Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/policies/project_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/project_policy_spec.rb')
-rw-r--r--spec/policies/project_policy_spec.rb217
1 files changed, 88 insertions, 129 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index ee8d811971a..602b7148d0e 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -2879,42 +2879,10 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
end
describe 'create_runner' do
- context 'create_runner_workflow_for_namespace flag enabled' do
- before do
- stub_feature_flags(create_runner_workflow_for_namespace: [project.namespace])
- end
-
- context 'admin' do
- let(:current_user) { admin }
-
- context 'when admin mode is enabled', :enable_admin_mode do
- it { is_expected.to be_allowed(:create_runner) }
-
- context 'with project runner registration disabled' do
- before do
- stub_application_setting(valid_runner_registrars: ['group'])
- end
-
- it { is_expected.to be_allowed(:create_runner) }
- end
-
- context 'with specific project runner registration disabled' do
- before do
- project.update!(runner_registration_enabled: false)
- end
-
- it { is_expected.to be_allowed(:create_runner) }
- end
- end
-
- context 'when admin mode is disabled' do
- it { is_expected.to be_disallowed(:create_runner) }
- end
- end
-
- context 'with owner' do
- let(:current_user) { owner }
+ context 'admin' do
+ let(:current_user) { admin }
+ context 'when admin mode is enabled', :enable_admin_mode do
it { is_expected.to be_allowed(:create_runner) }
context 'with project runner registration disabled' do
@@ -2922,7 +2890,7 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
stub_application_setting(valid_runner_registrars: ['group'])
end
- it { is_expected.to be_disallowed(:create_runner) }
+ it { is_expected.to be_allowed(:create_runner) }
end
context 'with specific project runner registration disabled' do
@@ -2930,125 +2898,65 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
project.update!(runner_registration_enabled: false)
end
- it { is_expected.to be_disallowed(:create_runner) }
+ it { is_expected.to be_allowed(:create_runner) }
end
end
- context 'with maintainer' do
- let(:current_user) { maintainer }
-
- it { is_expected.to be_allowed(:create_runner) }
- end
-
- context 'with reporter' do
- let(:current_user) { reporter }
-
- it { is_expected.to be_disallowed(:create_runner) }
- end
-
- context 'with guest' do
- let(:current_user) { guest }
-
- it { is_expected.to be_disallowed(:create_runner) }
- end
-
- context 'with developer' do
- let(:current_user) { developer }
-
- it { is_expected.to be_disallowed(:create_runner) }
- end
-
- context 'with anonymous' do
- let(:current_user) { nil }
-
+ context 'when admin mode is disabled' do
it { is_expected.to be_disallowed(:create_runner) }
end
end
- context 'create_runner_workflow_for_namespace flag disabled' do
- before do
- stub_feature_flags(create_runner_workflow_for_namespace: [group])
- end
-
- context 'admin' do
- let(:current_user) { admin }
-
- context 'when admin mode is enabled', :enable_admin_mode do
- it { is_expected.to be_disallowed(:create_runner) }
-
- context 'with project runner registration disabled' do
- before do
- stub_application_setting(valid_runner_registrars: ['group'])
- end
-
- it { is_expected.to be_disallowed(:create_runner) }
- end
-
- context 'with specific project runner registration disabled' do
- before do
- project.update!(runner_registration_enabled: false)
- end
+ context 'with owner' do
+ let(:current_user) { owner }
- it { is_expected.to be_disallowed(:create_runner) }
- end
- end
+ it { is_expected.to be_allowed(:create_runner) }
- context 'when admin mode is disabled' do
- it { is_expected.to be_disallowed(:create_runner) }
+ context 'with project runner registration disabled' do
+ before do
+ stub_application_setting(valid_runner_registrars: ['group'])
end
- end
-
- context 'with owner' do
- let(:current_user) { owner }
it { is_expected.to be_disallowed(:create_runner) }
+ end
- context 'with project runner registration disabled' do
- before do
- stub_application_setting(valid_runner_registrars: ['group'])
- end
-
- it { is_expected.to be_disallowed(:create_runner) }
+ context 'with specific project runner registration disabled' do
+ before do
+ project.update!(runner_registration_enabled: false)
end
- context 'with specific project runner registration disabled' do
- before do
- project.update!(runner_registration_enabled: false)
- end
-
- it { is_expected.to be_disallowed(:create_runner) }
- end
+ it { is_expected.to be_disallowed(:create_runner) }
end
+ end
- context 'with maintainer' do
- let(:current_user) { maintainer }
+ context 'with maintainer' do
+ let(:current_user) { maintainer }
- it { is_expected.to be_disallowed(:create_runner) }
- end
+ it { is_expected.to be_allowed(:create_runner) }
+ end
- context 'with reporter' do
- let(:current_user) { reporter }
+ context 'with reporter' do
+ let(:current_user) { reporter }
- it { is_expected.to be_disallowed(:create_runner) }
- end
+ it { is_expected.to be_disallowed(:create_runner) }
+ end
- context 'with guest' do
- let(:current_user) { guest }
+ context 'with guest' do
+ let(:current_user) { guest }
- it { is_expected.to be_disallowed(:create_runner) }
- end
+ it { is_expected.to be_disallowed(:create_runner) }
+ end
- context 'with developer' do
- let(:current_user) { developer }
+ context 'with developer' do
+ let(:current_user) { developer }
- it { is_expected.to be_disallowed(:create_runner) }
- end
+ it { is_expected.to be_disallowed(:create_runner) }
+ end
- context 'with anonymous' do
- let(:current_user) { nil }
+ context 'with anonymous' do
+ let(:current_user) { nil }
- it { is_expected.to be_disallowed(:create_runner) }
- end
+ it { is_expected.to be_disallowed(:create_runner) }
end
end
@@ -3309,6 +3217,57 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
end
end
+ describe ':write_model_experiments' do
+ using RSpec::Parameterized::TableSyntax
+
+ where(:ff_ml_experiment_tracking, :current_user, :access_level, :allowed) do
+ false | ref(:owner) | Featurable::ENABLED | false
+ true | ref(:reporter) | Featurable::ENABLED | true
+ true | ref(:reporter) | Featurable::PRIVATE | true
+ true | ref(:reporter) | Featurable::DISABLED | false
+ true | ref(:guest) | Featurable::ENABLED | false
+ true | ref(:non_member) | Featurable::ENABLED | false
+ end
+ with_them do
+ before do
+ stub_feature_flags(ml_experiment_tracking: ff_ml_experiment_tracking)
+ project.project_feature.update!(model_experiments_access_level: access_level)
+ end
+
+ if params[:allowed]
+ it { is_expected.to be_allowed(:write_model_experiments) }
+ else
+ it { is_expected.not_to be_allowed(:write_model_experiments) }
+ end
+ end
+ end
+
+ describe 'when project is created and owned by a banned user' do
+ let_it_be(:project) { create(:project, :public) }
+
+ let(:current_user) { guest }
+
+ before do
+ allow(project).to receive(:created_and_owned_by_banned_user?).and_return(true)
+ end
+
+ it { expect_disallowed(:read_project) }
+
+ context 'when current user is an admin', :enable_admin_mode do
+ let(:current_user) { admin }
+
+ it { expect_allowed(:read_project) }
+ end
+
+ context 'when hide_projects_of_banned_users FF is disabled' do
+ before do
+ stub_feature_flags(hide_projects_of_banned_users: false)
+ end
+
+ it { expect_allowed(:read_project) }
+ end
+ end
+
private
def project_subject(project_type)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 21:08:44 +0300