BigW Consortium Gitlab

public_access_spec.rb 17.2 KB
Newer Older
1 2
require 'spec_helper'

3
describe "Public Project Access", feature: true  do
4 5
  include AccessMatchers

6
  let(:project) { create(:project, :public) }
7

8 9 10 11 12
  let(:owner)     { project.owner }
  let(:master)    { create(:user) }
  let(:developer) { create(:user) }
  let(:reporter)  { create(:user) }
  let(:guest)     { create(:user) }
13 14 15

  before do
    project.team << [master, :master]
16
    project.team << [developer, :developer]
17
    project.team << [reporter, :reporter]
18
    project.team << [guest, :guest]
19 20 21
  end

  describe "Project should be public" do
22
    describe '#public?' do
23
      subject { project.public? }
24 25
      it { is_expected.to be_truthy }
    end
26 27 28
  end

  describe "GET /:project_path" do
Vinnie Okada committed
29
    subject { namespace_project_path(project.namespace, project) }
30

31 32
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
33
    it { is_expected.to be_allowed_for master }
34
    it { is_expected.to be_allowed_for developer }
35 36 37
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
38
    it { is_expected.to be_allowed_for :external }
39
    it { is_expected.to be_allowed_for :visitor }
40 41 42
  end

  describe "GET /:project_path/tree/master" do
Vinnie Okada committed
43
    subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
44

45 46
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
47
    it { is_expected.to be_allowed_for master }
48
    it { is_expected.to be_allowed_for developer }
49 50 51
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
52
    it { is_expected.to be_allowed_for :external }
53
    it { is_expected.to be_allowed_for :visitor }
54 55 56
  end

  describe "GET /:project_path/commits/master" do
Vinnie Okada committed
57
    subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
58

59 60
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
61
    it { is_expected.to be_allowed_for master }
62
    it { is_expected.to be_allowed_for developer }
63 64 65
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
66
    it { is_expected.to be_allowed_for :external }
67
    it { is_expected.to be_allowed_for :visitor }
68 69 70
  end

  describe "GET /:project_path/commit/:sha" do
Vinnie Okada committed
71
    subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
72

73 74
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
75
    it { is_expected.to be_allowed_for master }
76
    it { is_expected.to be_allowed_for developer }
77 78 79
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
80
    it { is_expected.to be_allowed_for :external }
81
    it { is_expected.to be_allowed_for :visitor }
82 83 84
  end

  describe "GET /:project_path/compare" do
Vinnie Okada committed
85
    subject { namespace_project_compare_index_path(project.namespace, project) }
86

87 88
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
89
    it { is_expected.to be_allowed_for master }
90
    it { is_expected.to be_allowed_for developer }
91 92 93
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
94
    it { is_expected.to be_allowed_for :external }
95
    it { is_expected.to be_allowed_for :visitor }
96 97
  end

98 99
  describe "GET /:project_path/project_members" do
    subject { namespace_project_project_members_path(project.namespace, project) }
100

101 102
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
103
    it { is_expected.to be_allowed_for master }
104 105 106 107 108 109
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
    it { is_expected.to be_allowed_for :external }
110 111
  end

112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
  describe "GET /:project_path/pipelines" do
    subject { namespace_project_pipelines_path(project.namespace, project) }

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :external }
    it { is_expected.to be_allowed_for :visitor }
  end

  describe "GET /:project_path/pipelines/:id" do
    let(:pipeline) { create(:ci_pipeline, project: project) }
    subject { namespace_project_pipeline_path(project.namespace, project, pipeline) }

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :external }
    it { is_expected.to be_allowed_for :visitor }
  end

141 142 143 144 145 146
  describe "GET /:project_path/builds" do
    subject { namespace_project_builds_path(project.namespace, project) }

    context "when allowed for public" do
      before { project.update(public_builds: true) }

147 148
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for owner }
149
      it { is_expected.to be_allowed_for master }
150
      it { is_expected.to be_allowed_for developer }
151 152 153
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_allowed_for guest }
      it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
154
      it { is_expected.to be_allowed_for :external }
155 156 157 158 159 160
      it { is_expected.to be_allowed_for :visitor }
    end

    context "when disallowed for public" do
      before { project.update(public_builds: false) }

161 162
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for owner }
163
      it { is_expected.to be_allowed_for master }
164
      it { is_expected.to be_allowed_for developer }
165 166 167
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_denied_for guest }
      it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
168
      it { is_expected.to be_denied_for :external }
169 170 171 172 173
      it { is_expected.to be_denied_for :visitor }
    end
  end

  describe "GET /:project_path/builds/:id" do
174 175
    let(:pipeline) { create(:ci_pipeline, project: project) }
    let(:build) { create(:ci_build, pipeline: pipeline) }
176 177 178 179 180
    subject { namespace_project_build_path(project.namespace, project, build.id) }

    context "when allowed for public" do
      before { project.update(public_builds: true) }

181 182
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for owner }
183
      it { is_expected.to be_allowed_for master }
184
      it { is_expected.to be_allowed_for developer }
185 186 187
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_allowed_for guest }
      it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
188
      it { is_expected.to be_allowed_for :external }
189 190 191 192 193 194
      it { is_expected.to be_allowed_for :visitor }
    end

    context "when disallowed for public" do
      before { project.update(public_builds: false) }

195 196
      it { is_expected.to be_allowed_for :admin }
      it { is_expected.to be_allowed_for owner }
197
      it { is_expected.to be_allowed_for master }
198
      it { is_expected.to be_allowed_for developer }
199 200 201
      it { is_expected.to be_allowed_for reporter }
      it { is_expected.to be_denied_for guest }
      it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
202
      it { is_expected.to be_denied_for :external }
203 204 205 206
      it { is_expected.to be_denied_for :visitor }
    end
  end

207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
  describe "GET /:project_path/environments" do
    subject { namespace_project_environments_path(project.namespace, project) }

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :external }
    it { is_expected.to be_denied_for :visitor }
  end

  describe "GET /:project_path/environments/:id" do
    let(:environment) { create(:environment, project: project) }
223
    subject { namespace_project_environment_path(project.namespace, project, environment) }
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :external }
    it { is_expected.to be_denied_for :visitor }
  end

  describe "GET /:project_path/environments/new" do
    subject { new_namespace_project_environment_path(project.namespace, project) }

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :external }
    it { is_expected.to be_denied_for :visitor }
  end

250
  describe "GET /:project_path/blob" do
Zeger-Jan van de Weg committed
251 252 253
    let(:commit) { project.repository.commit }

    subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) }
254

255 256
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
Zeger-Jan van de Weg committed
257
    it { is_expected.to be_allowed_for master }
258
    it { is_expected.to be_allowed_for developer }
Zeger-Jan van de Weg committed
259 260 261 262
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :visitor }
263 264 265
  end

  describe "GET /:project_path/edit" do
Vinnie Okada committed
266
    subject { edit_namespace_project_path(project.namespace, project) }
267

268 269
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
270
    it { is_expected.to be_allowed_for master }
271
    it { is_expected.to be_denied_for developer }
272 273 274
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
275
    it { is_expected.to be_denied_for :external }
276
    it { is_expected.to be_denied_for :visitor }
277 278 279
  end

  describe "GET /:project_path/deploy_keys" do
Vinnie Okada committed
280
    subject { namespace_project_deploy_keys_path(project.namespace, project) }
281

282 283
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
284
    it { is_expected.to be_allowed_for master }
285
    it { is_expected.to be_denied_for developer }
286 287 288
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
289
    it { is_expected.to be_denied_for :external }
290
    it { is_expected.to be_denied_for :visitor }
291 292 293
  end

  describe "GET /:project_path/issues" do
Vinnie Okada committed
294
    subject { namespace_project_issues_path(project.namespace, project) }
295

296 297
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
298
    it { is_expected.to be_allowed_for master }
299
    it { is_expected.to be_allowed_for developer }
300 301 302
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
303
    it { is_expected.to be_allowed_for :external }
304
    it { is_expected.to be_allowed_for :visitor }
305 306
  end

307 308 309 310
  describe "GET /:project_path/issues/:id/edit" do
    let(:issue) { create(:issue, project: project) }
    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }

311 312
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
313
    it { is_expected.to be_allowed_for master }
314
    it { is_expected.to be_allowed_for developer }
315 316 317
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
318
    it { is_expected.to be_denied_for :external }
319 320 321
    it { is_expected.to be_denied_for :visitor }
  end

322
  describe "GET /:project_path/snippets" do
Vinnie Okada committed
323
    subject { namespace_project_snippets_path(project.namespace, project) }
324

325 326
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
327
    it { is_expected.to be_allowed_for master }
328
    it { is_expected.to be_allowed_for developer }
329 330 331
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
332
    it { is_expected.to be_allowed_for :external }
333
    it { is_expected.to be_allowed_for :visitor }
334 335 336
  end

  describe "GET /:project_path/snippets/new" do
Vinnie Okada committed
337
    subject { new_namespace_project_snippet_path(project.namespace, project) }
338

339 340
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
341
    it { is_expected.to be_allowed_for master }
342
    it { is_expected.to be_allowed_for developer }
343 344 345
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
346
    it { is_expected.to be_denied_for :external }
347
    it { is_expected.to be_denied_for :visitor }
348 349 350
  end

  describe "GET /:project_path/merge_requests" do
Vinnie Okada committed
351
    subject { namespace_project_merge_requests_path(project.namespace, project) }
352

353 354
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
355
    it { is_expected.to be_allowed_for master }
356
    it { is_expected.to be_allowed_for developer }
357 358 359
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
360
    it { is_expected.to be_allowed_for :external }
361
    it { is_expected.to be_allowed_for :visitor }
362 363 364
  end

  describe "GET /:project_path/merge_requests/new" do
Vinnie Okada committed
365
    subject { new_namespace_project_merge_request_path(project.namespace, project) }
366

367 368
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
369
    it { is_expected.to be_allowed_for master }
370
    it { is_expected.to be_allowed_for developer }
371 372 373
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
374
    it { is_expected.to be_denied_for :external }
375
    it { is_expected.to be_denied_for :visitor }
376 377 378
  end

  describe "GET /:project_path/branches" do
Vinnie Okada committed
379
    subject { namespace_project_branches_path(project.namespace, project) }
380 381 382

    before do
      # Speed increase
383
      allow_any_instance_of(Project).to receive(:branches).and_return([])
384 385
    end

386 387
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
388
    it { is_expected.to be_allowed_for master }
389
    it { is_expected.to be_allowed_for developer }
390 391 392
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
393
    it { is_expected.to be_allowed_for :external }
394
    it { is_expected.to be_allowed_for :visitor }
395 396 397
  end

  describe "GET /:project_path/tags" do
Vinnie Okada committed
398
    subject { namespace_project_tags_path(project.namespace, project) }
399 400 401

    before do
      # Speed increase
402
      allow_any_instance_of(Project).to receive(:tags).and_return([])
403 404
    end

405 406
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
407
    it { is_expected.to be_allowed_for master }
408
    it { is_expected.to be_allowed_for developer }
409 410 411
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
Zeger-Jan van de Weg committed
412
    it { is_expected.to be_allowed_for :external }
413
    it { is_expected.to be_allowed_for :visitor }
414 415 416
  end

  describe "GET /:project_path/hooks" do
Vinnie Okada committed
417
    subject { namespace_project_hooks_path(project.namespace, project) }
418

419 420
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
421
    it { is_expected.to be_allowed_for master }
422
    it { is_expected.to be_denied_for developer }
423 424 425
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
Zeger-Jan van de Weg committed
426
    it { is_expected.to be_denied_for :external }
427
    it { is_expected.to be_denied_for :visitor }
428
  end
429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447

  describe "GET /:project_path/container_registry" do
    before do
      stub_container_registry_tags('latest')
      stub_container_registry_config(enabled: true)
    end

    subject { namespace_project_container_registry_index_path(project.namespace, project) }

    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for owner }
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for developer }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for guest }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_allowed_for :external }
    it { is_expected.to be_allowed_for :visitor }
  end
448
end