diff options
Diffstat (limited to 'spec/policies/group_policy_spec.rb')
| -rw-r--r-- | spec/policies/group_policy_spec.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index ff59a2e04a7..05bba167bd3 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -242,6 +242,24 @@ RSpec.describe GroupPolicy do end end + context 'migration bot' do + let_it_be(:migration_bot) { User.migration_bot } + let_it_be(:current_user) { migration_bot } + + it :aggregate_failures do + expect_allowed(:read_resource_access_tokens, :destroy_resource_access_tokens) + expect_disallowed(*guest_permissions) + expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) + expect_disallowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end + + it_behaves_like 'deploy token does not get confused with user' do + let(:user_id) { migration_bot.id } + end + end + describe 'private nested group use the highest access level from the group and inherited permissions' do let_it_be(:nested_group) do create(:group, :private, :owner_subgroup_creation_only, :crm_enabled, parent: group) @@ -914,12 +932,21 @@ RSpec.describe GroupPolicy do context 'reporter' do let(:current_user) { reporter } + it { is_expected.to be_allowed(:read_dependency_proxy) } it { is_expected.to be_disallowed(:admin_dependency_proxy) } end context 'developer' do let(:current_user) { developer } + it { is_expected.to be_allowed(:read_dependency_proxy) } + it { is_expected.to be_disallowed(:admin_dependency_proxy) } + end + + context 'maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:read_dependency_proxy) } it { is_expected.to be_allowed(:admin_dependency_proxy) } end end @@ -1171,6 +1198,24 @@ RSpec.describe GroupPolicy do end end + describe 'change_prevent_sharing_groups_outside_hierarchy' do + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:change_prevent_sharing_groups_outside_hierarchy) } + end + + context 'with non-owner roles' do + where(role: %w[admin maintainer reporter developer guest]) + + with_them do + let(:current_user) { public_send role } + + it { is_expected.to be_disallowed(:change_prevent_sharing_groups_outside_hierarchy) } + end + end + end + context 'with customer relations feature flag disabled' do let(:current_user) { owner } |