BigW Consortium Gitlab

issues_policy_spec.rb 9.52 KB
Newer Older
1 2 3 4 5 6 7
require 'spec_helper'

describe IssuePolicy, models: true do
  let(:guest) { create(:user) }
  let(:author) { create(:user) }
  let(:assignee) { create(:user) }
  let(:reporter) { create(:user) }
8 9
  let(:group) { create(:group, :public) }
  let(:reporter_from_group_link) { create(:user) }
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  def permissions(user, issue)
    IssuePolicy.abilities(user, issue).to_set
  end

  context 'a private project' do
    let(:non_member) { create(:user) }
    let(:project) { create(:empty_project, :private) }
    let(:issue) { create(:issue, project: project, assignee: assignee, author: author) }
    let(:issue_no_assignee) { create(:issue, project: project) }

    before do
      project.team << [guest, :guest]
      project.team << [author, :guest]
      project.team << [assignee, :guest]
      project.team << [reporter, :reporter]
26 27 28 29

      group.add_reporter(reporter_from_group_link)

      create(:project_group_link, group: group, project: project)
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
    end

    it 'does not allow non-members to read issues' do
      expect(permissions(non_member, issue)).not_to include(:read_issue, :update_issue, :admin_issue)
      expect(permissions(non_member, issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
    end

    it 'allows guests to read issues' do
      expect(permissions(guest, issue)).to include(:read_issue)
      expect(permissions(guest, issue)).not_to include(:update_issue, :admin_issue)

      expect(permissions(guest, issue_no_assignee)).to include(:read_issue)
      expect(permissions(guest, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
    end

    it 'allows reporters to read, update, and admin issues' do
      expect(permissions(reporter, issue)).to include(:read_issue, :update_issue, :admin_issue)
      expect(permissions(reporter, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
    end

50 51 52 53 54
    it 'allows reporters from group links to read, update, and admin issues' do
      expect(permissions(reporter_from_group_link, issue)).to include(:read_issue, :update_issue, :admin_issue)
      expect(permissions(reporter_from_group_link, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
    end

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
    it 'allows issue authors to read and update their issues' do
      expect(permissions(author, issue)).to include(:read_issue, :update_issue)
      expect(permissions(author, issue)).not_to include(:admin_issue)

      expect(permissions(author, issue_no_assignee)).to include(:read_issue)
      expect(permissions(author, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
    end

    it 'allows issue assignees to read and update their issues' do
      expect(permissions(assignee, issue)).to include(:read_issue, :update_issue)
      expect(permissions(assignee, issue)).not_to include(:admin_issue)

      expect(permissions(assignee, issue_no_assignee)).to include(:read_issue)
      expect(permissions(assignee, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
    end

    context 'with confidential issues' do
      let(:confidential_issue) { create(:issue, :confidential, project: project, assignee: assignee, author: author) }
      let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) }

      it 'does not allow non-members to read confidential issues' do
        expect(permissions(non_member, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(non_member, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end

      it 'does not allow guests to read confidential issues' do
        expect(permissions(guest, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(guest, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end

      it 'allows reporters to read, update, and admin confidential issues' do
        expect(permissions(reporter, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(reporter, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
      end

90 91 92 93 94
      it 'allows reporters from group links to read, update, and admin confidential issues' do
        expect(permissions(reporter_from_group_link, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
      end

95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
      it 'allows issue authors to read and update their confidential issues' do
        expect(permissions(author, confidential_issue)).to include(:read_issue, :update_issue)
        expect(permissions(author, confidential_issue)).not_to include(:admin_issue)

        expect(permissions(author, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end

      it 'allows issue assignees to read and update their confidential issues' do
        expect(permissions(assignee, confidential_issue)).to include(:read_issue, :update_issue)
        expect(permissions(assignee, confidential_issue)).not_to include(:admin_issue)

        expect(permissions(assignee, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end
    end
  end

  context 'a public project' do
    let(:project) { create(:empty_project, :public) }
    let(:issue) { create(:issue, project: project, assignee: assignee, author: author) }
    let(:issue_no_assignee) { create(:issue, project: project) }

    before do
      project.team << [guest, :guest]
      project.team << [reporter, :reporter]
119 120 121 122

      group.add_reporter(reporter_from_group_link)

      create(:project_group_link, group: group, project: project)
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137
    end

    it 'allows guests to read issues' do
      expect(permissions(guest, issue)).to include(:read_issue)
      expect(permissions(guest, issue)).not_to include(:update_issue, :admin_issue)

      expect(permissions(guest, issue_no_assignee)).to include(:read_issue)
      expect(permissions(guest, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
    end

    it 'allows reporters to read, update, and admin issues' do
      expect(permissions(reporter, issue)).to include(:read_issue, :update_issue, :admin_issue)
      expect(permissions(reporter, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
    end

138 139 140 141 142
    it 'allows reporters from group links to read, update, and admin issues' do
      expect(permissions(reporter_from_group_link, issue)).to include(:read_issue, :update_issue, :admin_issue)
      expect(permissions(reporter_from_group_link, issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
    end

143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
    it 'allows issue authors to read and update their issues' do
      expect(permissions(author, issue)).to include(:read_issue, :update_issue)
      expect(permissions(author, issue)).not_to include(:admin_issue)

      expect(permissions(author, issue_no_assignee)).to include(:read_issue)
      expect(permissions(author, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
    end

    it 'allows issue assignees to read and update their issues' do
      expect(permissions(assignee, issue)).to include(:read_issue, :update_issue)
      expect(permissions(assignee, issue)).not_to include(:admin_issue)

      expect(permissions(assignee, issue_no_assignee)).to include(:read_issue)
      expect(permissions(assignee, issue_no_assignee)).not_to include(:update_issue, :admin_issue)
    end

    context 'with confidential issues' do
      let(:confidential_issue) { create(:issue, :confidential, project: project, assignee: assignee, author: author) }
      let(:confidential_issue_no_assignee) { create(:issue, :confidential, project: project) }

      it 'does not allow guests to read confidential issues' do
        expect(permissions(guest, confidential_issue)).not_to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(guest, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end

      it 'allows reporters to read, update, and admin confidential issues' do
        expect(permissions(reporter, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(reporter, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
      end

173 174 175 176 177
      it 'allows reporter from group links to read, update, and admin confidential issues' do
        expect(permissions(reporter_from_group_link, confidential_issue)).to include(:read_issue, :update_issue, :admin_issue)
        expect(permissions(reporter_from_group_link, confidential_issue_no_assignee)).to include(:read_issue, :update_issue, :admin_issue)
      end

178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
      it 'allows issue authors to read and update their confidential issues' do
        expect(permissions(author, confidential_issue)).to include(:read_issue, :update_issue)
        expect(permissions(author, confidential_issue)).not_to include(:admin_issue)

        expect(permissions(author, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end

      it 'allows issue assignees to read and update their confidential issues' do
        expect(permissions(assignee, confidential_issue)).to include(:read_issue, :update_issue)
        expect(permissions(assignee, confidential_issue)).not_to include(:admin_issue)

        expect(permissions(assignee, confidential_issue_no_assignee)).not_to include(:read_issue, :update_issue, :admin_issue)
      end
    end
  end
end