diff options
Diffstat (limited to 'spec/policies/global_policy_spec.rb')
-rw-r--r-- | spec/policies/global_policy_spec.rb | 100 |
1 files changed, 99 insertions, 1 deletions
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index 1538f8a70c8..0575ba3237b 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe GlobalPolicy, feature_category: :security_policies do +RSpec.describe GlobalPolicy, feature_category: :shared do include TermsHelper let_it_be(:admin_user) { create(:admin) } @@ -591,4 +591,102 @@ RSpec.describe GlobalPolicy, feature_category: :security_policies do it { is_expected.to be_disallowed(:log_in) } end end + + describe 'create_instance_runners' do + context 'create_runner_workflow flag enabled' do + before do + stub_feature_flags(create_runner_workflow: true) + end + + context 'admin' do + let(:current_user) { admin_user } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:create_instance_runners) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:create_instance_runners) } + end + end + + context 'with project_bot' do + let(:current_user) { project_bot } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with migration_bot' do + let(:current_user) { migration_bot } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with security_bot' do + let(:current_user) { security_bot } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with regular user' do + let(:current_user) { user } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + end + + context 'create_runner_workflow flag disabled' do + before do + stub_feature_flags(create_runner_workflow: false) + end + + context 'admin' do + let(:current_user) { admin_user } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:create_instance_runners) } + end + end + + context 'with project_bot' do + let(:current_user) { project_bot } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with migration_bot' do + let(:current_user) { migration_bot } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with security_bot' do + let(:current_user) { security_bot } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with regular user' do + let(:current_user) { user } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_instance_runners) } + end + end + end end |