1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe CommitPolicy do
describe '#rules' do
let(:group) { create(:group, :public) }
let(:user) { create(:user) }
let(:commit) { project.repository.head_commit }
let(:policy) { described_class.new(user, commit) }
shared_examples 'can read commit and create a note' do
it 'can read commit' do
expect(policy).to be_allowed(:read_commit)
end
it 'can create a note' do
expect(policy).to be_allowed(:create_note)
end
end
shared_examples 'cannot read commit nor create a note' do
it 'cannot read commit' do
expect(policy).to be_disallowed(:read_commit)
end
it 'cannot create a note' do
expect(policy).to be_disallowed(:create_note)
end
end
context 'when project is public' do
let(:project) { create(:project, :public, :repository, group: group) }
context 'when the user is not a project member' do
it_behaves_like 'can read commit and create a note'
end
context 'when repository access level is private' do
let(:project) { create(:project, :public, :repository, :repository_private, group: group) }
context 'when the user is not a project member' do
it_behaves_like 'cannot read commit nor create a note'
end
context 'when the user is a direct project member' do
context 'and the user is a developer' do
before do
project.add_developer(user)
end
it_behaves_like 'can read commit and create a note'
end
end
context 'when the user is an inherited member from the group' do
context 'and the user is a guest' do
before do
group.add_guest(user)
end
it_behaves_like 'can read commit and create a note'
end
context 'and the user is a reporter' do
before do
group.add_reporter(user)
end
it_behaves_like 'can read commit and create a note'
end
context 'and the user is a developer' do
before do
group.add_developer(user)
end
it_behaves_like 'can read commit and create a note'
end
end
end
end
context 'when project is private' do
let(:project) { create(:project, :private, :repository, group: group) }
context 'when the user is not a project member' do
it_behaves_like 'cannot read commit nor create a note'
end
context 'when the user is a direct project member' do
context 'and the user is a developer' do
before do
project.add_developer(user)
end
it_behaves_like 'can read commit and create a note'
end
context 'and the user is a guest' do
before do
project.add_guest(user)
end
it_behaves_like 'cannot read commit nor create a note'
it 'cannot download code' do
expect(policy).to be_disallowed(:download_code)
end
end
end
context 'when the user is an inherited member from the group' do
context 'and the user is a guest' do
before do
group.add_guest(user)
end
it_behaves_like 'cannot read commit nor create a note'
end
context 'and the user is a reporter' do
before do
group.add_reporter(user)
end
it_behaves_like 'can read commit and create a note'
end
context 'and the user is a developer' do
before do
group.add_developer(user)
end
it_behaves_like 'can read commit and create a note'
end
end
end
end
end
|