diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-09 15:09:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-09 15:09:24 +0300 |
commit | 0ab6d56c15ebf4a12981556c7d3bc53d9b62cdb9 (patch) | |
tree | 31f28e85bb24de18240f3ddeaf5c3367e4510c3a /spec/policies | |
parent | 079ad2772f2b78f56b26730307cc73d1376fa6d6 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/user_policy_spec.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb index c57d345ef56..17ac7d0e44d 100644 --- a/spec/policies/user_policy_spec.rb +++ b/spec/policies/user_policy_spec.rb @@ -40,6 +40,46 @@ RSpec.describe UserPolicy do end end + describe "creating a different user's Personal Access Tokens" do + context 'when current_user is admin' do + let(:current_user) { create(:user, :admin) } + + context 'when admin mode is enabled and current_user is not blocked', :enable_admin_mode do + it { is_expected.to be_allowed(:create_user_personal_access_token) } + end + + context 'when admin mode is enabled and current_user is blocked', :enable_admin_mode do + let(:current_user) { create(:admin, :blocked) } + + it { is_expected.not_to be_allowed(:create_user_personal_access_token) } + end + + context 'when admin mode is disabled' do + it { is_expected.not_to be_allowed(:create_user_personal_access_token) } + end + end + + context 'when current_user is not an admin' do + context 'creating their own personal access tokens' do + subject { described_class.new(current_user, current_user) } + + context 'when current_user is not blocked' do + it { is_expected.to be_allowed(:create_user_personal_access_token) } + end + + context 'when current_user is blocked' do + let(:current_user) { create(:user, :blocked) } + + it { is_expected.not_to be_allowed(:create_user_personal_access_token) } + end + end + + context "creating a different user's personal access tokens" do + it { is_expected.not_to be_allowed(:create_user_personal_access_token) } + end + end + end + shared_examples 'changing a user' do |ability| context "when a regular user tries to destroy another regular user" do it { is_expected.not_to be_allowed(ability) } |