Welcome to mirror list, hosted at ThFree Co, Russian Federation.

user_access_spec.rb « gitlab « lib « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/user_access_spec.rb
blob: d3c3b800b94b3683d42e0fd0a432099f87d7f6d7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

require 'spec_helper'

describe Gitlab::UserAccess, lib: true do
  let(:access) { Gitlab::UserAccess.new(user, project: project) }
  let(:project) { create(:project) }
  let(:user) { create(:user) }

  describe 'can_push_to_branch?' do
    describe 'push to none protected branch' do
      it 'returns true if user is a master' do
        project.team << [user, :master]

        expect(access.can_push_to_branch?('random_branch')).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.team << [user, :developer]

        expect(access.can_push_to_branch?('random_branch')).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]

        expect(access.can_push_to_branch?('random_branch')).to be_falsey
      end
    end

    describe 'push to empty project' do
      let(:empty_project) { create(:project_empty_repo) }
      let(:project_access) { Gitlab::UserAccess.new(user, project: empty_project) }

      it 'returns true if user is master' do
        empty_project.team << [user, :master]

        expect(project_access.can_push_to_branch?('master')).to be_truthy
      end

      it 'returns false if user is developer and project is fully protected' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_FULL)

        expect(project_access.can_push_to_branch?('master')).to be_falsey
      end

      it 'returns false if user is developer and it is not allowed to push new commits but can merge into branch' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)

        expect(project_access.can_push_to_branch?('master')).to be_falsey
      end

      it 'returns true if user is developer and project is unprotected' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)

        expect(project_access.can_push_to_branch?('master')).to be_truthy
      end

      it 'returns true if user is developer and project grants developers permission' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)

        expect(project_access.can_push_to_branch?('master')).to be_truthy
      end
    end

    describe 'push to protected branch' do
      let(:branch) { create :protected_branch, project: project }

      it 'returns true if user is a master' do
        project.team << [user, :master]

        expect(access.can_push_to_branch?(branch.name)).to be_truthy
      end

      it 'returns false if user is a developer' do
        project.team << [user, :developer]

        expect(access.can_push_to_branch?(branch.name)).to be_falsey
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]

        expect(access.can_push_to_branch?(branch.name)).to be_falsey
      end
    end

    describe 'push to protected branch if allowed for developers' do
      before do
        @branch = create :protected_branch, :developers_can_push, project: project
      end

      it 'returns true if user is a master' do
        project.team << [user, :master]

        expect(access.can_push_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.team << [user, :developer]

        expect(access.can_push_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]

        expect(access.can_push_to_branch?(@branch.name)).to be_falsey
      end
    end

    describe 'merge to protected branch if allowed for developers' do
      before do
        @branch = create :protected_branch, :developers_can_merge, project: project
      end

      it 'returns true if user is a master' do
        project.team << [user, :master]

        expect(access.can_merge_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.team << [user, :developer]

        expect(access.can_merge_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]

        expect(access.can_merge_to_branch?(@branch.name)).to be_falsey
      end
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 10:16:52 +0300