debian-mirror-gitlab/spec/features/security/group/private_access_spec.rb

require 'rails_helper'

describe 'Private Group access' do
  include AccessMatchers

  let(:group)   { create(:group, :private) }
  let(:project) { create(:project, :private, group: group) }
  let(:project_guest) do
    create(:user) do |user|
      project.add_guest(user)
    end
  end

  describe "Group should be private" do
    describe '#private?' do
      subject { group.private? }
      it { is_expected.to be_truthy }
    end
  end

  describe 'GET /groups/:path' do
    subject { group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:maintainer).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/issues' do
    subject { issues_group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:maintainer).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/merge_requests' do
    let(:project) { create(:project, :private, :repository, group: group) }
    subject { merge_requests_group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:maintainer).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/group_members' do
    subject { group_group_members_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:maintainer).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_allowed_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe 'GET /groups/:path/edit' do
    subject { edit_group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_denied_for(:maintainer).of(group) }
    it { is_expected.to be_denied_for(:developer).of(group) }
    it { is_expected.to be_denied_for(:reporter).of(group) }
    it { is_expected.to be_denied_for(:guest).of(group) }
    it { is_expected.to be_denied_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:visitor) }
    it { is_expected.to be_denied_for(:external) }
  end

  describe 'GET /groups/:path for shared projects' do
    let(:project) { create(:project, :public) }

    before do
      Projects::GroupLinks::CreateService.new(
        project,
        create(:user),
        link_group_access: ProjectGroupLink::DEVELOPER
      ).execute(group)
    end

    subject { group_path(group) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(group) }
    it { is_expected.to be_allowed_for(:maintainer).of(group) }
    it { is_expected.to be_allowed_for(:developer).of(group) }
    it { is_expected.to be_allowed_for(:reporter).of(group) }
    it { is_expected.to be_allowed_for(:guest).of(group) }
    it { is_expected.to be_denied_for(project_guest) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end
end
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`require 'rails_helper'`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`describe 'Private Group access' do`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`include AccessMatchers`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`let(:group) { create(:group, :private) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`let(:project) { create(:project, :private, group: group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`let(:project_guest) do`
			`create(:user) do \|user\|`
			`project.add_guest(user)`
			`end`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`describe "Group should be private" do`
			`describe '#private?' do`
			`subject { group.private? }`
			`it { is_expected.to be_truthy }`
			`end`
			`end`

			`describe 'GET /groups/:path' do`
			`subject { group_path(group) }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`it { is_expected.to be_allowed_for(:maintainer).of(group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`describe 'GET /groups/:path/issues' do`
			`subject { issues_group_path(group) }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`it { is_expected.to be_allowed_for(:maintainer).of(group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`describe 'GET /groups/:path/merge_requests' do`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`let(:project) { create(:project, :private, :repository, group: group) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`subject { merge_requests_group_path(group) }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`it { is_expected.to be_allowed_for(:maintainer).of(group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`describe 'GET /groups/:path/group_members' do`
			`subject { group_group_members_path(group) }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`it { is_expected.to be_allowed_for(:maintainer).of(group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_allowed_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`describe 'GET /groups/:path/edit' do`
			`subject { edit_group_path(group) }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`it { is_expected.to be_denied_for(:maintainer).of(group) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`it { is_expected.to be_denied_for(:developer).of(group) }`
			`it { is_expected.to be_denied_for(:reporter).of(group) }`
			`it { is_expected.to be_denied_for(:guest).of(group) }`
			`it { is_expected.to be_denied_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:visitor) }`
			`it { is_expected.to be_denied_for(:external) }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`
New upstream version 11.8.2 2019-03-13 22:55:13 +05:30
			`describe 'GET /groups/:path for shared projects' do`
			`let(:project) { create(:project, :public) }`

			`before do`
New upstream version 11.8.10+dfsg 2019-05-30 16:15:17 +05:30			`Projects::GroupLinks::CreateService.new(`
			`project,`
			`create(:user),`
			`link_group_access: ProjectGroupLink::DEVELOPER`
			`).execute(group)`
New upstream version 11.8.2 2019-03-13 22:55:13 +05:30			`end`

			`subject { group_path(group) }`

			`it { is_expected.to be_allowed_for(:admin) }`
			`it { is_expected.to be_allowed_for(:owner).of(group) }`
			`it { is_expected.to be_allowed_for(:maintainer).of(group) }`
			`it { is_expected.to be_allowed_for(:developer).of(group) }`
			`it { is_expected.to be_allowed_for(:reporter).of(group) }`
			`it { is_expected.to be_allowed_for(:guest).of(group) }`
			`it { is_expected.to be_denied_for(project_guest) }`
			`it { is_expected.to be_denied_for(:user) }`
			`it { is_expected.to be_denied_for(:external) }`
			`it { is_expected.to be_denied_for(:visitor) }`
			`end`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`