |
| parent | 267a909600e02f0728fec1765adf817acc03d813 (diff) | |
Update policies to make archived projects completely read-only
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 7843af839df..f20e4a021da 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -136,13 +136,49 @@ describe ProjectPolicy do end end + shared_examples 'archived project policies' do + let(:feature_write_abilities) do + described_class::READONLY_FEATURES_WHEN_ARCHIVED.flat_map do |feature| + described_class.create_update_admin_destroy(feature) + end + end + + let(:other_write_abilities) do + %i[ + push_to_delete_protected_branch + push_code + request_access + upload_file + resolve_note + ] + end + + context 'when the project is archived' do + before do + project.archived = true + end + + it 'disables write actions on all relevant project features' do + expect_disallowed(*feature_write_abilities) + end + + it 'disables some other important write actions' do + expect_disallowed(*other_write_abilities) + end + + it 'does not disable other other abilities' do + expect_allowed(*(regular_abilities - feature_write_abilities - other_write_abilities)) + end + end + end + shared_examples 'project policies as anonymous' do context 'abilities for public projects' do context 'when a project has pending invites' do let(:group) { create(:group, :public) } let(:project) { create(:project, :public, namespace: group) } let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] } - let(:anonymous_permissions) { guest_permissions - user_permissions } + let(:anonymous_permissions) { guest_permissions - user_permissions } subject { described_class.new(nil, project) } @@ -154,6 +190,10 @@ describe ProjectPolicy do expect_allowed(*anonymous_permissions) expect_disallowed(*user_permissions) end + + it_behaves_like 'archived project policies' do + let(:regular_abilities) { anonymous_permissions } + end end end @@ -184,6 +224,10 @@ describe ProjectPolicy do expect_disallowed(*owner_permissions) end + it_behaves_like 'archived project policies' do + let(:regular_abilities) { guest_permissions } + end + context 'public builds enabled' do it do expect_allowed(*guest_permissions) @@ -224,12 +268,15 @@ describe ProjectPolicy do it do expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) - expect_allowed(*reporter_permissions) expect_allowed(*team_member_reporter_permissions) expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end + + it_behaves_like 'archived project policies' do + let(:regular_abilities) { reporter_permissions } + end end end @@ -247,6 +294,10 @@ describe ProjectPolicy do expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) end + + it_behaves_like 'archived project policies' do + let(:regular_abilities) { developer_permissions } + end end end @@ -264,6 +315,10 @@ describe ProjectPolicy do expect_allowed(*master_permissions) expect_disallowed(*owner_permissions) end + + it_behaves_like 'archived project policies' do + let(:regular_abilities) { master_permissions } + end end end @@ -281,6 +336,10 @@ describe ProjectPolicy do expect_allowed(*master_permissions) expect_allowed(*owner_permissions) end + + it_behaves_like 'archived project policies' do + let(:regular_abilities) { owner_permissions } + end end end @@ -298,6 +357,10 @@ describe ProjectPolicy do expect_allowed(*master_permissions) expect_allowed(*owner_permissions) end + + it_behaves_like 'archived project policies' do + let(:regular_abilities) { owner_permissions } + end end end |