diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-24 21:08:45 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-24 21:08:45 +0300 |
| commit | 2ae564d6f59fc939bfdbb155d445efe97b34c1e1 (patch) | |
| tree | 106ebc2021d84757ca03610747a60c8f47ac9fb0 /spec/policies | |
| parent | 7308ec9d13fb69018200a40f287e76ef499ed47c (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/deploy_key_policy_spec.rb | 100 |
1 files changed, 60 insertions, 40 deletions
diff --git a/spec/policies/deploy_key_policy_spec.rb b/spec/policies/deploy_key_policy_spec.rb index d84b80a8738..754f36ce3b0 100644 --- a/spec/policies/deploy_key_policy_spec.rb +++ b/spec/policies/deploy_key_policy_spec.rb @@ -2,69 +2,89 @@ require 'spec_helper' -RSpec.describe DeployKeyPolicy do +RSpec.describe DeployKeyPolicy, feature_category: :groups_and_projects do subject { described_class.new(current_user, deploy_key) } - describe 'updating a deploy_key' do - context 'when a regular user' do - let(:current_user) { create(:user) } + let_it_be(:current_user, refind: true) { create(:user) } + let_it_be(:admin) { create(:user, :admin) } - context 'tries to update private deploy key attached to project' do - let(:deploy_key) { create(:deploy_key, public: false) } - let(:project) { create(:project_empty_repo) } + context 'when deploy key is public' do + let_it_be(:deploy_key) { create(:deploy_key, public: true) } - before do - project.add_maintainer(current_user) - project.deploy_keys << deploy_key - end + context 'and current_user is nil' do + let(:current_user) { nil } - it { is_expected.to be_allowed(:update_deploy_key) } - end + it { is_expected.to be_disallowed(:read_deploy_key) } + + it { is_expected.to be_disallowed(:update_deploy_key) } + end - context 'tries to update private deploy key attached to other project' do - let(:deploy_key) { create(:deploy_key, public: false) } - let(:other_project) { create(:project_empty_repo) } + context 'and current_user is present' do + it { is_expected.to be_allowed(:read_deploy_key) } - before do - other_project.deploy_keys << deploy_key - end + it { is_expected.to be_disallowed(:update_deploy_key) } + end - it { is_expected.to be_disallowed(:update_deploy_key) } + context 'when current_user is admin' do + let(:current_user) { admin } + + context 'when admin mode enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:read_deploy_key) } + + it { is_expected.to be_allowed(:update_deploy_key) } end - context 'tries to update public deploy key' do - let(:deploy_key) { create(:another_deploy_key, public: true) } + context 'when admin mode disabled' do + it { is_expected.to be_allowed(:read_deploy_key) } it { is_expected.to be_disallowed(:update_deploy_key) } end end + end + + context 'when deploy key is private' do + let_it_be(:deploy_key) { create(:deploy_key, :private) } + + context 'and current_user is nil' do + let(:current_user) { nil } - context 'when an admin user' do - let(:current_user) { create(:user, :admin) } + it { is_expected.to be_disallowed(:read_deploy_key) } - context 'tries to update private deploy key' do - let(:deploy_key) { create(:deploy_key, public: false) } + it { is_expected.to be_disallowed(:update_deploy_key) } + end + + context 'when current_user is admin' do + let(:current_user) { admin } - context 'when admin mode enabled', :enable_admin_mode do - it { is_expected.to be_allowed(:update_deploy_key) } - end + context 'when admin mode enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:read_deploy_key) } - context 'when admin mode disabled' do - it { is_expected.to be_disallowed(:update_deploy_key) } - end + it { is_expected.to be_allowed(:update_deploy_key) } end - context 'when an admin user tries to update public deploy key' do - let(:deploy_key) { create(:another_deploy_key, public: true) } + context 'when admin mode disabled' do + it { is_expected.to be_disallowed(:read_deploy_key) } + + it { is_expected.to be_disallowed(:update_deploy_key) } + end + end - context 'when admin mode enabled', :enable_admin_mode do - it { is_expected.to be_allowed(:update_deploy_key) } - end + context 'when assigned to the project' do + let_it_be(:deploy_keys_project) { create(:deploy_keys_project, deploy_key: deploy_key) } - context 'when admin mode disabled' do - it { is_expected.to be_disallowed(:update_deploy_key) } - end + before_all do + deploy_keys_project.project.add_maintainer(current_user) end + + it { is_expected.to be_allowed(:read_deploy_key) } + + it { is_expected.to be_allowed(:update_deploy_key) } + end + + context 'when assigned to another project' do + it { is_expected.to be_disallowed(:read_deploy_key) } + + it { is_expected.to be_disallowed(:update_deploy_key) } end end end |