diff options
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r-- | spec/policies/project_policy_spec.rb | 200 |
1 files changed, 159 insertions, 41 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 50f425f4efe..ae2a11bdbf0 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -2810,6 +2810,14 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do it { is_expected.to be_allowed(:register_project_runners) } end + + context 'with specific project runner registration disabled' do + before do + project.update!(runner_registration_enabled: false) + end + + it { is_expected.to be_allowed(:register_project_runners) } + end end context 'when admin mode is disabled' do @@ -2829,6 +2837,14 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do it { is_expected.to be_disallowed(:register_project_runners) } end + + context 'with specific project runner registration disabled' do + before do + project.update!(runner_registration_enabled: false) + end + + it { is_expected.to be_disallowed(:register_project_runners) } + end end context 'with maintainer' do @@ -2862,7 +2878,7 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end - describe 'create_project_runners' do + describe 'create_runner' do context 'create_runner_workflow_for_namespace flag enabled' do before do stub_feature_flags(create_runner_workflow_for_namespace: [project.namespace]) @@ -2872,64 +2888,80 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do let(:current_user) { admin } context 'when admin mode is enabled', :enable_admin_mode do - it { is_expected.to be_allowed(:create_project_runners) } + it { is_expected.to be_allowed(:create_runner) } context 'with project runner registration disabled' do before do stub_application_setting(valid_runner_registrars: ['group']) end - it { is_expected.to be_allowed(:create_project_runners) } + it { is_expected.to be_allowed(:create_runner) } + end + + context 'with specific project runner registration disabled' do + before do + project.update!(runner_registration_enabled: false) + end + + it { is_expected.to be_allowed(:create_runner) } end end context 'when admin mode is disabled' do - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end end context 'with owner' do let(:current_user) { owner } - it { is_expected.to be_allowed(:create_project_runners) } + it { is_expected.to be_allowed(:create_runner) } context 'with project runner registration disabled' do before do stub_application_setting(valid_runner_registrars: ['group']) end - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } + end + + context 'with specific project runner registration disabled' do + before do + project.update!(runner_registration_enabled: false) + end + + it { is_expected.to be_disallowed(:create_runner) } end end context 'with maintainer' do let(:current_user) { maintainer } - it { is_expected.to be_allowed(:create_project_runners) } + it { is_expected.to be_allowed(:create_runner) } end context 'with reporter' do let(:current_user) { reporter } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with guest' do let(:current_user) { guest } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with developer' do let(:current_user) { developer } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with anonymous' do let(:current_user) { nil } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end end @@ -2942,68 +2974,162 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do let(:current_user) { admin } context 'when admin mode is enabled', :enable_admin_mode do - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } context 'with project runner registration disabled' do before do stub_application_setting(valid_runner_registrars: ['group']) end - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } + end + + context 'with specific project runner registration disabled' do + before do + project.update!(runner_registration_enabled: false) + end + + it { is_expected.to be_disallowed(:create_runner) } end end context 'when admin mode is disabled' do - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end end context 'with owner' do let(:current_user) { owner } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } context 'with project runner registration disabled' do before do stub_application_setting(valid_runner_registrars: ['group']) end - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } + end + + context 'with specific project runner registration disabled' do + before do + project.update!(runner_registration_enabled: false) + end + + it { is_expected.to be_disallowed(:create_runner) } end end context 'with maintainer' do let(:current_user) { maintainer } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with reporter' do let(:current_user) { reporter } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with guest' do let(:current_user) { guest } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with developer' do let(:current_user) { developer } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end context 'with anonymous' do let(:current_user) { nil } - it { is_expected.to be_disallowed(:create_project_runners) } + it { is_expected.to be_disallowed(:create_runner) } end end end + describe 'admin_project_runners' do + context 'admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:create_runner) } + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:create_runner) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:create_runner) } + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:create_runner) } + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:create_runner) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:create_runner) } + end + + context 'with developer' do + let(:current_user) { developer } + + it { is_expected.to be_disallowed(:create_runner) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:create_runner) } + end + end + + describe 'read_project_runners' do + subject(:policy) { described_class.new(user, project) } + + context 'with maintainer' do + let(:user) { maintainer } + + it { is_expected.to be_allowed(:read_project_runners) } + end + + context 'with admin', :enable_admin_mode do + let(:user) { admin } + + it { is_expected.to be_allowed(:read_project_runners) } + end + + context 'with reporter' do + let(:user) { reporter } + + it { is_expected.to be_disallowed(:read_project_runners) } + end + + context 'when the user is not part of the project' do + let(:user) { non_member } + + it { is_expected.to be_disallowed(:read_project_runners) } + end + end + describe 'update_sentry_issue' do using RSpec::Parameterized::TableSyntax @@ -3104,26 +3230,6 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end - describe 'add_catalog_resource' do - using RSpec::Parameterized::TableSyntax - - let(:current_user) { public_send(role) } - - where(:role, :allowed) do - :owner | true - :maintainer | false - :developer | false - :reporter | false - :guest | false - end - - with_them do - it do - expect(subject.can?(:add_catalog_resource)).to be(allowed) - end - end - end - describe 'read_code' do let(:current_user) { create(:user) } @@ -3145,6 +3251,18 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end + describe 'read_namespace_catalog' do + let(:current_user) { owner } + + specify { is_expected.to be_disallowed(:read_namespace_catalog) } + end + + describe 'add_catalog_resource' do + let(:current_user) { owner } + + specify { is_expected.to be_disallowed(:read_namespace_catalog) } + end + private def project_subject(project_type) |