realaravinth/debian-mirror-gitlab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
debian-mirror-gitlab/spec/policies/ci/runner_policy_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

161 lines
4.4 KiB
Ruby
Raw Normal View History

New upstream version 15.4.2+ds1
2022-10-11 01:57:18 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Ci::RunnerPolicy do
describe 'ability :read_runner' do
let_it_be(:guest) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:owner) { create(:user) }
let_it_be(:group1) { create(:group, name: 'top-level', path: 'top-level') }
let_it_be(:subgroup1) { create(:group, name: 'subgroup1', path: 'subgroup1', parent: group1) }
let_it_be(:project1) { create(:project, group: subgroup1) }
let_it_be(:instance_runner) { create(:ci_runner, :instance) }
let_it_be(:group1_runner) { create(:ci_runner, :group, groups: [group1]) }
let_it_be(:project1_runner) { create(:ci_runner, :project, projects: [project1]) }
subject(:policy) { described_class.new(user, runner) }
before do
group1.add_guest(guest)
group1.add_developer(developer)
group1.add_owner(owner)
end
shared_context 'on hierarchy with shared runners disabled' do
around do |example|
group1.update!(shared_runners_enabled: false)
project1.update!(shared_runners_enabled: false)
example.run
ensure
project1.update!(shared_runners_enabled: true)
group1.update!(shared_runners_enabled: true)
end
end
shared_context 'on hierarchy with group runners disabled' do
around do |example|
project1.update!(group_runners_enabled: false)
example.run
ensure
project1.update!(group_runners_enabled: true)
end
end
shared_examples 'does not allow reading runners on any scope' do
context 'with instance runner' do
let(:runner) { instance_runner }
it { expect_disallowed :read_runner }
context 'with shared runners disabled' do
include_context 'on hierarchy with shared runners disabled' do
it { expect_disallowed :read_runner }
end
end
end
context 'with group runner' do
let(:runner) { group1_runner }
it { expect_disallowed :read_runner }
context 'with group runner disabled' do
include_context 'on hierarchy with group runners disabled' do
it { expect_disallowed :read_runner }
end
end
end
context 'with project runner' do
let(:runner) { project1_runner }
it { expect_disallowed :read_runner }
end
end
context 'without access' do
let_it_be(:user) { create(:user) }
it_behaves_like 'does not allow reading runners on any scope'
end
context 'with guest access' do
let(:user) { guest }
it_behaves_like 'does not allow reading runners on any scope'
end
context 'with developer access' do
let(:user) { developer }
context 'with instance runner' do
let(:runner) { instance_runner }
it { expect_allowed :read_runner }
context 'with shared runners disabled' do
include_context 'on hierarchy with shared runners disabled' do
it { expect_disallowed :read_runner }
end
end
end
context 'with group runner' do
let(:runner) { group1_runner }
it { expect_allowed :read_runner }
context 'with group runner disabled' do
include_context 'on hierarchy with group runners disabled' do
it { expect_disallowed :read_runner }
end
end
end
context 'with project runner' do
let(:runner) { project1_runner }
it { expect_disallowed :read_runner }
end
end
context 'with owner access' do
let(:user) { owner }
context 'with instance runner' do
let(:runner) { instance_runner }
context 'with shared runners disabled' do
include_context 'on hierarchy with shared runners disabled' do
it { expect_disallowed :read_runner }
end
end
it { expect_allowed :read_runner }
end
context 'with group runner' do
let(:runner) { group1_runner }
context 'with group runners disabled' do
include_context 'on hierarchy with group runners disabled' do
it { expect_allowed :read_runner }
end
end
it { expect_allowed :read_runner }
end
context 'with project runner' do
let(:runner) { project1_runner }
it { expect_allowed :read_runner }
end
end
end
end
Reference in a new issue Copy permalink