diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-20 11:43:02 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-20 11:43:02 +0300 |
commit | d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch) | |
tree | 2341ef426af70ad1e289c38036737e04b0aa5007 /spec/policies | |
parent | d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff) |
Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/clusters/agent_policy_spec.rb | 28 | ||||
-rw-r--r-- | spec/policies/clusters/agent_token_policy_spec.rb | 31 | ||||
-rw-r--r-- | spec/policies/group_policy_spec.rb | 2 | ||||
-rw-r--r-- | spec/policies/namespaces/project_namespace_policy_spec.rb | 46 | ||||
-rw-r--r-- | spec/policies/namespaces/user_namespace_policy_spec.rb (renamed from spec/policies/namespace_policy_spec.rb) | 2 |
5 files changed, 107 insertions, 2 deletions
diff --git a/spec/policies/clusters/agent_policy_spec.rb b/spec/policies/clusters/agent_policy_spec.rb new file mode 100644 index 00000000000..307d751b78b --- /dev/null +++ b/spec/policies/clusters/agent_policy_spec.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Clusters::AgentPolicy do + let(:cluster_agent) { create(:cluster_agent, name: 'agent' )} + let(:user) { create(:admin) } + let(:policy) { described_class.new(user, cluster_agent) } + let(:project) { cluster_agent.project } + + describe 'rules' do + context 'when developer' do + before do + project.add_developer(user) + end + + it { expect(policy).to be_disallowed :admin_cluster } + end + + context 'when maintainer' do + before do + project.add_maintainer(user) + end + + it { expect(policy).to be_allowed :admin_cluster } + end + end +end diff --git a/spec/policies/clusters/agent_token_policy_spec.rb b/spec/policies/clusters/agent_token_policy_spec.rb new file mode 100644 index 00000000000..9ae99e66f59 --- /dev/null +++ b/spec/policies/clusters/agent_token_policy_spec.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Clusters::AgentTokenPolicy do + let_it_be(:token) { create(:cluster_agent_token) } + + let(:user) { create(:user) } + let(:policy) { described_class.new(user, token) } + let(:project) { token.agent.project } + + describe 'rules' do + context 'when developer' do + before do + project.add_developer(user) + end + + it { expect(policy).to be_disallowed :admin_cluster } + it { expect(policy).to be_disallowed :read_cluster } + end + + context 'when maintainer' do + before do + project.add_maintainer(user) + end + + it { expect(policy).to be_allowed :admin_cluster } + it { expect(policy).to be_allowed :read_cluster } + end + end +end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 482e12c029d..201ccf0fc14 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -1005,7 +1005,7 @@ RSpec.describe GroupPolicy do context 'with maintainer' do let(:current_user) { maintainer } - it { is_expected.to be_allowed(:update_runners_registration_token) } + it { is_expected.to be_disallowed(:update_runners_registration_token) } end context 'with reporter' do diff --git a/spec/policies/namespaces/project_namespace_policy_spec.rb b/spec/policies/namespaces/project_namespace_policy_spec.rb new file mode 100644 index 00000000000..22f3ccec1f8 --- /dev/null +++ b/spec/policies/namespaces/project_namespace_policy_spec.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe NamespacePolicy do + let_it_be(:parent) { create(:namespace) } + let_it_be(:namespace) { create(:project_namespace, parent: parent) } + + let(:permissions) do + [:owner_access, :create_projects, :admin_namespace, :read_namespace, + :read_statistics, :transfer_projects, :create_package_settings, + :read_package_settings, :create_jira_connect_subscription] + end + + subject { described_class.new(current_user, namespace) } + + context 'with no user' do + let_it_be(:current_user) { nil } + + it { is_expected.to be_disallowed(*permissions) } + end + + context 'regular user' do + let_it_be(:current_user) { create(:user) } + + it { is_expected.to be_disallowed(*permissions) } + end + + context 'parent owner' do + let_it_be(:current_user) { parent.owner } + + it { is_expected.to be_disallowed(*permissions) } + end + + context 'admin' do + let_it_be(:current_user) { create(:admin) } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(*permissions) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(*permissions) } + end + end +end diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespaces/user_namespace_policy_spec.rb index b9823273de8..02eda31bfa7 100644 --- a/spec/policies/namespace_policy_spec.rb +++ b/spec/policies/namespaces/user_namespace_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe NamespacePolicy do +RSpec.describe Namespaces::UserNamespacePolicy do let(:user) { create(:user) } let(:owner) { create(:user) } let(:admin) { create(:admin) } |