From beb66cfcba26d0796644ccce2dfac8c65a808144 Mon Sep 17 00:00:00 2001
From: James Fargher <proglottis@gmail.com>
Date: Thu, 2 May 2019 13:07:38 +1200
Subject: Check instance cluster feature at policy level

Try to simplify feature flag checks by using policies
---
 .../admin/clusters/applications_controller_spec.rb | 10 ++++++
 .../concerns/enforces_admin_authentication_spec.rb | 38 ++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 spec/controllers/concerns/enforces_admin_authentication_spec.rb

(limited to 'spec/controllers')

diff --git a/spec/controllers/admin/clusters/applications_controller_spec.rb b/spec/controllers/admin/clusters/applications_controller_spec.rb
index cf202d88acc..76f261e7d3f 100644
--- a/spec/controllers/admin/clusters/applications_controller_spec.rb
+++ b/spec/controllers/admin/clusters/applications_controller_spec.rb
@@ -13,6 +13,16 @@ describe Admin::Clusters::ApplicationsController do
     it { expect { subject }.to be_allowed_for(:admin) }
     it { expect { subject }.to be_denied_for(:user) }
     it { expect { subject }.to be_denied_for(:external) }
+
+    context 'when instance clusters are disabled' do
+      before do
+        stub_feature_flags(instance_clusters: false)
+      end
+
+      it 'returns 404' do
+        is_expected.to have_http_status(:not_found)
+      end
+    end
   end
 
   let(:cluster) { create(:cluster, :instance, :provided_by_gcp) }
diff --git a/spec/controllers/concerns/enforces_admin_authentication_spec.rb b/spec/controllers/concerns/enforces_admin_authentication_spec.rb
new file mode 100644
index 00000000000..9025293f9ea
--- /dev/null
+++ b/spec/controllers/concerns/enforces_admin_authentication_spec.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe EnforcesAdminAuthentication do
+  let(:user) { create(:user) }
+
+  before do
+    sign_in(user)
+  end
+
+  controller(ApplicationController) do
+    # `described_class` is not available in this context
+    include EnforcesAdminAuthentication # rubocop:disable RSpec/DescribedClass
+
+    def index
+      head :ok
+    end
+  end
+
+  describe 'authenticate_admin!' do
+    context 'as an admin' do
+      let(:user) { create(:admin) }
+
+      it 'renders ok' do
+        get :index
+        expect(response).to have_gitlab_http_status(200)
+      end
+    end
+
+    context 'as a user' do
+      it 'renders a 404' do
+        get :index
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+  end
+end
-- 
cgit v1.2.3