BigW Consortium Gitlab

group_policy_spec.rb 5.96 KB
Newer Older
1 2
require 'spec_helper'

3
describe GroupPolicy do
4 5 6 7 8 9 10 11
  let(:guest) { create(:user) }
  let(:reporter) { create(:user) }
  let(:developer) { create(:user) }
  let(:master) { create(:user) }
  let(:owner) { create(:user) }
  let(:admin) { create(:admin) }
  let(:group) { create(:group) }

12 13
  let(:reporter_permissions) { [:admin_label] }

14 15 16
  let(:master_permissions) do
    [
      :create_projects,
17
      :admin_milestones
18 19 20 21 22 23 24 25
    ]
  end

  let(:owner_permissions) do
    [
      :admin_group,
      :admin_namespace,
      :admin_group_member,
26 27
      :change_visibility_level,
      :create_subgroup
28 29 30 31 32 33 34 35 36 37 38
    ]
  end

  before do
    group.add_guest(guest)
    group.add_reporter(reporter)
    group.add_developer(developer)
    group.add_master(master)
    group.add_owner(owner)
  end

39 40 41 42 43 44 45 46 47
  subject { described_class.new(current_user, group) }

  def expect_allowed(*permissions)
    permissions.each { |p| is_expected.to be_allowed(p) }
  end

  def expect_disallowed(*permissions)
    permissions.each { |p| is_expected.not_to be_allowed(p) }
  end
48 49 50 51 52

  context 'with no user' do
    let(:current_user) { nil }

    it do
53 54 55 56
      expect_allowed(:read_group)
      expect_disallowed(*reporter_permissions)
      expect_disallowed(*master_permissions)
      expect_disallowed(*owner_permissions)
57 58 59 60 61 62 63
    end
  end

  context 'guests' do
    let(:current_user) { guest }

    it do
64 65 66 67
      expect_allowed(:read_group)
      expect_disallowed(*reporter_permissions)
      expect_disallowed(*master_permissions)
      expect_disallowed(*owner_permissions)
68 69 70 71 72 73 74
    end
  end

  context 'reporter' do
    let(:current_user) { reporter }

    it do
75 76 77 78
      expect_allowed(:read_group)
      expect_allowed(*reporter_permissions)
      expect_disallowed(*master_permissions)
      expect_disallowed(*owner_permissions)
79 80 81 82 83 84 85
    end
  end

  context 'developer' do
    let(:current_user) { developer }

    it do
86 87 88 89
      expect_allowed(:read_group)
      expect_allowed(*reporter_permissions)
      expect_disallowed(*master_permissions)
      expect_disallowed(*owner_permissions)
90 91 92 93 94 95 96
    end
  end

  context 'master' do
    let(:current_user) { master }

    it do
97 98 99 100
      expect_allowed(:read_group)
      expect_allowed(*reporter_permissions)
      expect_allowed(*master_permissions)
      expect_disallowed(*owner_permissions)
101 102 103 104 105 106 107
    end
  end

  context 'owner' do
    let(:current_user) { owner }

    it do
108 109
      allow(Group).to receive(:supports_nested_groups?).and_return(true)

110 111 112 113
      expect_allowed(:read_group)
      expect_allowed(*reporter_permissions)
      expect_allowed(*master_permissions)
      expect_allowed(*owner_permissions)
114 115 116 117 118 119 120
    end
  end

  context 'admin' do
    let(:current_user) { admin }

    it do
121 122
      allow(Group).to receive(:supports_nested_groups?).and_return(true)

123 124 125 126
      expect_allowed(:read_group)
      expect_allowed(*reporter_permissions)
      expect_allowed(*master_permissions)
      expect_allowed(*owner_permissions)
127 128
    end
  end
129

130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
  describe 'when nested group support feature is disabled' do
    before do
      allow(Group).to receive(:supports_nested_groups?).and_return(false)
    end

    context 'admin' do
      let(:current_user) { admin }

      it 'allows every owner permission except creating subgroups' do
        create_subgroup_permission = [:create_subgroup]
        updated_owner_permissions = owner_permissions - create_subgroup_permission

        expect_disallowed(*create_subgroup_permission)
        expect_allowed(*updated_owner_permissions)
      end
    end

    context 'owner' do
      let(:current_user) { owner }

      it 'allows every owner permission except creating subgroups' do
        create_subgroup_permission = [:create_subgroup]
        updated_owner_permissions = owner_permissions - create_subgroup_permission

        expect_disallowed(*create_subgroup_permission)
        expect_allowed(*updated_owner_permissions)
      end
    end
  end

160
  describe 'private nested group use the highest access level from the group and inherited permissions', :nested_groups do
161 162
    let(:nested_group) { create(:group, :private, parent: group) }

163 164 165 166 167 168 169 170 171 172 173 174
    before do
      nested_group.add_guest(guest)
      nested_group.add_guest(reporter)
      nested_group.add_guest(developer)
      nested_group.add_guest(master)

      group.owners.destroy_all

      group.add_guest(owner)
      nested_group.add_owner(owner)
    end

175
    subject { described_class.new(current_user, nested_group) }
176 177 178 179 180

    context 'with no user' do
      let(:current_user) { nil }

      it do
181 182 183 184
        expect_disallowed(:read_group)
        expect_disallowed(*reporter_permissions)
        expect_disallowed(*master_permissions)
        expect_disallowed(*owner_permissions)
185 186 187 188 189 190 191
      end
    end

    context 'guests' do
      let(:current_user) { guest }

      it do
192 193 194 195
        expect_allowed(:read_group)
        expect_disallowed(*reporter_permissions)
        expect_disallowed(*master_permissions)
        expect_disallowed(*owner_permissions)
196 197 198 199 200 201 202
      end
    end

    context 'reporter' do
      let(:current_user) { reporter }

      it do
203 204 205 206
        expect_allowed(:read_group)
        expect_allowed(*reporter_permissions)
        expect_disallowed(*master_permissions)
        expect_disallowed(*owner_permissions)
207 208 209 210 211 212 213
      end
    end

    context 'developer' do
      let(:current_user) { developer }

      it do
214 215 216 217
        expect_allowed(:read_group)
        expect_allowed(*reporter_permissions)
        expect_disallowed(*master_permissions)
        expect_disallowed(*owner_permissions)
218 219 220 221 222 223 224
      end
    end

    context 'master' do
      let(:current_user) { master }

      it do
225 226 227 228
        expect_allowed(:read_group)
        expect_allowed(*reporter_permissions)
        expect_allowed(*master_permissions)
        expect_disallowed(*owner_permissions)
229 230 231 232 233 234 235
      end
    end

    context 'owner' do
      let(:current_user) { owner }

      it do
236 237
        allow(Group).to receive(:supports_nested_groups?).and_return(true)

238 239 240 241
        expect_allowed(:read_group)
        expect_allowed(*reporter_permissions)
        expect_allowed(*master_permissions)
        expect_allowed(*owner_permissions)
242 243 244
      end
    end
  end
245
end