BigW Consortium Gitlab

group_access_spec.rb 10.9 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
require 'rails_helper'

describe 'Group access', feature: true do
  include AccessMatchers

  def group
    @group ||= create(:group)
  end

  def create_project(access_level)
    if access_level == :mixed
      create(:empty_project, :public, group: group)
      create(:empty_project, :internal, group: group)
    else
      create(:empty_project, access_level, group: group)
    end
  end

  def group_member(access_level, group = group)
    level = Object.const_get("Gitlab::Access::#{access_level.upcase}")

    create(:user).tap do |user|
      group.add_user(user, level)
    end
  end

  describe 'GET /groups/new' do
    subject { new_group_path }

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }
  end

  describe 'GET /groups/:path' do
    subject { group_path(group) }

    context 'with public projects' do
39
      let!(:project) { create_project(:public) }
40 41 42 43 44 45 46 47 48 49 50

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with mixed projects' do
51
      let!(:project) { create_project(:mixed) }
52 53 54 55 56 57 58 59 60 61 62

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with internal projects' do
63
      let!(:project) { create_project(:internal) }
64 65 66 67 68 69 70

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
Valery Sizov committed
71
      it { is_expected.to be_allowed_for :visitor }
72 73 74 75 76 77 78 79
    end

    context 'with no projects' do
      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
Valery Sizov committed
80 81
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
82 83 84 85 86 87 88
    end
  end

  describe 'GET /groups/:path/issues' do
    subject { issues_group_path(group) }

    context 'with public projects' do
89
      let!(:project) { create_project(:public) }
90 91 92 93 94 95 96 97 98 99 100

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with mixed projects' do
101
      let!(:project) { create_project(:mixed) }
102 103 104 105 106 107 108 109 110 111 112

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with internal projects' do
113
      let!(:project) { create_project(:internal) }
114 115 116 117 118 119 120

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
121
      it { is_expected.to be_denied_for :visitor }
122 123 124 125 126 127 128 129 130
    end

    context 'with no projects' do
      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
131
      it { is_expected.to be_denied_for :visitor }
132 133 134 135 136 137 138
    end
  end

  describe 'GET /groups/:path/merge_requests' do
    subject { merge_requests_group_path(group) }

    context 'with public projects' do
139
      let!(:project) { create_project(:public) }
140 141 142 143 144 145 146 147 148 149 150

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with mixed projects' do
151
      let!(:project) { create_project(:mixed) }
152 153 154 155 156 157 158 159 160 161 162

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with internal projects' do
163
      let!(:project) { create_project(:internal) }
164 165 166 167 168 169 170

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
171
      it { is_expected.to be_denied_for :visitor }
172 173 174 175 176 177 178 179 180
    end

    context 'with no projects' do
      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
181
      it { is_expected.to be_denied_for :visitor }
182 183 184 185 186 187 188
    end
  end

  describe 'GET /groups/:path/group_members' do
    subject { group_group_members_path(group) }

    context 'with public projects' do
189
      let!(:project) { create_project(:public) }
190 191 192 193 194 195 196 197 198 199 200

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with mixed projects' do
201
      let!(:project) { create_project(:mixed) }
202 203 204 205 206 207 208 209 210 211 212

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
      it { is_expected.to be_allowed_for :visitor }
    end

    context 'with internal projects' do
213
      let!(:project) { create_project(:internal) }
214 215 216 217 218 219 220

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for :user }
221
      it { is_expected.to be_denied_for :visitor }
222 223 224 225 226 227 228 229 230
    end

    context 'with no projects' do
      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_allowed_for group_member(:master) }
      it { is_expected.to be_allowed_for group_member(:reporter) }
      it { is_expected.to be_allowed_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
231
      it { is_expected.to be_denied_for :visitor }
232 233 234 235 236 237 238
    end
  end

  describe 'GET /groups/:path/edit' do
    subject { edit_group_path(group) }

    context 'with public projects' do
239
      let!(:project) { create_project(:public) }
240 241 242 243 244 245 246 247 248 249 250

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_denied_for group_member(:master) }
      it { is_expected.to be_denied_for group_member(:reporter) }
      it { is_expected.to be_denied_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    context 'with mixed projects' do
251
      let!(:project) { create_project(:mixed) }
252 253 254 255 256 257 258 259 260 261 262

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_denied_for group_member(:master) }
      it { is_expected.to be_denied_for group_member(:reporter) }
      it { is_expected.to be_denied_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    context 'with internal projects' do
263
      let!(:project) { create_project(:internal) }
264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284

      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_denied_for group_member(:master) }
      it { is_expected.to be_denied_for group_member(:reporter) }
      it { is_expected.to be_denied_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
      it { is_expected.to be_denied_for :visitor }
    end

    context 'with no projects' do
      it { is_expected.to be_allowed_for group_member(:owner) }
      it { is_expected.to be_denied_for group_member(:master) }
      it { is_expected.to be_denied_for group_member(:reporter) }
      it { is_expected.to be_denied_for group_member(:guest) }
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_denied_for :user }
      it { is_expected.to be_denied_for :visitor }
    end
  end
end