BigW Consortium Gitlab

project_security_spec.rb 3.71 KB
Newer Older
gitlabhq committed
1 2 3
require 'spec_helper'

describe Project do
Nihad Abbasov committed
4 5
  describe :authorization do
    before do
6
      @p1 = create(:project)
7

8 9
      @u1 = create(:user)
      @u2 = create(:user)
10
      @u3 = create(:user)
11
      @u4 = @p1.owner
12

gitlabhq committed
13 14 15 16
      @abilities = Six.new
      @abilities << Ability
    end

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
    let(:guest_actions) { Ability.project_guest_rules }
    let(:report_actions) { Ability.project_report_rules }
    let(:dev_actions) { Ability.project_dev_rules }
    let(:master_actions) { Ability.project_master_rules }
    let(:admin_actions) { Ability.project_admin_rules }

    describe "Non member rules" do
      it "should deny for non-project users any actions" do
        admin_actions.each do |action|
          @abilities.allowed?(@u1, action, @p1).should be_false
        end
      end
    end

    describe "Guest Rules" do
      before do
        @p1.users_projects.create(project: @p1, user: @u2, project_access: UsersProject::GUEST)
      end

      it "should allow for project user any guest actions" do
        guest_actions.each do |action|
          @abilities.allowed?(@u2, action, @p1).should be_true
        end
      end
    end

    describe "Report Rules" do
Nihad Abbasov committed
44
      before do
45
        @p1.users_projects.create(project: @p1, user: @u2, project_access: UsersProject::REPORTER)
gitlabhq committed
46 47
      end

48 49 50 51 52
      it "should allow for project user any report actions" do
        report_actions.each do |action|
          @abilities.allowed?(@u2, action, @p1).should be_true
        end
      end
gitlabhq committed
53 54
    end

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
    describe "Developer Rules" do
      before do
        @p1.users_projects.create(project: @p1, user: @u2, project_access: UsersProject::REPORTER)
        @p1.users_projects.create(project: @p1, user: @u3, project_access: UsersProject::DEVELOPER)
      end

      it "should deny for developer master-specific actions" do
        [dev_actions - report_actions].each do |action|
          @abilities.allowed?(@u2, action, @p1).should be_false
        end
      end

      it "should allow for project user any dev actions" do
        dev_actions.each do |action|
          @abilities.allowed?(@u3, action, @p1).should be_true
        end
      end
    end

    describe "Master Rules" do
Nihad Abbasov committed
75
      before do
76
        @p1.users_projects.create(project: @p1, user: @u2, project_access: UsersProject::DEVELOPER)
77
        @p1.users_projects.create(project: @p1, user: @u3, project_access: UsersProject::MASTER)
gitlabhq committed
78 79
      end

80 81 82 83 84 85 86 87 88 89 90
      it "should deny for developer master-specific actions" do
        [master_actions - dev_actions].each do |action|
          @abilities.allowed?(@u2, action, @p1).should be_false
        end
      end

      it "should allow for project user any master actions" do
        master_actions.each do |action|
          @abilities.allowed?(@u3, action, @p1).should be_true
        end
      end
gitlabhq committed
91 92
    end

93
    describe "Admin Rules" do
Nihad Abbasov committed
94
      before do
95 96
        @p1.users_projects.create(project: @p1, user: @u2, project_access: UsersProject::DEVELOPER)
        @p1.users_projects.create(project: @p1, user: @u3, project_access: UsersProject::MASTER)
gitlabhq committed
97 98
      end

99 100 101 102 103 104 105 106 107 108 109
      it "should deny for masters admin-specific actions" do
        [admin_actions - master_actions].each do |action|
          @abilities.allowed?(@u2, action, @p1).should be_false
        end
      end

      it "should allow for project owner any admin actions" do
        admin_actions.each do |action|
          @abilities.allowed?(@u4, action, @p1).should be_true
        end
      end
gitlabhq committed
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
    end
  end
end
# == Schema Information
#
# Table name: projects
#
#  id           :integer         not null, primary key
#  name         :string(255)
#  path         :string(255)
#  description  :text
#  created_at   :datetime
#  updated_at   :datetime
#  private_flag :boolean         default(TRUE), not null
#  code         :string(255)
#