Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/policies/project_group_link_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/project_group_link_policy_spec.rb')
-rw-r--r--spec/policies/project_group_link_policy_spec.rb164
1 files changed, 150 insertions, 14 deletions
diff --git a/spec/policies/project_group_link_policy_spec.rb b/spec/policies/project_group_link_policy_spec.rb
index 1047d3acb1e..9fcd6ead524 100644
--- a/spec/policies/project_group_link_policy_spec.rb
+++ b/spec/policies/project_group_link_policy_spec.rb
@@ -7,21 +7,75 @@ RSpec.describe ProjectGroupLinkPolicy, feature_category: :system_access do
let_it_be(:group2) { create(:group, :private) }
let_it_be(:project) { create(:project, :private) }
- let(:project_group_link) do
- create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::DEVELOPER)
+ subject(:policy) { described_class.new(user, project_group_link) }
+
+ describe 'destroy_project_group_link' do
+ let_it_be(:project_group_link) do
+ create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::DEVELOPER)
+ end
+
+ context 'when the user is a group owner' do
+ before_all do
+ group2.add_owner(user)
+ end
+
+ it 'can destroy group_project_link' do
+ expect(policy).to be_allowed(:destroy_project_group_link)
+ end
+
+ context 'when group link has owner access' do
+ it 'can destroy group_project_link' do
+ project_group_link.update!(group_access: Gitlab::Access::OWNER)
+
+ expect(policy).to be_allowed(:destroy_project_group_link)
+ end
+ end
+ end
+
+ context 'when user is a project maintainer' do
+ before do
+ project_group_link.project.add_maintainer(user)
+ end
+
+ context 'when group link has owner access' do
+ it 'cannot destroy group_project_link' do
+ project_group_link.update!(group_access: Gitlab::Access::OWNER)
+
+ expect(policy).to be_disallowed(:destroy_project_group_link)
+ end
+ end
+
+ context 'when group link has maintainer access' do
+ it 'can destroy group_project_link' do
+ project_group_link.update!(group_access: Gitlab::Access::MAINTAINER)
+
+ expect(policy).to be_allowed(:destroy_project_group_link)
+ end
+ end
+ end
+
+ context 'when user is not a project maintainer' do
+ it 'cannot destroy group_project_link' do
+ project_group_link.project.add_developer(user)
+
+ expect(policy).to be_disallowed(:destroy_project_group_link)
+ end
+ end
end
- subject(:policy) { described_class.new(user, project_group_link) }
+ describe 'manage_destroy' do
+ let_it_be(:project_group_link) do
+ create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::DEVELOPER)
+ end
- describe 'admin_project_group_link' do
context 'when the user is a group owner' do
before_all do
group2.add_owner(user)
end
context 'when user is not project maintainer' do
- it 'can admin group_project_link' do
- expect(policy).to be_allowed(:admin_project_group_link)
+ it 'can manage_destroy' do
+ expect(policy).to be_allowed(:manage_destroy)
end
end
@@ -30,32 +84,50 @@ RSpec.describe ProjectGroupLinkPolicy, feature_category: :system_access do
project_group_link.project.add_maintainer(user)
end
- it 'can admin group_project_link' do
- expect(policy).to be_allowed(:admin_project_group_link)
+ it 'can admin manage_destroy' do
+ expect(policy).to be_allowed(:manage_destroy)
end
end
end
context 'when user is not a group owner' do
context 'when user is a project maintainer' do
- it 'can admin group_project_link' do
+ before do
project_group_link.project.add_maintainer(user)
+ end
+
+ context 'when group link has owner access' do
+ it 'can manage_destroy' do
+ project_group_link.update!(group_access: Gitlab::Access::OWNER)
- expect(policy).to be_allowed(:admin_project_group_link)
+ expect(policy).to be_allowed(:manage_destroy)
+ end
+ end
+
+ context 'when group link has maintainer access' do
+ it 'can manage_destroy' do
+ project_group_link.update!(group_access: Gitlab::Access::MAINTAINER)
+
+ expect(policy).to be_allowed(:manage_destroy)
+ end
end
end
context 'when user is not a project maintainer' do
- it 'cannot admin group_project_link' do
+ it 'cannot manage_destroy' do
project_group_link.project.add_developer(user)
- expect(policy).to be_disallowed(:admin_project_group_link)
+ expect(policy).to be_disallowed(:manage_destroy)
end
end
end
end
describe 'read_shared_with_group' do
+ let_it_be(:project_group_link) do
+ create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::MAINTAINER)
+ end
+
context 'when the user is a project member' do
before_all do
project.add_guest(user)
@@ -83,9 +155,9 @@ RSpec.describe ProjectGroupLinkPolicy, feature_category: :system_access do
end
context 'when the group is public' do
- let_it_be(:group2) { create(:group, :public) }
-
it 'can read_shared_with_group' do
+ group2.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+
expect(policy).to be_allowed(:read_shared_with_group)
end
end
@@ -102,4 +174,68 @@ RSpec.describe ProjectGroupLinkPolicy, feature_category: :system_access do
end
end
end
+
+ describe 'manage_owners' do
+ let_it_be(:project_group_link) do
+ create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::MAINTAINER)
+ end
+
+ context 'when the user is a project owner' do
+ before_all do
+ project.add_owner(user)
+ end
+
+ it 'can manage_owners' do
+ expect(policy).to be_allowed(:manage_owners)
+ end
+ end
+
+ context 'when the user is a project maintainer' do
+ before_all do
+ project.add_maintainer(user)
+ end
+
+ it 'cannot manage_owners' do
+ expect(policy).to be_disallowed(:manage_owners)
+ end
+ end
+ end
+
+ describe 'manage_group_link_with_owner_access' do
+ context 'when group link has owner access' do
+ let_it_be(:project_group_link) do
+ create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::OWNER)
+ end
+
+ context 'when the user is a project owner' do
+ before_all do
+ project.add_owner(user)
+ end
+
+ it 'can manage_group_link_with_owner_access' do
+ expect(policy).to be_allowed(:manage_group_link_with_owner_access)
+ end
+ end
+
+ context 'when the user is a project maintainer' do
+ before_all do
+ project.add_maintainer(user)
+ end
+
+ it 'cannot manage_group_link_with_owner_access' do
+ expect(policy).to be_disallowed(:manage_group_link_with_owner_access)
+ end
+ end
+ end
+
+ context 'when group link has maintainer access' do
+ let_it_be(:project_group_link) do
+ create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::MAINTAINER)
+ end
+
+ it 'can manage_group_link_with_owner_access' do
+ expect(policy).to be_allowed(:manage_group_link_with_owner_access)
+ end
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 20:30:38 +0300