diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-08 15:11:30 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-08 15:11:30 +0300 |
commit | 012f9a4b9ec4a78d9593d882b38f95e376c2cfe2 (patch) | |
tree | 07f1df76cb12d94744e8069eec540d36092bbaba /spec/policies | |
parent | 3c050fb24b757425987a7df4cb3497e1d792be8e (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/metrics/dashboard/annotation_policy_spec.rb | 16 | ||||
-rw-r--r-- | spec/policies/project_policy_spec.rb | 31 |
2 files changed, 35 insertions, 12 deletions
diff --git a/spec/policies/metrics/dashboard/annotation_policy_spec.rb b/spec/policies/metrics/dashboard/annotation_policy_spec.rb index 9ea9f843f2c..2d1ef0ee0cb 100644 --- a/spec/policies/metrics/dashboard/annotation_policy_spec.rb +++ b/spec/policies/metrics/dashboard/annotation_policy_spec.rb @@ -14,9 +14,7 @@ RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do end it { expect(policy).to be_disallowed :read_metrics_dashboard_annotation } - it { expect(policy).to be_disallowed :create_metrics_dashboard_annotation } - it { expect(policy).to be_disallowed :update_metrics_dashboard_annotation } - it { expect(policy).to be_disallowed :delete_metrics_dashboard_annotation } + it { expect(policy).to be_disallowed :admin_metrics_dashboard_annotation } end context 'when reporter' do @@ -25,9 +23,7 @@ RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do end it { expect(policy).to be_allowed :read_metrics_dashboard_annotation } - it { expect(policy).to be_disallowed :create_metrics_dashboard_annotation } - it { expect(policy).to be_disallowed :update_metrics_dashboard_annotation } - it { expect(policy).to be_disallowed :delete_metrics_dashboard_annotation } + it { expect(policy).to be_disallowed :admin_metrics_dashboard_annotation } end context 'when developer' do @@ -36,9 +32,7 @@ RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do end it { expect(policy).to be_allowed :read_metrics_dashboard_annotation } - it { expect(policy).to be_allowed :create_metrics_dashboard_annotation } - it { expect(policy).to be_allowed :update_metrics_dashboard_annotation } - it { expect(policy).to be_allowed :delete_metrics_dashboard_annotation } + it { expect(policy).to be_allowed :admin_metrics_dashboard_annotation } end context 'when maintainer' do @@ -47,9 +41,7 @@ RSpec.describe Metrics::Dashboard::AnnotationPolicy, :models do end it { expect(policy).to be_allowed :read_metrics_dashboard_annotation } - it { expect(policy).to be_allowed :create_metrics_dashboard_annotation } - it { expect(policy).to be_allowed :update_metrics_dashboard_annotation } - it { expect(policy).to be_allowed :delete_metrics_dashboard_annotation } + it { expect(policy).to be_allowed :admin_metrics_dashboard_annotation } end end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index e7b548b8f3b..38c487f3c36 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -2275,6 +2275,12 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do describe 'infrastructure feature' do using RSpec::Parameterized::TableSyntax + before do + # assuming the default setting terraform_state.enabled=true + # the terraform_state permissions should follow the same logic as the other features + stub_config(terraform_state: { enabled: true }) + end + let(:guest_permissions) { [] } let(:developer_permissions) do @@ -2338,6 +2344,31 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end end + + context 'when terraform state management is disabled' do + before do + stub_config(terraform_state: { enabled: false }) + end + + with_them do + let(:current_user) { user_subject(role) } + let(:project) { project_subject(project_visibility) } + + let(:developer_permissions) do + [:read_terraform_state] + end + + let(:maintainer_permissions) do + developer_permissions + [:admin_terraform_state] + end + + it 'always disallows the terraform_state feature' do + project.project_feature.update!(infrastructure_access_level: access_level) + + expect_disallowed(*permissions_abilities(role)) + end + end + end end describe 'access_security_and_compliance' do |