Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/policies/user_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/user_policy_spec.rb')
-rw-r--r--spec/policies/user_policy_spec.rb46
1 files changed, 38 insertions, 8 deletions
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
index 78212f06526..b800e7dbc43 100644
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -3,8 +3,12 @@
require 'spec_helper'
RSpec.describe UserPolicy do
- let(:current_user) { create(:user) }
- let(:user) { create(:user) }
+ let_it_be(:admin) { create(:user, :admin) }
+ let_it_be(:regular_user) { create(:user) }
+ let_it_be(:subject_user) { create(:user) }
+
+ let(:current_user) { regular_user }
+ let(:user) { subject_user }
subject { described_class.new(current_user, user) }
@@ -16,7 +20,7 @@ RSpec.describe UserPolicy do
let(:token) { create(:personal_access_token, user: user) }
context 'when user is admin' do
- let(:current_user) { create(:user, :admin) }
+ let(:current_user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it { is_expected.to be_allowed(:read_user_personal_access_tokens) }
@@ -42,7 +46,7 @@ RSpec.describe UserPolicy do
describe "creating a different user's Personal Access Tokens" do
context 'when current_user is admin' do
- let(:current_user) { create(:user, :admin) }
+ let(:current_user) { admin }
context 'when admin mode is enabled and current_user is not blocked', :enable_admin_mode do
it { is_expected.to be_allowed(:create_user_personal_access_token) }
@@ -92,7 +96,7 @@ RSpec.describe UserPolicy do
end
context "when an admin user tries to destroy a regular user" do
- let(:current_user) { create(:user, :admin) }
+ let(:current_user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it { is_expected.to be_allowed(ability) }
@@ -104,7 +108,7 @@ RSpec.describe UserPolicy do
end
context "when an admin user tries to destroy a ghost user" do
- let(:current_user) { create(:user, :admin) }
+ let(:current_user) { admin }
let(:user) { create(:user, :ghost) }
it { is_expected.not_to be_allowed(ability) }
@@ -132,7 +136,7 @@ RSpec.describe UserPolicy do
context 'disabling the two-factor authentication of another user' do
context 'when the executor is an admin', :enable_admin_mode do
- let(:current_user) { create(:user, :admin) }
+ let(:current_user) { admin }
it { is_expected.to be_allowed(:disable_two_factor) }
end
@@ -145,7 +149,7 @@ RSpec.describe UserPolicy do
describe "reading a user's group count" do
context "when current_user is an admin", :enable_admin_mode do
- let(:current_user) { create(:user, :admin) }
+ let(:current_user) { admin }
it { is_expected.to be_allowed(:read_group_count) }
end
@@ -172,4 +176,30 @@ RSpec.describe UserPolicy do
it { is_expected.to be_allowed(:read_user_profile) }
end
end
+
+ describe ':read_user_groups' do
+ context 'when user is admin' do
+ let(:current_user) { admin }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it { is_expected.to be_allowed(:read_user_groups) }
+ end
+
+ context 'when admin mode is disabled' do
+ it { is_expected.not_to be_allowed(:read_user_groups) }
+ end
+ end
+
+ context 'when user is not an admin' do
+ context 'requesting their own manageable groups' do
+ subject { described_class.new(current_user, current_user) }
+
+ it { is_expected.to be_allowed(:read_user_groups) }
+ end
+
+ context "requesting a different user's manageable groups" do
+ it { is_expected.not_to be_allowed(:read_user_groups) }
+ end
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-12 12:53:00 +0300