BigW Consortium Gitlab

project_snippet_policy_spec.rb 3.79 KB
Newer Older
Douwe Maan committed
1 2 3
require 'spec_helper'

describe ProjectSnippetPolicy, models: true do
4 5
  let(:regular_user) { create(:user) }
  let(:external_user) { create(:user, :external) }
6
  let(:project) { create(:empty_project, :public) }
Douwe Maan committed
7 8 9 10 11 12 13 14

  let(:author_permissions) do
    [
      :update_project_snippet,
      :admin_project_snippet
    ]
  end

15 16
  def abilities(user, snippet_visibility)
    snippet = create(:project_snippet, snippet_visibility, project: project)
Douwe Maan committed
17

18 19 20 21 22 23 24 25 26
    described_class.new(user, snippet)
  end

  def expect_allowed(*permissions)
    permissions.each { |p| is_expected.to be_allowed(p) }
  end

  def expect_disallowed(*permissions)
    permissions.each { |p| is_expected.not_to be_allowed(p) }
27
  end
Douwe Maan committed
28

29
  context 'public snippet' do
Douwe Maan committed
30
    context 'no user' do
31
      subject { abilities(nil, :public) }
Douwe Maan committed
32 33

      it do
34 35
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
36 37 38 39
      end
    end

    context 'regular user' do
40 41 42
      subject { abilities(regular_user, :public) }

      it do
43 44
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
45 46 47 48 49 50
      end
    end

    context 'external user' do
      subject { abilities(external_user, :public) }

Douwe Maan committed
51
      it do
52 53
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
54 55 56 57 58 59
      end
    end
  end

  context 'internal snippet' do
    context 'no user' do
60
      subject { abilities(nil, :internal) }
Douwe Maan committed
61 62

      it do
63 64
        expect_disallowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
65 66 67 68
      end
    end

    context 'regular user' do
69 70 71
      subject { abilities(regular_user, :internal) }

      it do
72 73
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
74 75 76 77 78 79 80
      end
    end

    context 'external user' do
      subject { abilities(external_user, :internal) }

      it do
81 82
        expect_disallowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
83 84 85 86 87 88
      end
    end

    context 'project team member external user' do
      subject { abilities(external_user, :internal) }

89 90 91
      before do
        project.team << [external_user, :developer]
      end
92

Douwe Maan committed
93
      it do
94 95
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
96 97 98 99 100 101
      end
    end
  end

  context 'private snippet' do
    context 'no user' do
102
      subject { abilities(nil, :private) }
Douwe Maan committed
103 104

      it do
105 106
        expect_disallowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
107 108 109 110
      end
    end

    context 'regular user' do
111 112
      subject { abilities(regular_user, :private) }

Douwe Maan committed
113
      it do
114 115
        expect_disallowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
116 117 118 119
      end
    end

    context 'snippet author' do
120
      let(:snippet) { create(:project_snippet, :private, author: regular_user, project: project) }
121

122
      subject { described_class.new(regular_user, snippet) }
Douwe Maan committed
123 124

      it do
125 126
        expect_allowed(:read_project_snippet)
        expect_allowed(*author_permissions)
Douwe Maan committed
127 128 129
      end
    end

130 131 132
    context 'project team member normal user' do
      subject { abilities(regular_user, :private) }

133 134 135
      before do
        project.team << [regular_user, :developer]
      end
136 137

      it do
138 139
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
140 141 142 143 144 145
      end
    end

    context 'project team member external user' do
      subject { abilities(external_user, :private) }

146 147 148
      before do
        project.team << [external_user, :developer]
      end
Douwe Maan committed
149 150

      it do
151 152
        expect_allowed(:read_project_snippet)
        expect_disallowed(*author_permissions)
Douwe Maan committed
153 154 155 156
      end
    end

    context 'admin user' do
157
      subject { abilities(create(:admin), :private) }
Douwe Maan committed
158 159

      it do
160 161
        expect_allowed(:read_project_snippet)
        expect_allowed(*author_permissions)
Douwe Maan committed
162 163 164 165
      end
    end
  end
end