diff options
Diffstat (limited to 'spec/policies/global_policy_spec.rb')
| -rw-r--r-- | spec/policies/global_policy_spec.rb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index 2f9376f9b0a..e677f5558fd 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -7,6 +7,8 @@ RSpec.describe GlobalPolicy do let_it_be(:project_bot) { create(:user, :project_bot) } let_it_be(:migration_bot) { create(:user, :migration_bot) } + let_it_be(:security_bot) { create(:user, :security_bot) } + let(:current_user) { create(:user) } let(:user) { create(:user) } @@ -148,6 +150,24 @@ RSpec.describe GlobalPolicy do end end + describe 'rejecting users' do + context 'regular user' do + it { is_expected.not_to be_allowed(:reject_user) } + end + + context 'admin' do + let(:current_user) { create(:admin) } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:reject_user) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:reject_user) } + end + end + end + describe 'using project statistics filters' do context 'regular user' do it { is_expected.not_to be_allowed(:use_project_statistics_filters) } @@ -205,6 +225,12 @@ RSpec.describe GlobalPolicy do it { is_expected.not_to be_allowed(:access_api) } end + context 'security bot' do + let(:current_user) { security_bot } + + it { is_expected.not_to be_allowed(:access_api) } + end + context 'user blocked pending approval' do before do current_user.block_pending_approval @@ -335,6 +361,12 @@ RSpec.describe GlobalPolicy do it { is_expected.to be_allowed(:access_git) } end + context 'security bot' do + let(:current_user) { security_bot } + + it { is_expected.to be_allowed(:access_git) } + end + describe 'deactivated user' do before do current_user.deactivate @@ -495,6 +527,12 @@ RSpec.describe GlobalPolicy do it { is_expected.not_to be_allowed(:log_in) } end + context 'security bot' do + let(:current_user) { security_bot } + + it { is_expected.not_to be_allowed(:log_in) } + end + context 'user blocked pending approval' do before do current_user.block_pending_approval |