diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-02-26 15:32:42 +0300 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-03-07 17:12:31 +0300 |
| commit | b2ef83856de8c175d384688d09023d16dcfef0c6 (patch) | |
| tree | 01802b6678de41951dbd035a25219e77d6b48cf7 /spec/policies | |
| parent | 792ab0631c85098fbf92e727b77158fb9dae5219 (diff) | |
Allow abilities on forks while MR is open
When an MR is created using `allow_maintainer_to_push`, we enable some
abilities while the MR is open.
This should allow every user with developer abilities on the target
project, to push to the source project.
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 129344f105f..f449fbd6b52 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -308,4 +308,41 @@ describe ProjectPolicy do it_behaves_like 'project policies as master' it_behaves_like 'project policies as owner' it_behaves_like 'project policies as admin' + + context 'when a public project has merge requests allowing access' do + include ProjectForksHelper + let(:user) { create(:user) } + let(:target_project) { create(:project, :public) } + let(:project) { fork_project(target_project) } + let!(:merge_request) do + create( + :merge_request, + target_project: target_project, + source_project: project, + allow_maintainer_to_push: true + ) + end + let(:maintainer_abilities) do + %w(push_single_branch create_build update_build create_pipeline update_pipeline) + end + + subject { described_class.new(user, project) } + + it 'does not allow pushing code' do + expect_disallowed(*maintainer_abilities) + end + + it 'allows pushing if the user is a member with push access to the target project' do + target_project.add_developer(user) + + expect_allowed(*maintainer_abilities) + end + + it 'dissallows abilities to a maintainer if the merge request was closed' do + target_project.add_developer(user) + merge_request.close! + + expect_disallowed(*maintainer_abilities) + end + end end |