diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-26 15:11:43 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-26 15:11:43 +0300 |
commit | c15582526dd15f5ea8fac0906624cc5cd2db03ab (patch) | |
tree | bb29128600d8df3a2d5730c8cd233342d06da562 /spec/policies | |
parent | 51c18a25f2751911e134e73dbc946ee130fc6487 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/user_policy_spec.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb index b800e7dbc43..d02a94b810e 100644 --- a/spec/policies/user_policy_spec.rb +++ b/spec/policies/user_policy_spec.rb @@ -84,6 +84,50 @@ RSpec.describe UserPolicy do end end + describe "reading a user's associations count" do + context 'when current_user is not an admin' do + context 'fetching their own data' do + subject { described_class.new(current_user, current_user) } + + context 'when current_user is not blocked' do + it { is_expected.to be_allowed(:get_user_associations_count ) } + end + + context 'when current_user is blocked' do + let(:current_user) { create(:user, :blocked) } + + it { is_expected.not_to be_allowed(:get_user_associations_count) } + end + end + + context "fetching a different user's data" do + it { is_expected.not_to be_allowed(:get_user_associations_count) } + end + end + + context 'when current_user is an admin' do + let(:current_user) { admin } + + context 'fetching their own data', :enable_admin_mode do + subject { described_class.new(current_user, current_user) } + + context 'when current_user is not blocked' do + it { is_expected.to be_allowed(:get_user_associations_count ) } + end + + context 'when current_user is blocked' do + let(:current_user) { create(:admin, :blocked) } + + it { is_expected.not_to be_allowed(:get_user_associations_count) } + end + end + + context "fetching a different user's data", :enable_admin_mode do + it { is_expected.to be_allowed(:get_user_associations_count) } + end + end + end + shared_examples 'changing a user' do |ability| context "when a regular user tries to destroy another regular user" do it { is_expected.not_to be_allowed(ability) } |