Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/policies/group_member_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/group_member_policy_spec.rb')
-rw-r--r--spec/policies/group_member_policy_spec.rb130
1 files changed, 82 insertions, 48 deletions
diff --git a/spec/policies/group_member_policy_spec.rb b/spec/policies/group_member_policy_spec.rb
index 27ce683861c..6ae5e43def4 100644
--- a/spec/policies/group_member_policy_spec.rb
+++ b/spec/policies/group_member_policy_spec.rb
@@ -83,6 +83,31 @@ RSpec.describe GroupMemberPolicy do
specify { expect_allowed(:read_group) }
end
+ context 'for access requests' do
+ let_it_be(:group) { create(:group, :public) }
+ let_it_be(:user) { create(:user) }
+
+ let(:current_user) { user }
+
+ context 'for own access request' do
+ let(:membership) { create(:group_member, :access_request, group: group, user: user) }
+
+ specify { expect_allowed(:withdraw_member_access_request) }
+ end
+
+ context "for another user's access request" do
+ let(:membership) { create(:group_member, :access_request, group: group, user: create(:user)) }
+
+ specify { expect_disallowed(:withdraw_member_access_request) }
+ end
+
+ context 'for own, valid membership' do
+ let(:membership) { create(:group_member, :developer, group: group, user: user) }
+
+ specify { expect_disallowed(:withdraw_member_access_request) }
+ end
+ end
+
context 'with bot user' do
let(:current_user) { create(:user, :project_bot) }
@@ -100,74 +125,83 @@ RSpec.describe GroupMemberPolicy do
specify { expect_disallowed(:read_group, :destroy_project_bot_member) }
end
- context 'with one owner' do
+ context 'with owner' do
let(:current_user) { owner }
- specify { expect_disallowed(*member_related_permissions) }
- specify { expect_allowed(:read_group) }
- end
+ context 'with group with one owner' do
+ specify { expect_disallowed(*member_related_permissions) }
+ specify { expect_allowed(:read_group) }
+ end
- context 'with one blocked owner' do
- let(:owner) { create(:user, :blocked) }
- let(:current_user) { owner }
+ context 'with group with bot user owner' do
+ before do
+ group.add_owner(create(:user, :project_bot))
+ end
- specify { expect_disallowed(*member_related_permissions) }
- specify { expect_disallowed(:read_group) }
- end
+ specify { expect_disallowed(*member_related_permissions) }
+ end
- context 'with more than one owner' do
- let(:current_user) { owner }
+ context 'with group with more than one owner' do
+ before do
+ group.add_owner(create(:user))
+ end
- before do
- group.add_owner(create(:user))
+ specify { expect_allowed(*member_related_permissions) }
+ specify { expect_disallowed(:destroy_project_bot_member) }
end
- specify { expect_allowed(*member_related_permissions) }
- specify { expect_disallowed(:destroy_project_bot_member) }
- end
+ context 'with group with owners from a parent' do
+ context 'when top-level group' do
+ context 'with group sharing' do
+ let!(:subgroup) { create(:group, :private, parent: group) }
- context 'with the group parent' do
- let(:current_user) { create :user }
- let(:subgroup) { create(:group, :private, parent: group) }
+ before do
+ create(:group_group_link, :owner, shared_group: group, shared_with_group: subgroup)
+ create(:group_member, :owner, group: subgroup)
+ end
- before do
- group.add_owner(owner)
- subgroup.add_owner(current_user)
- end
+ specify { expect_disallowed(*member_related_permissions) }
+ specify { expect_allowed(:read_group) }
+ end
+ end
- it do
- expect_allowed(:destroy_group_member)
- expect_allowed(:update_group_member)
- end
- end
+ context 'when subgroup' do
+ let(:current_user) { create :user }
- context 'without group parent' do
- let(:current_user) { create :user }
- let(:subgroup) { create(:group, :private) }
+ let!(:subgroup) { create(:group, :private, parent: group) }
- before do
- subgroup.add_owner(current_user)
- end
+ before do
+ subgroup.add_owner(current_user)
+ end
- it do
- expect_disallowed(:destroy_group_member)
- expect_disallowed(:update_group_member)
+ specify { expect_allowed(*member_related_permissions) }
+ specify { expect_allowed(:read_group) }
+ end
end
end
- context 'without group parent with two owners' do
- let(:current_user) { create :user }
- let(:other_user) { create :user }
- let(:subgroup) { create(:group, :private) }
+ context 'with blocked owner' do
+ let(:owner) { create(:user, :blocked) }
+ let(:current_user) { owner }
- before do
- subgroup.add_owner(current_user)
- subgroup.add_owner(other_user)
+ specify { expect_disallowed(*member_related_permissions) }
+ specify { expect_disallowed(:read_group) }
+
+ context 'with group with bot user owner' do
+ before do
+ group.add_owner(create(:user, :project_bot))
+ end
+
+ specify { expect_disallowed(*member_related_permissions) }
+ specify { expect_disallowed(:read_group) }
end
- it do
- expect_allowed(:destroy_group_member)
- expect_allowed(:update_group_member)
+ context 'with group with more than one blocked owner' do
+ before do
+ group.add_owner(create(:user, :blocked))
+ end
+
+ specify { expect_allowed(:destroy_group_member) }
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 04:52:28 +0300