diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-01 18:11:13 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-01 18:11:13 +0300 |
| commit | faa19db44a5a4d0fb7a3be07319ca6201caa185a (patch) | |
| tree | 7370bae7c72258b93ab0f02ba87145b43de5313f /spec/policies | |
| parent | 9c5341dd0832c3af377191c461c800e1aa048b10 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/project_hook_policy_spec.rb | 31 | ||||
| -rw-r--r-- | spec/policies/system_hook_policy_spec.rb | 29 |
2 files changed, 60 insertions, 0 deletions
diff --git a/spec/policies/project_hook_policy_spec.rb b/spec/policies/project_hook_policy_spec.rb new file mode 100644 index 00000000000..cfa7b6ee4bf --- /dev/null +++ b/spec/policies/project_hook_policy_spec.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ProjectHookPolicy do + let_it_be(:user) { create(:user) } + + let(:hook) { create(:project_hook) } + + subject(:policy) { described_class.new(user, hook) } + + context 'when the user is not a maintainer' do + before do + hook.project.add_developer(user) + end + + it "cannot read and destroy web-hooks" do + expect(policy).to be_disallowed(:read_web_hook, :destroy_web_hook) + end + end + + context 'when the user is a maintainer' do + before do + hook.project.add_maintainer(user) + end + + it "can read and destroy web-hooks" do + expect(policy).to be_allowed(:read_web_hook, :destroy_web_hook) + end + end +end diff --git a/spec/policies/system_hook_policy_spec.rb b/spec/policies/system_hook_policy_spec.rb new file mode 100644 index 00000000000..37f97a8a3d1 --- /dev/null +++ b/spec/policies/system_hook_policy_spec.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe SystemHookPolicy do + let(:hook) { create(:system_hook) } + + subject(:policy) { described_class.new(user, hook) } + + context 'when the user is not an admin' do + let(:user) { create(:user) } + + %i[read_web_hook destroy_web_hook].each do |thing| + it "cannot #{thing}" do + expect(policy).to be_disallowed(thing) + end + end + end + + context 'when the user is an admin', :enable_admin_mode do + let(:user) { create(:admin) } + + %i[read_web_hook destroy_web_hook].each do |thing| + it "can #{thing}" do + expect(policy).to be_allowed(thing) + end + end + end +end |