From 37a739daec0d7021b2af6ad03c60d37ac3461d88 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 13 Sep 2022 12:12:50 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .../packages/policies/project_policy_spec.rb | 159 +++++++++++++++------ 1 file changed, 118 insertions(+), 41 deletions(-) (limited to 'spec/policies') diff --git a/spec/policies/packages/policies/project_policy_spec.rb b/spec/policies/packages/policies/project_policy_spec.rb index 15c5942ea4d..5d54ee54572 100644 --- a/spec/policies/packages/policies/project_policy_spec.rb +++ b/spec/policies/packages/policies/project_policy_spec.rb @@ -33,55 +33,132 @@ RSpec.describe Packages::Policies::ProjectPolicy do end end - describe 'read_package' do - context 'with admin' do - let(:current_user) { admin } - - it { is_expected.to be_allowed(:read_package) } - - it_behaves_like 'package access with repository disabled' + describe 'read_package', :enable_admin_mode do + using RSpec::Parameterized::TableSyntax + + where(:project, :package_registry_access_level, :current_user, :expect_to_be_allowed) do + ref(:private_project) | ProjectFeature::DISABLED | ref(:anonymous) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:non_member) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:guest) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:reporter) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:developer) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:maintainer) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:owner) | false + ref(:private_project) | ProjectFeature::DISABLED | ref(:admin) | false + + ref(:private_project) | ProjectFeature::PRIVATE | ref(:anonymous) | false + ref(:private_project) | ProjectFeature::PRIVATE | ref(:non_member) | false + ref(:private_project) | ProjectFeature::PRIVATE | ref(:guest) | false + ref(:private_project) | ProjectFeature::PRIVATE | ref(:reporter) | true + ref(:private_project) | ProjectFeature::PRIVATE | ref(:developer) | true + ref(:private_project) | ProjectFeature::PRIVATE | ref(:maintainer) | true + ref(:private_project) | ProjectFeature::PRIVATE | ref(:owner) | true + ref(:private_project) | ProjectFeature::PRIVATE | ref(:admin) | true + + ref(:private_project) | ProjectFeature::PUBLIC | ref(:anonymous) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:non_member) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:guest) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:reporter) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:developer) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:maintainer) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:owner) | true + ref(:private_project) | ProjectFeature::PUBLIC | ref(:admin) | true + + ref(:internal_project) | ProjectFeature::DISABLED | ref(:anonymous) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:non_member) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:guest) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:reporter) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:developer) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:maintainer) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:owner) | false + ref(:internal_project) | ProjectFeature::DISABLED | ref(:admin) | false + + ref(:internal_project) | ProjectFeature::ENABLED | ref(:anonymous) | false + ref(:internal_project) | ProjectFeature::ENABLED | ref(:non_member) | true + ref(:internal_project) | ProjectFeature::ENABLED | ref(:guest) | true + ref(:internal_project) | ProjectFeature::ENABLED | ref(:reporter) | true + ref(:internal_project) | ProjectFeature::ENABLED | ref(:developer) | true + ref(:internal_project) | ProjectFeature::ENABLED | ref(:maintainer) | true + ref(:internal_project) | ProjectFeature::ENABLED | ref(:owner) | true + ref(:internal_project) | ProjectFeature::ENABLED | ref(:admin) | true + + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:anonymous) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:non_member) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:guest) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:reporter) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:developer) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:maintainer) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:owner) | true + ref(:internal_project) | ProjectFeature::PUBLIC | ref(:admin) | true + + ref(:public_project) | ProjectFeature::DISABLED | ref(:anonymous) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:non_member) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:guest) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:reporter) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:developer) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:maintainer) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:owner) | false + ref(:public_project) | ProjectFeature::DISABLED | ref(:admin) | false + + ref(:public_project) | ProjectFeature::PUBLIC | ref(:anonymous) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:non_member) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:guest) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:reporter) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:developer) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:maintainer) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:owner) | true + ref(:public_project) | ProjectFeature::PUBLIC | ref(:admin) | true end - context 'with owner' do - let(:current_user) { owner } + with_them do + it do + project.project_feature.update!(package_registry_access_level: package_registry_access_level) - it { is_expected.to be_allowed(:read_package) } + if expect_to_be_allowed + is_expected.to be_allowed(:read_package) + else + is_expected.to be_disallowed(:read_package) + end + end end - context 'with maintainer' do - let(:current_user) { maintainer } - - it { is_expected.to be_allowed(:read_package) } + context 'with feature flag disabled' do + before do + stub_feature_flags(package_registry_access_level: false) + end + + where(:project, :current_user, :expect_to_be_allowed) do + ref(:private_project) | ref(:anonymous) | false + ref(:private_project) | ref(:non_member) | false + ref(:private_project) | ref(:guest) | false + ref(:internal_project) | ref(:anonymous) | false + ref(:public_project) | ref(:admin) | true + ref(:public_project) | ref(:owner) | true + ref(:public_project) | ref(:maintainer) | true + ref(:public_project) | ref(:developer) | true + ref(:public_project) | ref(:reporter) | true + ref(:public_project) | ref(:guest) | true + ref(:public_project) | ref(:non_member) | true + ref(:public_project) | ref(:anonymous) | true + end + + with_them do + it do + project.project_feature.update!(package_registry_access_level: ProjectFeature::PUBLIC) + + if expect_to_be_allowed + is_expected.to be_allowed(:read_package) + else + is_expected.to be_disallowed(:read_package) + end + end + end end - context 'with developer' do - let(:current_user) { developer } - - it { is_expected.to be_allowed(:read_package) } - end - - context 'with reporter' do - let(:current_user) { reporter } - - it { is_expected.to be_allowed(:read_package) } - end - - context 'with guest' do - let(:current_user) { guest } - - it { is_expected.to be_allowed(:read_package) } - end - - context 'with non member' do - let(:current_user) { non_member } - - it { is_expected.to be_allowed(:read_package) } - end - - context 'with anonymous' do - let(:current_user) { anonymous } + context 'with admin' do + let(:current_user) { admin } - it { is_expected.to be_allowed(:read_package) } + it_behaves_like 'package access with repository disabled' end end end -- cgit v1.2.3