diff options
Diffstat (limited to 'spec/policies/group_policy_spec.rb')
-rw-r--r-- | spec/policies/group_policy_spec.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index fecf5f3e4f8..7cded27e449 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -876,10 +876,30 @@ RSpec.describe GroupPolicy do let(:deploy_token) { create(:deploy_token, :group, write_package_registry: true) } it { is_expected.to be_allowed(:create_package) } + it { is_expected.to be_allowed(:read_package) } it { is_expected.to be_allowed(:read_group) } it { is_expected.to be_disallowed(:destroy_package) } end end it_behaves_like 'Self-managed Core resource access tokens' + + context 'support bot' do + let_it_be(:group) { create(:group, :private) } + let_it_be(:current_user) { User.support_bot } + + before do + allow(Gitlab::ServiceDesk).to receive(:supported?).and_return(true) + end + + it { expect_disallowed(:read_label) } + + context 'when group hierarchy has a project with service desk enabled' do + let_it_be(:subgroup) { create(:group, :private, parent: group)} + let_it_be(:project) { create(:project, group: subgroup, service_desk_enabled: true) } + + it { expect_allowed(:read_label) } + it { expect(described_class.new(current_user, subgroup)).to be_allowed(:read_label) } + end + end end |