Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/features/security
diff options
context:
space:
mode:
Diffstat (limited to 'spec/features/security')
-rw-r--r--spec/features/security/dashboard_access_spec.rb63
-rw-r--r--spec/features/security/group/group_access_spec.rb98
-rw-r--r--spec/features/security/group/internal_group_access_spec.rb82
-rw-r--r--spec/features/security/group/mixed_group_access_spec.rb83
-rw-r--r--spec/features/security/group/public_group_access_spec.rb82
-rw-r--r--spec/features/security/profile_access_spec.rb65
-rw-r--r--spec/features/security/project/internal_access_spec.rb227
-rw-r--r--spec/features/security/project/private_access_spec.rb205
-rw-r--r--spec/features/security/project/public_access_spec.rb232
9 files changed, 0 insertions, 1137 deletions
diff --git a/spec/features/security/dashboard_access_spec.rb b/spec/features/security/dashboard_access_spec.rb
deleted file mode 100644
index 67238e3ab76..00000000000
--- a/spec/features/security/dashboard_access_spec.rb
+++ /dev/null
@@ -1,63 +0,0 @@
-require 'spec_helper'
-
-describe "Dashboard access", feature: true do
- describe "GET /dashboard" do
- subject { dashboard_path }
-
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /dashboard/issues" do
- subject { issues_dashboard_path }
-
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /dashboard/merge_requests" do
- subject { merge_requests_dashboard_path }
-
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /dashboard/projects/starred" do
- subject { starred_dashboard_projects_path }
-
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /help" do
- subject { help_path }
-
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /projects/new" do
- it { expect(new_project_path).to be_allowed_for :admin }
- it { expect(new_project_path).to be_allowed_for :user }
- it { expect(new_project_path).to be_denied_for :visitor }
- end
-
- describe "GET /groups/new" do
- it { expect(new_group_path).to be_allowed_for :admin }
- it { expect(new_group_path).to be_allowed_for :user }
- it { expect(new_group_path).to be_denied_for :visitor }
- end
-
- describe "GET /profile/groups" do
- subject { dashboard_groups_path }
-
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-end
diff --git a/spec/features/security/group/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb
deleted file mode 100644
index 63793149459..00000000000
--- a/spec/features/security/group/group_access_spec.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true do
- describe "GET /projects/new" do
- it { expect(new_group_path).to be_allowed_for :admin }
- it { expect(new_group_path).to be_allowed_for :user }
- it { expect(new_group_path).to be_denied_for :visitor }
- end
-
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/projects" do
- subject { projects_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb
deleted file mode 100644
index d17a7412e43..00000000000
--- a/spec/features/security/group/internal_group_access_spec.rb
+++ /dev/null
@@ -1,82 +0,0 @@
-require 'spec_helper'
-
-describe "Group with internal project access", feature: true do
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :internal, group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb
deleted file mode 100644
index b3db7b5dea4..00000000000
--- a/spec/features/security/group/mixed_group_access_spec.rb
+++ /dev/null
@@ -1,83 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true do
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :internal, path: "internal_project", group: group)
- create(:project, :public, path: "public_project", group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb
deleted file mode 100644
index c16f0c0d1e1..00000000000
--- a/spec/features/security/group/public_group_access_spec.rb
+++ /dev/null
@@ -1,82 +0,0 @@
-require 'spec_helper'
-
-describe "Group with public project access", feature: true do
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :public, group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb
deleted file mode 100644
index 2512a9c0e3d..00000000000
--- a/spec/features/security/profile_access_spec.rb
+++ /dev/null
@@ -1,65 +0,0 @@
-require 'spec_helper'
-
-describe "Profile access", feature: true do
- before do
- @u1 = create(:user)
- end
-
- describe "GET /login" do
- it { expect(new_user_session_path).not_to be_404_for :visitor }
- end
-
- describe "GET /profile/keys" do
- subject { profile_keys_path }
-
- it { is_expected.to be_allowed_for @u1 }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /profile" do
- subject { profile_path }
-
- it { is_expected.to be_allowed_for @u1 }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /profile/account" do
- subject { profile_account_path }
-
- it { is_expected.to be_allowed_for @u1 }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /profile/design" do
- subject { design_profile_path }
-
- it { is_expected.to be_allowed_for @u1 }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /profile/history" do
- subject { history_profile_path }
-
- it { is_expected.to be_allowed_for @u1 }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /profile/notifications" do
- subject { profile_notifications_path }
-
- it { is_expected.to be_allowed_for @u1 }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-end
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
deleted file mode 100644
index 8d1bfd25223..00000000000
--- a/spec/features/security/project/internal_access_spec.rb
+++ /dev/null
@@ -1,227 +0,0 @@
-require 'spec_helper'
-
-describe "Internal Project Access", feature: true do
- let(:project) { create(:project, :internal) }
-
- let(:master) { create(:user) }
- let(:guest) { create(:user) }
- let(:reporter) { create(:user) }
-
- before do
- # full access
- project.team << [master, :master]
-
- # readonly
- project.team << [reporter, :reporter]
- end
-
- describe "Project should be internal" do
- subject { project }
-
- describe '#internal?' do
- subject { super().internal? }
- it { is_expected.to be_truthy }
- end
- end
-
- describe "GET /:project_path" do
- subject { namespace_project_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/tree/master" do
- subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/commits/master" do
- subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/commit/:sha" do
- subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/compare" do
- subject { namespace_project_compare_index_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/project_members" do
- subject { namespace_project_project_members_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/blob" do
- before do
- commit = project.repository.commit
- path = '.gitignore'
- @blob_path = namespace_project_blob_path(project.namespace, project, File.join(commit.id, path))
- end
-
- it { expect(@blob_path).to be_allowed_for master }
- it { expect(@blob_path).to be_allowed_for reporter }
- it { expect(@blob_path).to be_allowed_for :admin }
- it { expect(@blob_path).to be_allowed_for guest }
- it { expect(@blob_path).to be_allowed_for :user }
- it { expect(@blob_path).to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/edit" do
- subject { edit_namespace_project_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/deploy_keys" do
- subject { namespace_project_deploy_keys_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/issues" do
- subject { namespace_project_issues_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/snippets" do
- subject { namespace_project_snippets_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/snippets/new" do
- subject { new_namespace_project_snippet_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/merge_requests" do
- subject { namespace_project_merge_requests_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/merge_requests/new" do
- subject { new_namespace_project_merge_request_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/branches" do
- subject { namespace_project_branches_path(project.namespace, project) }
-
- before do
- # Speed increase
- allow_any_instance_of(Project).to receive(:branches).and_return([])
- end
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/tags" do
- subject { namespace_project_tags_path(project.namespace, project) }
-
- before do
- # Speed increase
- allow_any_instance_of(Project).to receive(:tags).and_return([])
- end
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/hooks" do
- subject { namespace_project_hooks_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-end
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
deleted file mode 100644
index 9021ff33186..00000000000
--- a/spec/features/security/project/private_access_spec.rb
+++ /dev/null
@@ -1,205 +0,0 @@
-require 'spec_helper'
-
-describe "Private Project Access", feature: true do
- let(:project) { create(:project) }
-
- let(:master) { create(:user) }
- let(:guest) { create(:user) }
- let(:reporter) { create(:user) }
-
- before do
- # full access
- project.team << [master, :master]
-
- # readonly
- project.team << [reporter, :reporter]
- end
-
- describe "Project should be private" do
- subject { project }
-
- describe '#private?' do
- subject { super().private? }
- it { is_expected.to be_truthy }
- end
- end
-
- describe "GET /:project_path" do
- subject { namespace_project_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/tree/master" do
- subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/commits/master" do
- subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/commit/:sha" do
- subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/compare" do
- subject { namespace_project_compare_index_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/project_members" do
- subject { namespace_project_project_members_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/blob" do
- before do
- commit = project.repository.commit
- path = '.gitignore'
- @blob_path = namespace_project_blob_path(project.namespace, project, File.join(commit.id, path))
- end
-
- it { expect(@blob_path).to be_allowed_for master }
- it { expect(@blob_path).to be_allowed_for reporter }
- it { expect(@blob_path).to be_allowed_for :admin }
- it { expect(@blob_path).to be_denied_for guest }
- it { expect(@blob_path).to be_denied_for :user }
- it { expect(@blob_path).to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/edit" do
- subject { edit_namespace_project_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/deploy_keys" do
- subject { namespace_project_deploy_keys_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/issues" do
- subject { namespace_project_issues_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/snippets" do
- subject { namespace_project_snippets_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/merge_requests" do
- subject { namespace_project_merge_requests_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/branches" do
- subject { namespace_project_branches_path(project.namespace, project) }
-
- before do
- # Speed increase
- allow_any_instance_of(Project).to receive(:branches).and_return([])
- end
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/tags" do
- subject { namespace_project_tags_path(project.namespace, project) }
-
- before do
- # Speed increase
- allow_any_instance_of(Project).to receive(:tags).and_return([])
- end
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/hooks" do
- subject { namespace_project_hooks_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-end
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
deleted file mode 100644
index 6ec190ed777..00000000000
--- a/spec/features/security/project/public_access_spec.rb
+++ /dev/null
@@ -1,232 +0,0 @@
-require 'spec_helper'
-
-describe "Public Project Access", feature: true do
- let(:project) { create(:project) }
-
- let(:master) { create(:user) }
- let(:guest) { create(:user) }
- let(:reporter) { create(:user) }
-
- before do
- # public project
- project.visibility_level = Gitlab::VisibilityLevel::PUBLIC
- project.save!
-
- # full access
- project.team << [master, :master]
-
- # readonly
- project.team << [reporter, :reporter]
-
- end
-
- describe "Project should be public" do
- subject { project }
-
- describe '#public?' do
- subject { super().public? }
- it { is_expected.to be_truthy }
- end
- end
-
- describe "GET /:project_path" do
- subject { namespace_project_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/tree/master" do
- subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/commits/master" do
- subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/commit/:sha" do
- subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/compare" do
- subject { namespace_project_compare_index_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/project_members" do
- subject { namespace_project_project_members_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/blob" do
- before do
- commit = project.repository.commit
- path = '.gitignore'
- @blob_path = namespace_project_blob_path(project.namespace, project, File.join(commit.id, path))
- end
-
- it { expect(@blob_path).to be_allowed_for master }
- it { expect(@blob_path).to be_allowed_for reporter }
- it { expect(@blob_path).to be_allowed_for :admin }
- it { expect(@blob_path).to be_allowed_for guest }
- it { expect(@blob_path).to be_allowed_for :user }
- it { expect(@blob_path).to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/edit" do
- subject { edit_namespace_project_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/deploy_keys" do
- subject { namespace_project_deploy_keys_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/issues" do
- subject { namespace_project_issues_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/snippets" do
- subject { namespace_project_snippets_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/snippets/new" do
- subject { new_namespace_project_snippet_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/merge_requests" do
- subject { namespace_project_merge_requests_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/merge_requests/new" do
- subject { new_namespace_project_merge_request_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /:project_path/branches" do
- subject { namespace_project_branches_path(project.namespace, project) }
-
- before do
- # Speed increase
- allow_any_instance_of(Project).to receive(:branches).and_return([])
- end
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/tags" do
- subject { namespace_project_tags_path(project.namespace, project) }
-
- before do
- # Speed increase
- allow_any_instance_of(Project).to receive(:tags).and_return([])
- end
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /:project_path/hooks" do
- subject { namespace_project_hooks_path(project.namespace, project) }
-
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 17:50:54 +0300