Prevent projects to have higher visibility than groups

Prevent Groups to have smaller visibility than projects Add default_group_visibility_level to configuration Code improvements
author: Felipe Artur <felipefac@gmail.com> 2016-03-09 03:01:33 +0300
committer: Felipe Artur <felipefac@gmail.com> 2016-03-10 16:38:36 +0300
commit: c3e70280dffe7ee0859ebd73b902d424ca5f809a (patch)
tree: 06b83a5ab13d19803332253cf50a941501b29317 /spec/services/groups
parent: bd59e59d01c5e845c7f7d451feaa1488670f20de (diff)
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/services/groups/update_service_spec.rb b/spec/services/groups/update_service_spec.rb
new file mode 100644
index 00000000000..c759e32342d
--- /dev/null
+++ b/spec/services/groups/update_service_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe Groups::UpdateService, services: true do
+    let!(:user)    { create(:user) }
+    let!(:private_group)    { create(:group, visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
+    let!(:internal_group)   { create(:group, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
+    let!(:public_group)     { create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
+
+  describe "execute" do
+    context "project visibility_level validation" do
+
+      context "public group with public projects" do
+        let!(:service) { described_class.new(public_group, user, visibility_level: Gitlab::VisibilityLevel::INTERNAL ) }
+
+        before do
+          public_group.add_user(user, Gitlab::Access::MASTER)
+          create(:project, :public, group: public_group, name: 'B', path: 'B')
+        end
+
+        it "cant downgrade permission level" do
+          expect(service.execute).to be_falsy
+          expect(public_group.errors.count).to eq(1)
+        end
+      end
+
+    context "internal group with internal project" do
+        let!(:service) { described_class.new(internal_group, user, visibility_level: Gitlab::VisibilityLevel::PRIVATE ) }
+
+        before do
+          internal_group.add_user(user, Gitlab::Access::MASTER)
+          create(:project, :internal, group: internal_group, name: 'B', path: 'B')
+        end
+
+        it "cant downgrade permission level" do
+          expect(service.execute).to be_falsy
+          expect(internal_group.errors.count).to eq(1)
+        end
+      end
+    end
+  end
+
+  context "unauthorized visibility_level validation" do
+    let!(:service) { described_class.new(internal_group, user, visibility_level: 99 ) }
+    before { internal_group.add_user(user, Gitlab::Access::MASTER) }
+
+    it "does not change permission level" do
+      expect(service.execute).to be_falsy
+      expect(internal_group.errors.count).to eq(1)
+    end
+  end
+end
author	Felipe Artur <felipefac@gmail.com>	2016-03-09 03:01:33 +0300
committer	Felipe Artur <felipefac@gmail.com>	2016-03-10 16:38:36 +0300
commit	c3e70280dffe7ee0859ebd73b902d424ca5f809a (patch)
tree	06b83a5ab13d19803332253cf50a941501b29317 /spec/services/groups
parent	bd59e59d01c5e845c7f7d451feaa1488670f20de (diff)