debian-mirror-gitlab/spec/support/matchers/access_matchers.rb

80 lines
2.1 KiB
Ruby
Raw Normal View History

2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2015-09-11 14:41:01 +05:30
# AccessMatchers
#
# The custom matchers contained in this module are used to test a user's access
# to a URL by emulating a specific user or type of user account, visiting the
# URL, and then checking the response status code and resulting path.
module AccessMatchers
extend RSpec::Matchers::DSL
include Warden::Test::Helpers
2019-07-07 11:18:12 +05:30
def emulate_user(user_type_or_trait, membership = nil)
case user_type_or_trait
when :user, :admin
login_as(create(user_type_or_trait))
when :external, :auditor
login_as(create(:user, user_type_or_trait))
2015-09-11 14:41:01 +05:30
when :visitor
logout
when User
2019-07-07 11:18:12 +05:30
login_as(user_type_or_trait)
2017-08-17 22:00:37 +05:30
when *Gitlab::Access.sym_options_with_owner.keys
2019-07-07 11:18:12 +05:30
raise ArgumentError, "cannot emulate #{user_type_or_trait} without membership parent" unless membership
2017-08-17 22:00:37 +05:30
2019-07-07 11:18:12 +05:30
role = user_type_or_trait
user =
if role == :owner && membership.owner
membership.owner
else
create(:user).tap do |new_user|
membership.public_send(:"add_#{role}", new_user)
end
end
2017-08-17 22:00:37 +05:30
2015-09-11 14:41:01 +05:30
login_as(user)
else
raise ArgumentError, "cannot emulate user #{user}"
end
end
def description_for(user, type)
2017-08-17 22:00:37 +05:30
if user.is_a?(User)
# User#inspect displays too much information for RSpec's descriptions
2016-06-02 11:05:42 +05:30
"be #{type} for the specified user"
2015-09-11 14:41:01 +05:30
else
"be #{type} for #{user}"
end
end
matcher :be_allowed_for do |user|
match do |url|
2017-08-17 22:00:37 +05:30
emulate_user(user, @membership)
visit(url)
2021-02-22 17:27:13 +05:30
status_code == 200 && !current_path.in?([new_user_session_path, new_admin_session_path])
2017-08-17 22:00:37 +05:30
end
chain :of do |membership|
@membership = membership
2015-09-11 14:41:01 +05:30
end
description { description_for(user, 'allowed') }
end
matcher :be_denied_for do |user|
match do |url|
2017-08-17 22:00:37 +05:30
emulate_user(user, @membership)
visit(url)
2021-02-22 17:27:13 +05:30
[401, 404, 403].include?(status_code) || current_path.in?([new_user_session_path, new_admin_session_path])
2017-08-17 22:00:37 +05:30
end
chain :of do |membership|
@membership = membership
2015-09-11 14:41:01 +05:30
end
description { description_for(user, 'denied') }
end
end