diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-21 15:10:27 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-21 15:10:27 +0300 |
commit | 888264e6b732927699bc2c855a8184aa2a095fbb (patch) | |
tree | 8cc728e4b0d2efe86a3549b07574d0d2bbbf603f /spec/policies | |
parent | 34ad6d995bcab9f88a236bfed15aebdad76df960 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/issue_policy_spec.rb | 11 | ||||
-rw-r--r-- | spec/policies/merge_request_policy_spec.rb | 5 |
2 files changed, 12 insertions, 4 deletions
diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb index 76788ae2cb7..ed0050e8224 100644 --- a/spec/policies/issue_policy_spec.rb +++ b/spec/policies/issue_policy_spec.rb @@ -139,13 +139,14 @@ RSpec.describe IssuePolicy do create(:project_group_link, group: group, project: project) end - it 'does not allow guest to create todos' do + it 'does not allow anonymous user to create todos' do expect(permissions(nil, issue)).to be_allowed(:read_issue) expect(permissions(nil, issue)).to be_disallowed(:create_todo) + expect(permissions(nil, issue)).to be_disallowed(:update_subscription) end it 'allows guests to read issues' do - expect(permissions(guest, issue)).to be_allowed(:read_issue, :read_issue_iid, :create_todo) + expect(permissions(guest, issue)).to be_allowed(:read_issue, :read_issue_iid, :create_todo, :update_subscription) expect(permissions(guest, issue)).to be_disallowed(:update_issue, :admin_issue, :reopen_issue) expect(permissions(guest, issue_no_assignee)).to be_allowed(:read_issue, :read_issue_iid) @@ -205,12 +206,18 @@ RSpec.describe IssuePolicy do it 'forbids visitors from commenting' do expect(permissions(visitor, issue)).to be_disallowed(:create_note) end + it 'forbids visitors from subscribing' do + expect(permissions(visitor, issue)).to be_disallowed(:update_subscription) + end it 'allows guests to view' do expect(permissions(guest, issue)).to be_allowed(:read_issue) end it 'allows guests to comment' do expect(permissions(guest, issue)).to be_allowed(:create_note) end + it 'allows guests to subscribe' do + expect(permissions(guest, issue)).to be_allowed(:update_subscription) + end context 'when admin mode is enabled', :enable_admin_mode do it 'allows admins to view' do diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb index 744822f58d1..b94df4d4374 100644 --- a/spec/policies/merge_request_policy_spec.rb +++ b/spec/policies/merge_request_policy_spec.rb @@ -26,7 +26,8 @@ RSpec.describe MergeRequestPolicy do read_merge_request create_todo approve_merge_request - create_note].freeze + create_note + update_subscription].freeze shared_examples_for 'a denied user' do let(:perms) { permissions(subject, merge_request) } @@ -55,7 +56,7 @@ RSpec.describe MergeRequestPolicy do subject { permissions(nil, merge_request) } it do - is_expected.to be_disallowed(:create_todo) + is_expected.to be_disallowed(:create_todo, :update_subscription) end end end |