Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/admin/groups_controller_spec.rb6
-rw-r--r--spec/factories/groups.rb1
-rw-r--r--spec/features/groups/group_settings_spec.rb8
-rw-r--r--spec/models/group_spec.rb8
-rw-r--r--spec/policies/group_policy_spec.rb70
-rw-r--r--spec/support/shared_contexts/policies/group_policy_shared_context.rb16
6 files changed, 99 insertions, 10 deletions
diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb
index 509d8944e3a..df11321537f 100644
--- a/spec/controllers/admin/groups_controller_spec.rb
+++ b/spec/controllers/admin/groups_controller_spec.rb
@@ -68,5 +68,11 @@ describe Admin::GroupsController do
post :update, params: { id: group.to_param, group: { project_creation_level: ::Gitlab::Access::NO_ONE_PROJECT_ACCESS } }
end.to change { group.reload.project_creation_level }.to(::Gitlab::Access::NO_ONE_PROJECT_ACCESS)
end
+
+ it 'updates the subgroup_creation_level successfully' do
+ expect do
+ post :update, params: { id: group.to_param, group: { subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS } }
+ end.to change { group.reload.subgroup_creation_level }.to(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
+ end
end
end
diff --git a/spec/factories/groups.rb b/spec/factories/groups.rb
index 18a0c2ec731..2f50fbfe2fa 100644
--- a/spec/factories/groups.rb
+++ b/spec/factories/groups.rb
@@ -5,6 +5,7 @@ FactoryBot.define do
type 'Group'
owner nil
project_creation_level ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS
+ subgroup_creation_level ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
after(:create) do |group|
if group.owner
diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb
index 5cef5f0521f..95534d5a2ba 100644
--- a/spec/features/groups/group_settings_spec.rb
+++ b/spec/features/groups/group_settings_spec.rb
@@ -85,6 +85,14 @@ describe 'Edit group settings' do
end
end
+ describe 'subgroup creation level menu' do
+ it 'shows the selection menu' do
+ visit edit_group_path(group)
+
+ expect(page).to have_content('Allowed to create subgroups')
+ end
+ end
+
describe 'edit group avatar' do
before do
visit edit_group_path(group)
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 470ce65707d..fd40061dd3a 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -994,4 +994,12 @@ describe Group do
expect(group.project_creation_level).to eq(Gitlab::CurrentSettings.default_project_creation)
end
end
+
+ describe 'subgroup_creation_level' do
+ it 'outputs the default one if it is nil' do
+ group = create(:group, subgroup_creation_level: nil)
+
+ expect(group.subgroup_creation_level).to eq(::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS)
+ end
+ end
end
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 59f3a961d50..aed9a8e34ff 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -163,6 +163,18 @@ describe GroupPolicy do
expect_allowed(*updated_owner_permissions)
end
end
+
+ context 'maintainer' do
+ let(:current_user) { maintainer }
+
+ it 'allows every maintainer permission except creating subgroups' do
+ create_subgroup_permission = [:create_subgroup]
+ updated_maintainer_permissions = maintainer_permissions - create_subgroup_permission
+
+ expect_disallowed(*create_subgroup_permission)
+ expect_allowed(*updated_maintainer_permissions)
+ end
+ end
end
describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do
@@ -461,6 +473,64 @@ describe GroupPolicy do
end
end
+ context "create_subgroup" do
+ context 'when group has subgroup creation level set to owner' do
+ let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::OWNER_SUBGROUP_ACCESS) }
+
+ context 'reporter' do
+ let(:current_user) { reporter }
+
+ it { is_expected.to be_disallowed(:create_subgroup) }
+ end
+
+ context 'developer' do
+ let(:current_user) { developer }
+
+ it { is_expected.to be_disallowed(:create_subgroup) }
+ end
+
+ context 'maintainer' do
+ let(:current_user) { maintainer }
+
+ it { is_expected.to be_disallowed(:create_subgroup) }
+ end
+
+ context 'owner' do
+ let(:current_user) { owner }
+
+ it { is_expected.to be_allowed(:create_subgroup) }
+ end
+ end
+
+ context 'when group has subgroup creation level set to maintainer' do
+ let(:group) { create(:group, subgroup_creation_level: ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS) }
+
+ context 'reporter' do
+ let(:current_user) { reporter }
+
+ it { is_expected.to be_disallowed(:create_subgroup) }
+ end
+
+ context 'developer' do
+ let(:current_user) { developer }
+
+ it { is_expected.to be_disallowed(:create_subgroup) }
+ end
+
+ context 'maintainer' do
+ let(:current_user) { maintainer }
+
+ it { is_expected.to be_allowed(:create_subgroup) }
+ end
+
+ context 'owner' do
+ let(:current_user) { owner }
+
+ it { is_expected.to be_allowed(:create_subgroup) }
+ end
+ end
+ end
+
it_behaves_like 'clusterable policies' do
let(:clusterable) { create(:group) }
let(:cluster) do
diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb
index a40d3087f6e..b4808ac0068 100644
--- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb
+++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb
@@ -19,15 +19,10 @@ RSpec.shared_context 'GroupPolicy context' do
let(:reporter_permissions) { [:admin_label] }
let(:developer_permissions) { [:admin_milestone] }
let(:maintainer_permissions) do
- [
- :create_projects,
- :read_cluster,
- :create_cluster,
- :update_cluster,
- :admin_cluster,
- :add_cluster,
- (Gitlab::Database.postgresql? ? :create_subgroup : nil)
- ].compact
+ %i[
+ create_projects
+ read_cluster create_cluster update_cluster admin_cluster add_cluster
+ ]
end
let(:owner_permissions) do
[
@@ -35,7 +30,8 @@ RSpec.shared_context 'GroupPolicy context' do
:admin_namespace,
:admin_group_member,
:change_visibility_level,
- :set_note_created_at
+ :set_note_created_at,
+ (Gitlab::Database.postgresql? ? :create_subgroup : nil)
].compact
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 08:03:41 +0300