BigW Consortium Gitlab

user_access_spec.rb 6.65 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
require 'spec_helper'

describe Gitlab::UserAccess, lib: true do
  let(:access) { Gitlab::UserAccess.new(user, project: project) }
  let(:project) { create(:project) }
  let(:user) { create(:user) }

  describe 'can_push_to_branch?' do
    describe 'push to none protected branch' do
      it 'returns true if user is a master' do
        project.team << [user, :master]
12

13 14 15 16 17
        expect(access.can_push_to_branch?('random_branch')).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.team << [user, :developer]
18

19 20 21 22 23
        expect(access.can_push_to_branch?('random_branch')).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]
24

25 26 27 28
        expect(access.can_push_to_branch?('random_branch')).to be_falsey
      end
    end

29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
    describe 'push to empty project' do
      let(:empty_project) { create(:project_empty_repo) }
      let(:project_access) { Gitlab::UserAccess.new(user, project: empty_project) }

      it 'returns true if user is master' do
        empty_project.team << [user, :master]

        expect(project_access.can_push_to_branch?('master')).to be_truthy
      end

      it 'returns false if user is developer and project is fully protected' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_FULL)

        expect(project_access.can_push_to_branch?('master')).to be_falsey
      end

      it 'returns false if user is developer and it is not allowed to push new commits but can merge into branch' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)

        expect(project_access.can_push_to_branch?('master')).to be_falsey
      end

      it 'returns true if user is developer and project is unprotected' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)

        expect(project_access.can_push_to_branch?('master')).to be_truthy
      end

      it 'returns true if user is developer and project grants developers permission' do
        empty_project.team << [user, :developer]
        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)

        expect(project_access.can_push_to_branch?('master')).to be_truthy
      end
    end

68
    describe 'push to protected branch' do
69 70
      let(:branch) { create :protected_branch, project: project, name: "test" }
      let(:not_existing_branch) { create :protected_branch, :developers_can_merge, project: project }
71 72 73

      it 'returns true if user is a master' do
        project.team << [user, :master]
74

75 76 77 78 79
        expect(access.can_push_to_branch?(branch.name)).to be_truthy
      end

      it 'returns false if user is a developer' do
        project.team << [user, :developer]
80

81 82 83 84 85
        expect(access.can_push_to_branch?(branch.name)).to be_falsey
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]
86

87 88
        expect(access.can_push_to_branch?(branch.name)).to be_falsey
      end
89

90
      it 'returns false if branch does not exist' do
91 92
        project.team << [user, :developer]

93
        expect(access.can_push_to_branch?(not_existing_branch.name)).to be_falsey
94
      end
95 96 97 98
    end

    describe 'push to protected branch if allowed for developers' do
      before do
99
        @branch = create :protected_branch, :developers_can_push, project: project
100 101 102 103
      end

      it 'returns true if user is a master' do
        project.team << [user, :master]
104

105 106 107 108 109
        expect(access.can_push_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.team << [user, :developer]
110

111 112 113 114 115
        expect(access.can_push_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]
116

117 118 119 120 121 122
        expect(access.can_push_to_branch?(@branch.name)).to be_falsey
      end
    end

    describe 'merge to protected branch if allowed for developers' do
      before do
123
        @branch = create :protected_branch, :developers_can_merge, project: project
124 125 126 127
      end

      it 'returns true if user is a master' do
        project.team << [user, :master]
128

129 130 131 132 133
        expect(access.can_merge_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.team << [user, :developer]
134

135 136 137 138 139
        expect(access.can_merge_to_branch?(@branch.name)).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.team << [user, :reporter]
140

141 142 143 144
        expect(access.can_merge_to_branch?(@branch.name)).to be_falsey
      end
    end
  end
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191

  describe 'can_create_tag?' do
    describe 'push to none protected tag' do
      it 'returns true if user is a master' do
        project.add_user(user, :master)

        expect(access.can_create_tag?('random_tag')).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.add_user(user, :developer)

        expect(access.can_create_tag?('random_tag')).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.add_user(user, :reporter)

        expect(access.can_create_tag?('random_tag')).to be_falsey
      end
    end

    describe 'push to protected tag' do
      let(:tag) { create(:protected_tag, project: project, name: "test") }
      let(:not_existing_tag) { create :protected_tag, project: project }

      it 'returns true if user is a master' do
        project.add_user(user, :master)

        expect(access.can_create_tag?(tag.name)).to be_truthy
      end

      it 'returns false if user is a developer' do
        project.add_user(user, :developer)

        expect(access.can_create_tag?(tag.name)).to be_falsey
      end

      it 'returns false if user is a reporter' do
        project.add_user(user, :reporter)

        expect(access.can_create_tag?(tag.name)).to be_falsey
      end
    end

    describe 'push to protected tag if allowed for developers' do
      before do
192
        @tag = create(:protected_tag, :developers_can_create, project: project)
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
      end

      it 'returns true if user is a master' do
        project.add_user(user, :master)

        expect(access.can_create_tag?(@tag.name)).to be_truthy
      end

      it 'returns true if user is a developer' do
        project.add_user(user, :developer)

        expect(access.can_create_tag?(@tag.name)).to be_truthy
      end

      it 'returns false if user is a reporter' do
        project.add_user(user, :reporter)

        expect(access.can_create_tag?(@tag.name)).to be_falsey
      end
    end
  end
214
end