diff options
author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2019-02-15 01:44:35 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-02-15 17:49:07 +0300 |
commit | 80fd4ffe5381aa085f8ae140037399528a15cc49 (patch) | |
tree | a302d89479203beb91cbfd7a8edd9cdecc2cd175 /spec | |
parent | 09f88f2167bf4821334331baa4cb491eaa57475d (diff) |
Merge branch 'sh-fix-board-user-assigns' into 'master'
Fix 403 errors when adding an assignee list in project boards
Closes gitlab-ee#9727
See merge request gitlab-org/gitlab-ce!25263
(cherry picked from commit a092b5ae45093dadc9a8834178a2c915e8bbead5)
b2da8042 Fix 403 errors when adding an assignee list in project boards
Diffstat (limited to 'spec')
-rw-r--r-- | spec/policies/board_policy_spec.rb | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/spec/policies/board_policy_spec.rb b/spec/policies/board_policy_spec.rb new file mode 100644 index 00000000000..4b76d65ef69 --- /dev/null +++ b/spec/policies/board_policy_spec.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe BoardPolicy do + let(:user) { create(:user) } + let(:project) { create(:project, :private) } + let(:group) { create(:group, :private) } + let(:group_board) { create(:board, group: group) } + let(:project_board) { create(:board, project: project) } + + let(:board_permissions) do + [ + :read_parent, + :read_milestone, + :read_issue + ] + end + + def expect_allowed(*permissions) + permissions.each { |p| is_expected.to be_allowed(p) } + end + + def expect_disallowed(*permissions) + permissions.each { |p| is_expected.not_to be_allowed(p) } + end + + context 'group board' do + subject { described_class.new(user, group_board) } + + context 'user has access' do + before do + group.add_developer(user) + end + + it do + expect_allowed(*board_permissions) + end + end + + context 'user does not have access' do + it do + expect_disallowed(*board_permissions) + end + end + end + + context 'project board' do + subject { described_class.new(user, project_board) } + + context 'user has access' do + before do + project.add_developer(user) + end + + it do + expect_allowed(*board_permissions) + end + end + + context 'user does not have access' do + it do + expect_disallowed(*board_permissions) + end + end + end +end |