diff options
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r-- | spec/policies/project_policy_spec.rb | 84 |
1 files changed, 74 insertions, 10 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index f36b0a62aa3..2953c198af6 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -104,29 +104,71 @@ RSpec.describe ProjectPolicy do end context 'pipeline feature' do - let(:project) { private_project } + let(:project) { private_project } + let(:current_user) { developer } + let(:pipeline) { create(:ci_pipeline, project: project) } - before do - private_project.add_developer(current_user) + describe 'for confirmed user' do + it 'allows modify pipelines' do + expect_allowed(:create_pipeline) + expect_allowed(:update_pipeline) + expect_allowed(:create_pipeline_schedule) + end end describe 'for unconfirmed user' do - let(:current_user) { create(:user, confirmed_at: nil) } + let(:current_user) { project.owner.tap { |u| u.update!(confirmed_at: nil) } } it 'disallows to modify pipelines' do expect_disallowed(:create_pipeline) expect_disallowed(:update_pipeline) + expect_disallowed(:destroy_pipeline) expect_disallowed(:create_pipeline_schedule) end end - describe 'for confirmed user' do - let(:current_user) { developer } + describe 'destroy permission' do + describe 'for developers' do + it 'prevents :destroy_pipeline' do + expect(current_user.can?(:destroy_pipeline, pipeline)).to be_falsey + end + end - it 'allows modify pipelines' do - expect_allowed(:create_pipeline) - expect_allowed(:update_pipeline) - expect_allowed(:create_pipeline_schedule) + describe 'for maintainers' do + let(:current_user) { maintainer } + + it 'prevents :destroy_pipeline' do + project.add_maintainer(maintainer) + expect(current_user.can?(:destroy_pipeline, pipeline)).to be_falsey + end + end + + describe 'for project owner' do + let(:current_user) { project.owner } + + it 'allows :destroy_pipeline' do + expect(current_user.can?(:destroy_pipeline, pipeline)).to be_truthy + end + + context 'on archived projects' do + before do + project.update!(archived: true) + end + + it 'prevents :destroy_pipeline' do + expect(current_user.can?(:destroy_pipeline, pipeline)).to be_falsey + end + end + + context 'on archived pending_delete projects' do + before do + project.update!(archived: true, pending_delete: true) + end + + it 'allows :destroy_pipeline' do + expect(current_user.can?(:destroy_pipeline, pipeline)).to be_truthy + end + end end end end @@ -955,6 +997,28 @@ RSpec.describe ProjectPolicy do end end + context 'infrastructure google cloud feature' do + %w(guest reporter developer).each do |role| + context role do + let(:current_user) { send(role) } + + it 'disallows managing google cloud' do + expect_disallowed(:admin_project_google_cloud) + end + end + end + + %w(maintainer owner).each do |role| + context role do + let(:current_user) { send(role) } + + it 'allows managing google cloud' do + expect_allowed(:admin_project_google_cloud) + end + end + end + end + describe 'design permissions' do include DesignManagementTestHelpers |