diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-11 15:09:55 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-11 15:09:55 +0300 |
| commit | bd27a42f5497d66db227aaa5978e11c0fe072105 (patch) | |
| tree | 2dae237465c4f240371b866e0918575a3d7a7c1c /spec/policies | |
| parent | e184bc1abfe4fe4fef8c25c0d2ccb4c0063e7d5e (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/personal_access_token_policy_spec.rb | 63 |
1 files changed, 42 insertions, 21 deletions
diff --git a/spec/policies/personal_access_token_policy_spec.rb b/spec/policies/personal_access_token_policy_spec.rb index 706150597b2..71795202e13 100644 --- a/spec/policies/personal_access_token_policy_spec.rb +++ b/spec/policies/personal_access_token_policy_spec.rb @@ -5,38 +5,59 @@ require 'spec_helper' RSpec.describe PersonalAccessTokenPolicy do include AdminModeHelper - using RSpec::Parameterized::TableSyntax + subject { described_class.new(current_user, token) } - where(:user_type, :owned_by_same_user, :expected_permitted?) do - :user | true | true - :user | false | false - :admin | false | true + context 'current_user is an administrator', :enable_admin_mode do + let_it_be(:current_user) { build(:admin) } + + context 'not the owner of the token' do + let_it_be(:token) { build(:personal_access_token) } + + it { is_expected.to be_allowed(:read_token) } + it { is_expected.to be_allowed(:revoke_token) } + end + + context 'owner of the token' do + let_it_be(:token) { build(:personal_access_token, user: current_user) } + + it { is_expected.to be_allowed(:read_token) } + it { is_expected.to be_allowed(:revoke_token) } + end end - with_them do - context 'determine if a token is readable or revocable by a user' do - let(:user) { build_stubbed(user_type) } - let(:token_owner) { owned_by_same_user ? user : build(:user) } - let(:token) { build(:personal_access_token, user: token_owner) } + context 'current_user is not an administrator' do + let_it_be(:current_user) { build(:user) } - subject { described_class.new(user, token) } + context 'not the owner of the token' do + let_it_be(:token) { build(:personal_access_token) } - before do - enable_admin_mode!(user) if user.admin? - end + it { is_expected.to be_disallowed(:read_token) } + it { is_expected.to be_disallowed(:revoke_token) } + end + + context 'owner of the token' do + let_it_be(:token) { build(:personal_access_token, user: current_user) } - it { is_expected.to(expected_permitted? ? be_allowed(:read_token) : be_disallowed(:read_token)) } - it { is_expected.to(expected_permitted? ? be_allowed(:revoke_token) : be_disallowed(:revoke_token)) } + it { is_expected.to be_allowed(:read_token) } + it { is_expected.to be_allowed(:revoke_token) } end end context 'current_user is a blocked administrator', :enable_admin_mode do - subject { described_class.new(current_user, token) } + let_it_be(:current_user) { build(:admin, :blocked) } + + context 'owner of the token' do + let_it_be(:token) { build(:personal_access_token, user: current_user) } - let(:current_user) { create(:user, :admin, :blocked) } - let(:token) { create(:personal_access_token) } + it { is_expected.to be_disallowed(:read_token) } + it { is_expected.to be_disallowed(:revoke_token) } + end + + context 'not the owner of the token' do + let_it_be(:token) { build(:personal_access_token) } - it { is_expected.to be_disallowed(:revoke_token) } - it { is_expected.to be_disallowed(:read_token) } + it { is_expected.to be_disallowed(:read_token) } + it { is_expected.to be_disallowed(:revoke_token) } + end end end |