/spec/features/security/group/private_access_spec.rb

https://gitlab.com/tnir/gitlab-ce · Ruby · 121 lines · 100 code · 20 blank · 1 comment · 0 complexity · 4c88260dad0e0129c88537d6b6ebb4de MD5 · raw file

  1. # frozen_string_literal: true
  2. require 'spec_helper'
  3. describe 'Private Group access' do
  4. include AccessMatchers
  5. let(:group) { create(:group, :private) }
  6. let(:project) { create(:project, :private, group: group) }
  7. let(:project_guest) do
  8. create(:user) do |user|
  9. project.add_guest(user)
  10. end
  11. end
  12. describe "Group should be private" do
  13. describe '#private?' do
  14. subject { group.private? }
  15. it { is_expected.to be_truthy }
  16. end
  17. end
  18. describe 'GET /groups/:path' do
  19. subject { group_path(group) }
  20. it { is_expected.to be_allowed_for(:admin) }
  21. it { is_expected.to be_allowed_for(:owner).of(group) }
  22. it { is_expected.to be_allowed_for(:maintainer).of(group) }
  23. it { is_expected.to be_allowed_for(:developer).of(group) }
  24. it { is_expected.to be_allowed_for(:reporter).of(group) }
  25. it { is_expected.to be_allowed_for(:guest).of(group) }
  26. it { is_expected.to be_allowed_for(project_guest) }
  27. it { is_expected.to be_denied_for(:user) }
  28. it { is_expected.to be_denied_for(:external) }
  29. it { is_expected.to be_denied_for(:visitor) }
  30. end
  31. describe 'GET /groups/:path/-/issues' do
  32. subject { issues_group_path(group) }
  33. it { is_expected.to be_allowed_for(:admin) }
  34. it { is_expected.to be_allowed_for(:owner).of(group) }
  35. it { is_expected.to be_allowed_for(:maintainer).of(group) }
  36. it { is_expected.to be_allowed_for(:developer).of(group) }
  37. it { is_expected.to be_allowed_for(:reporter).of(group) }
  38. it { is_expected.to be_allowed_for(:guest).of(group) }
  39. it { is_expected.to be_allowed_for(project_guest) }
  40. it { is_expected.to be_denied_for(:user) }
  41. it { is_expected.to be_denied_for(:external) }
  42. it { is_expected.to be_denied_for(:visitor) }
  43. end
  44. describe 'GET /groups/:path/-/merge_requests' do
  45. let(:project) { create(:project, :private, :repository, group: group) }
  46. subject { merge_requests_group_path(group) }
  47. it { is_expected.to be_allowed_for(:admin) }
  48. it { is_expected.to be_allowed_for(:owner).of(group) }
  49. it { is_expected.to be_allowed_for(:maintainer).of(group) }
  50. it { is_expected.to be_allowed_for(:developer).of(group) }
  51. it { is_expected.to be_allowed_for(:reporter).of(group) }
  52. it { is_expected.to be_allowed_for(:guest).of(group) }
  53. it { is_expected.to be_allowed_for(project_guest) }
  54. it { is_expected.to be_denied_for(:user) }
  55. it { is_expected.to be_denied_for(:external) }
  56. it { is_expected.to be_denied_for(:visitor) }
  57. end
  58. describe 'GET /groups/:path/-/group_members' do
  59. subject { group_group_members_path(group) }
  60. it { is_expected.to be_allowed_for(:admin) }
  61. it { is_expected.to be_allowed_for(:owner).of(group) }
  62. it { is_expected.to be_allowed_for(:maintainer).of(group) }
  63. it { is_expected.to be_allowed_for(:developer).of(group) }
  64. it { is_expected.to be_allowed_for(:reporter).of(group) }
  65. it { is_expected.to be_allowed_for(:guest).of(group) }
  66. it { is_expected.to be_allowed_for(project_guest) }
  67. it { is_expected.to be_denied_for(:user) }
  68. it { is_expected.to be_denied_for(:external) }
  69. it { is_expected.to be_denied_for(:visitor) }
  70. end
  71. describe 'GET /groups/:path/-/edit' do
  72. subject { edit_group_path(group) }
  73. it { is_expected.to be_allowed_for(:admin) }
  74. it { is_expected.to be_allowed_for(:owner).of(group) }
  75. it { is_expected.to be_denied_for(:maintainer).of(group) }
  76. it { is_expected.to be_denied_for(:developer).of(group) }
  77. it { is_expected.to be_denied_for(:reporter).of(group) }
  78. it { is_expected.to be_denied_for(:guest).of(group) }
  79. it { is_expected.to be_denied_for(project_guest) }
  80. it { is_expected.to be_denied_for(:user) }
  81. it { is_expected.to be_denied_for(:visitor) }
  82. it { is_expected.to be_denied_for(:external) }
  83. end
  84. describe 'GET /groups/:path for shared projects' do
  85. let(:project) { create(:project, :public) }
  86. before do
  87. create(:project_group_link, project: project, group: group)
  88. end
  89. subject { group_path(group) }
  90. it { is_expected.to be_allowed_for(:admin) }
  91. it { is_expected.to be_allowed_for(:owner).of(group) }
  92. it { is_expected.to be_allowed_for(:maintainer).of(group) }
  93. it { is_expected.to be_allowed_for(:developer).of(group) }
  94. it { is_expected.to be_allowed_for(:reporter).of(group) }
  95. it { is_expected.to be_allowed_for(:guest).of(group) }
  96. it { is_expected.to be_denied_for(project_guest) }
  97. it { is_expected.to be_denied_for(:user) }
  98. it { is_expected.to be_denied_for(:external) }
  99. it { is_expected.to be_denied_for(:visitor) }
  100. end
  101. end