diff options
Diffstat (limited to 'spec/services/groups/group_links/create_service_spec.rb')
-rw-r--r-- | spec/services/groups/group_links/create_service_spec.rb | 46 |
1 files changed, 35 insertions, 11 deletions
diff --git a/spec/services/groups/group_links/create_service_spec.rb b/spec/services/groups/group_links/create_service_spec.rb index df994b9f2a3..b1bb9a8de23 100644 --- a/spec/services/groups/group_links/create_service_spec.rb +++ b/spec/services/groups/group_links/create_service_spec.rb @@ -11,8 +11,8 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do let_it_be(:group) { create(:group, :private, parent: group_parent) } let_it_be(:group_child) { create(:group, :private, parent: group) } - let_it_be(:shared_group_parent) { create(:group, :private) } - let_it_be(:shared_group) { create(:group, :private, parent: shared_group_parent) } + let_it_be(:shared_group_parent, refind: true) { create(:group, :private) } + let_it_be(:shared_group, refind: true) { create(:group, :private, parent: shared_group_parent) } let_it_be(:shared_group_child) { create(:group, :private, parent: shared_group) } let_it_be(:project_parent) { create(:project, group: shared_group_parent) } @@ -28,7 +28,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do let(:user) { group_user } - subject { described_class.new(group, user, opts) } + subject { described_class.new(shared_group, group, user, opts) } before do group.add_guest(group_user) @@ -36,11 +36,11 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do end it 'adds group to another group' do - expect { subject.execute(shared_group) }.to change { group.shared_group_links.count }.from(0).to(1) + expect { subject.execute }.to change { group.shared_group_links.count }.from(0).to(1) end it 'returns false if shared group is blank' do - expect { subject.execute(nil) }.not_to change { group.shared_group_links.count } + expect { described_class.new(nil, group, user, opts) }.not_to change { group.shared_group_links.count } end context 'user does not have access to group' do @@ -51,7 +51,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do end it 'returns error' do - result = subject.execute(shared_group) + result = subject.execute expect(result[:status]).to eq(:error) expect(result[:http_status]).to eq(404) @@ -67,7 +67,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do end it 'returns error' do - result = subject.execute(shared_group) + result = subject.execute expect(result[:status]).to eq(:error) expect(result[:http_status]).to eq(404) @@ -85,7 +85,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do it 'is executed only for the direct members of the group' do expect(UserProjectAccessChangedService).to receive(:new).with(contain_exactly(group_user.id)).and_call_original - subject.execute(shared_group) + subject.execute end end @@ -94,7 +94,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do let(:user) { group_user } it 'create proper authorizations' do - subject.execute(shared_group) + subject.execute expect(Ability.allowed?(user, :read_project, project_parent)).to be_falsey expect(Ability.allowed?(user, :read_project, project)).to be_truthy @@ -106,7 +106,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do let(:user) { parent_group_user } it 'create proper authorizations' do - subject.execute(shared_group) + subject.execute expect(Ability.allowed?(user, :read_project, project_parent)).to be_falsey expect(Ability.allowed?(user, :read_project, project)).to be_falsey @@ -118,7 +118,7 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do let(:user) { child_group_user } it 'create proper authorizations' do - subject.execute(shared_group) + subject.execute expect(Ability.allowed?(user, :read_project, project_parent)).to be_falsey expect(Ability.allowed?(user, :read_project, project)).to be_falsey @@ -127,4 +127,28 @@ RSpec.describe Groups::GroupLinks::CreateService, '#execute' do end end end + + context 'sharing outside the hierarchy is disabled' do + before do + shared_group_parent.namespace_settings.update!(prevent_sharing_groups_outside_hierarchy: true) + end + + it 'prevents sharing with a group outside the hierarchy' do + result = subject.execute + + expect(group.reload.shared_group_links.count).to eq(0) + expect(result[:status]).to eq(:error) + expect(result[:http_status]).to eq(404) + end + + it 'allows sharing with a group within the hierarchy' do + sibling_group = create(:group, :private, parent: shared_group_parent) + sibling_group.add_guest(group_user) + + result = described_class.new(shared_group, sibling_group, user, opts).execute + + expect(sibling_group.reload.shared_group_links.count).to eq(1) + expect(result[:status]).to eq(:success) + end + end end |