Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-09-13 15:12:50 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-09-13 15:12:50 +0300
commit: 37a739daec0d7021b2af6ad03c60d37ac3461d88 (patch)
tree: e9621e1d5b8c59a2f2768deb3f153e1e5fb01437 /spec/policies
parent: bfd344aeac677543c2a2f623fd103d4cf0f4e247 (diff)
1 files changed, 118 insertions, 41 deletions
diff --git a/spec/policies/packages/policies/project_policy_spec.rb b/spec/policies/packages/policies/project_policy_spec.rb
index 15c5942ea4d..5d54ee54572 100644
--- a/spec/policies/packages/policies/project_policy_spec.rb
+++ b/spec/policies/packages/policies/project_policy_spec.rb
@@ -33,55 +33,132 @@ RSpec.describe Packages::Policies::ProjectPolicy do
     end
   end
 
-  describe 'read_package' do
-    context 'with admin' do
-      let(:current_user) { admin }
-
-      it { is_expected.to be_allowed(:read_package) }
-
-      it_behaves_like 'package access with repository disabled'
+  describe 'read_package', :enable_admin_mode do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:project, :package_registry_access_level, :current_user, :expect_to_be_allowed) do
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:anonymous)  | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:non_member) | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:guest)      | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:reporter)   | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:developer)  | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:maintainer) | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:owner)      | false
+      ref(:private_project)  | ProjectFeature::DISABLED | ref(:admin)      | false
+
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:anonymous)  | false
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:non_member) | false
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:guest)      | false
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:reporter)   | true
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:developer)  | true
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:maintainer) | true
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:owner)      | true
+      ref(:private_project)  | ProjectFeature::PRIVATE  | ref(:admin)      | true
+
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:anonymous)  | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:non_member) | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:guest)      | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:reporter)   | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:developer)  | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:maintainer) | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:owner)      | true
+      ref(:private_project)  | ProjectFeature::PUBLIC   | ref(:admin)      | true
+
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:anonymous)  | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:non_member) | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:guest)      | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:reporter)   | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:developer)  | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:maintainer) | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:owner)      | false
+      ref(:internal_project) | ProjectFeature::DISABLED | ref(:admin)      | false
+
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:anonymous)  | false
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:non_member) | true
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:guest)      | true
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:reporter)   | true
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:developer)  | true
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:maintainer) | true
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:owner)      | true
+      ref(:internal_project) | ProjectFeature::ENABLED  | ref(:admin)      | true
+
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:anonymous)  | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:non_member) | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:guest)      | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:reporter)   | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:developer)  | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:maintainer) | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:owner)      | true
+      ref(:internal_project) | ProjectFeature::PUBLIC   | ref(:admin)      | true
+
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:anonymous)  | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:non_member) | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:guest)      | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:reporter)   | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:developer)  | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:maintainer) | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:owner)      | false
+      ref(:public_project)   | ProjectFeature::DISABLED | ref(:admin)      | false
+
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:anonymous)  | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:non_member) | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:guest)      | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:reporter)   | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:developer)  | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:maintainer) | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:owner)      | true
+      ref(:public_project)   | ProjectFeature::PUBLIC   | ref(:admin)      | true
     end
 
-    context 'with owner' do
-      let(:current_user) { owner }
+    with_them do
+      it do
+        project.project_feature.update!(package_registry_access_level: package_registry_access_level)
 
-      it { is_expected.to be_allowed(:read_package) }
+        if expect_to_be_allowed
+          is_expected.to be_allowed(:read_package)
+        else
+          is_expected.to be_disallowed(:read_package)
+        end
+      end
     end
 
-    context 'with maintainer' do
-      let(:current_user) { maintainer }
-
-      it { is_expected.to be_allowed(:read_package) }
+    context 'with feature flag disabled' do
+      before do
+        stub_feature_flags(package_registry_access_level: false)
+      end
+
+      where(:project, :current_user, :expect_to_be_allowed) do
+        ref(:private_project)  | ref(:anonymous)  | false
+        ref(:private_project)  | ref(:non_member) | false
+        ref(:private_project)  | ref(:guest)      | false
+        ref(:internal_project) | ref(:anonymous)  | false
+        ref(:public_project)   | ref(:admin)      | true
+        ref(:public_project)   | ref(:owner)      | true
+        ref(:public_project)   | ref(:maintainer) | true
+        ref(:public_project)   | ref(:developer)  | true
+        ref(:public_project)   | ref(:reporter)   | true
+        ref(:public_project)   | ref(:guest)      | true
+        ref(:public_project)   | ref(:non_member) | true
+        ref(:public_project)   | ref(:anonymous)  | true
+      end
+
+      with_them do
+        it do
+          project.project_feature.update!(package_registry_access_level: ProjectFeature::PUBLIC)
+
+          if expect_to_be_allowed
+            is_expected.to be_allowed(:read_package)
+          else
+            is_expected.to be_disallowed(:read_package)
+          end
+        end
+      end
     end
 
-    context 'with developer' do
-      let(:current_user) { developer }
-
-      it { is_expected.to be_allowed(:read_package) }
-    end
-
-    context 'with reporter' do
-      let(:current_user) { reporter }
-
-      it { is_expected.to be_allowed(:read_package) }
-    end
-
-    context 'with guest' do
-      let(:current_user) { guest }
-
-      it { is_expected.to be_allowed(:read_package) }
-    end
-
-    context 'with non member' do
-      let(:current_user) { non_member }
-
-      it { is_expected.to be_allowed(:read_package) }
-    end
-
-    context 'with anonymous' do
-      let(:current_user) { anonymous }
+    context 'with admin' do
+      let(:current_user) { admin }
 
-      it { is_expected.to be_allowed(:read_package) }
+      it_behaves_like 'package access with repository disabled'
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-09-13 15:12:50 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-09-13 15:12:50 +0300
commit	37a739daec0d7021b2af6ad03c60d37ac3461d88 (patch)
tree	e9621e1d5b8c59a2f2768deb3f153e1e5fb01437 /spec/policies
parent	bfd344aeac677543c2a2f623fd103d4cf0f4e247 (diff)