diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-04-04 15:15:02 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-04-04 15:15:02 +0300 |
| commit | f00510286b6ccda154c4926503397590a8851939 (patch) | |
| tree | c4cd69ef2d0d6dd5abf30e3963ac00ead7421a19 /spec/policies | |
| parent | 9e5c2e7342d1393f90e74a2ae4b3f27492c22e1f (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 110 |
1 files changed, 90 insertions, 20 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 50f425f4efe..cc1029358ae 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -3004,6 +3004,84 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end + describe 'admin_project_runners' do + context 'admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:create_project_runners) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_project_runners) } + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_project_runners) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_project_runners) } + end + end + + describe 'read_project_runners' do + subject(:policy) { described_class.new(user, project) } + + context 'with maintainer' do + let(:user) { maintainer } + + it { is_expected.to be_allowed(:read_project_runners) } + end + + context 'with admin', :enable_admin_mode do + let(:user) { admin } + + it { is_expected.to be_allowed(:read_project_runners) } + end + + context 'with reporter' do + let(:user) { reporter } + + it { is_expected.to be_disallowed(:read_project_runners) } + end + + context 'when the user is not part of the project' do + let(:user) { non_member } + + it { is_expected.to be_disallowed(:read_project_runners) } + end + end + describe 'update_sentry_issue' do using RSpec::Parameterized::TableSyntax @@ -3104,26 +3182,6 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end - describe 'add_catalog_resource' do - using RSpec::Parameterized::TableSyntax - - let(:current_user) { public_send(role) } - - where(:role, :allowed) do - :owner | true - :maintainer | false - :developer | false - :reporter | false - :guest | false - end - - with_them do - it do - expect(subject.can?(:add_catalog_resource)).to be(allowed) - end - end - end - describe 'read_code' do let(:current_user) { create(:user) } @@ -3145,6 +3203,18 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end + describe 'read_namespace_catalog' do + let(:current_user) { owner } + + specify { is_expected.to be_disallowed(:read_namespace_catalog) } + end + + describe 'add_catalog_resource' do + let(:current_user) { owner } + + specify { is_expected.to be_disallowed(:read_namespace_catalog) } + end + private def project_subject(project_type) |