1 files changed, 29 insertions, 3 deletions

diff --git a/spec/policies/project_member_policy_spec.rb b/spec/policies/project_member_policy_spec.rb
index b19ab71fcb5..d7c155b39f5 100644
--- a/spec/policies/project_member_policy_spec.rb
+++ b/spec/policies/project_member_policy_spec.rb
@@ -4,13 +4,14 @@ require 'spec_helper'
 
 RSpec.describe ProjectMemberPolicy do
   let(:project) { create(:project) }
-  let(:maintainer_user) { create(:user) }
+  let(:maintainer) { create(:user) }
   let(:member) { create(:project_member, project: project, user: member_user) }
+  let(:current_user) { maintainer }
 
-  subject { described_class.new(maintainer_user, member) }
+  subject { described_class.new(current_user, member) }
 
   before do
-    create(:project_member, :maintainer, project: project, user: maintainer_user)
+    create(:project_member, :maintainer, project: project, user: maintainer)
   end
 
   context 'with regular member' do
@@ -40,4 +41,29 @@ RSpec.describe ProjectMemberPolicy do
     it { is_expected.not_to be_allowed(:update_project_member) }
     it { is_expected.not_to be_allowed(:destroy_project_member) }
   end
+
+  context 'for access requests' do
+    let_it_be(:project) { create(:project, :public) }
+    let_it_be(:user) { create(:user) }
+
+    let(:current_user) { user }
+
+    context 'for own access request' do
+      let(:member) { create(:project_member, :access_request, project: project, user: user) }
+
+      specify { expect_allowed(:withdraw_member_access_request) }
+    end
+
+    context "for another user's access request" do
+      let(:member) { create(:project_member, :access_request, project: project, user: create(:user)) }
+
+      specify { expect_disallowed(:withdraw_member_access_request) }
+    end
+
+    context 'for own, valid membership' do
+      let(:member) { create(:project_member, :developer, project: project, user: user) }
+
+      specify { expect_disallowed(:withdraw_member_access_request) }
+    end
+  end
 end