diff options
Diffstat (limited to 'spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb')
-rw-r--r-- | spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb b/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb index 0e9200f1fd9..bb438b0082f 100644 --- a/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb +++ b/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb @@ -52,7 +52,11 @@ RSpec.shared_examples 'protected ref access' do |association| end describe '#check_access' do + let_it_be(:group) { create(:group) } + # Making a project public to avoid false positives tests + let_it_be(:project) { create(:project, :public, group: group) } let_it_be(:current_user) { create(:user) } + let_it_be(:protected_ref) { create(association, project: project) } let(:access_level) { ::Gitlab::Access::DEVELOPER } @@ -71,6 +75,47 @@ RSpec.shared_examples 'protected ref access' do |association| it { expect(subject.check_access(nil)).to eq(false) } end + context 'when current_user access exists without membership' do + let(:other_user) { create(:user) } + let(:user_access) do + described_class.new(association => protected_ref, access_level: access_level, user_id: other_user.id) + end + + let(:enable_ff) { false } + + before do + stub_feature_flags(check_membership_in_protected_ref_access: enable_ff) + end + + it 'does not check membership if check_membership_in_protected_ref_access FF is disabled' do + expect(project).not_to receive(:member?).with(other_user) + + user_access.check_access(other_user) + end + + context 'when check_membership_in_protected_ref_access FF is enabled' do + let(:enable_ff) { true } + + it 'does check membership' do + expect(project).to receive(:member?).with(other_user) + + user_access.check_access(other_user) + end + + it 'returns false' do + expect(user_access.check_access(other_user)).to be_falsey + end + + context 'when user has inherited membership' do + let!(:inherited_membership) { create(:group_member, group: group, user: other_user) } + + it do + expect(user_access.check_access(other_user)).to be_truthy + end + end + end + end + context 'when access_level is NO_ACCESS' do let(:access_level) { ::Gitlab::Access::NO_ACCESS } |