diff options
Diffstat (limited to 'spec/policies/project_group_link_policy_spec.rb')
| -rw-r--r-- | spec/policies/project_group_link_policy_spec.rb | 95 |
1 files changed, 72 insertions, 23 deletions
diff --git a/spec/policies/project_group_link_policy_spec.rb b/spec/policies/project_group_link_policy_spec.rb index 9461f33decb..1047d3acb1e 100644 --- a/spec/policies/project_group_link_policy_spec.rb +++ b/spec/policies/project_group_link_policy_spec.rb @@ -4,9 +4,8 @@ require 'spec_helper' RSpec.describe ProjectGroupLinkPolicy, feature_category: :system_access do let_it_be(:user) { create(:user) } - let_it_be(:group) { create(:group, :private) } let_it_be(:group2) { create(:group, :private) } - let_it_be(:project) { create(:project, :private, group: group) } + let_it_be(:project) { create(:project, :private) } let(:project_group_link) do create(:project_group_link, project: project, group: group2, group_access: Gitlab::Access::DEVELOPER) @@ -14,42 +13,92 @@ RSpec.describe ProjectGroupLinkPolicy, feature_category: :system_access do subject(:policy) { described_class.new(user, project_group_link) } - context 'when the user is a group owner' do - before do - project_group_link.group.add_owner(user) - end + describe 'admin_project_group_link' do + context 'when the user is a group owner' do + before_all do + group2.add_owner(user) + end - context 'when user is not project maintainer' do - it 'can admin group_project_link' do - expect(policy).to be_allowed(:admin_project_group_link) + context 'when user is not project maintainer' do + it 'can admin group_project_link' do + expect(policy).to be_allowed(:admin_project_group_link) + end + end + + context 'when user is a project maintainer' do + before do + project_group_link.project.add_maintainer(user) + end + + it 'can admin group_project_link' do + expect(policy).to be_allowed(:admin_project_group_link) + end end end - context 'when user is a project maintainer' do - before do - project_group_link.project.add_maintainer(user) + context 'when user is not a group owner' do + context 'when user is a project maintainer' do + it 'can admin group_project_link' do + project_group_link.project.add_maintainer(user) + + expect(policy).to be_allowed(:admin_project_group_link) + end end - it 'can admin group_project_link' do - expect(policy).to be_allowed(:admin_project_group_link) + context 'when user is not a project maintainer' do + it 'cannot admin group_project_link' do + project_group_link.project.add_developer(user) + + expect(policy).to be_disallowed(:admin_project_group_link) + end end end end - context 'when user is not a group owner' do - context 'when user is a project maintainer' do - it 'can admin group_project_link' do - project_group_link.project.add_maintainer(user) + describe 'read_shared_with_group' do + context 'when the user is a project member' do + before_all do + project.add_guest(user) + end - expect(policy).to be_allowed(:admin_project_group_link) + it 'can read_shared_with_group' do + expect(policy).to be_allowed(:read_shared_with_group) end end - context 'when user is not a project maintainer' do - it 'cannot admin group_project_link' do - project_group_link.project.add_developer(user) + context 'when the user is not a project member' do + context 'when user is not a group member' do + context 'when the group is private' do + it 'cannot read_shared_with_group' do + expect(policy).to be_disallowed(:read_shared_with_group) + end + + context 'when the project is public' do + let_it_be(:project) { create(:project, :public) } + + it 'cannot read_shared_with_group' do + expect(policy).to be_disallowed(:read_shared_with_group) + end + end + end + + context 'when the group is public' do + let_it_be(:group2) { create(:group, :public) } + + it 'can read_shared_with_group' do + expect(policy).to be_allowed(:read_shared_with_group) + end + end + end + + context 'when user is a group member' do + before_all do + group2.add_guest(user) + end - expect(policy).to be_disallowed(:admin_project_group_link) + it 'can read_shared_with_group' do + expect(policy).to be_allowed(:read_shared_with_group) + end end end end |