debian-mirror-gitlab/spec/features/security/project/snippet/internal_access_spec.rb

103 lines
4.8 KiB
Ruby
Raw Normal View History

2019-10-12 21:52:04 +05:30
# frozen_string_literal: true
2016-06-02 11:05:42 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe "Internal Project Snippets Access" do
2016-06-02 11:05:42 +05:30
include AccessMatchers
2020-10-24 23:57:45 +05:30
let_it_be(:project) { create(:project, :internal) }
let_it_be(:internal_snippet) { create(:project_snippet, :internal, project: project, author: project.owner) }
let_it_be(:private_snippet) { create(:project_snippet, :private, project: project, author: project.owner) }
2016-06-02 11:05:42 +05:30
describe "GET /:project_path/snippets" do
2017-09-10 17:25:29 +05:30
subject { project_snippets_path(project) }
2016-06-02 11:05:42 +05:30
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { is_expected.to be_allowed_for(:maintainer).of(project) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
2016-06-02 11:05:42 +05:30
end
describe "GET /:project_path/snippets/new" do
2017-09-10 17:25:29 +05:30
subject { new_project_snippet_path(project) }
2016-06-02 11:05:42 +05:30
2021-02-22 17:27:13 +05:30
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { is_expected.to be_allowed_for(:maintainer).of(project) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_denied_for(:guest).of(project) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
2016-06-02 11:05:42 +05:30
end
2017-08-17 22:00:37 +05:30
describe "GET /:project_path/snippets/:id" do
context "for an internal snippet" do
2017-09-10 17:25:29 +05:30
subject { project_snippet_path(project, internal_snippet) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { is_expected.to be_allowed_for(:maintainer).of(project) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
end
2016-06-02 11:05:42 +05:30
2017-08-17 22:00:37 +05:30
context "for a private snippet" do
2017-09-10 17:25:29 +05:30
subject { project_snippet_path(project, private_snippet) }
2017-08-17 22:00:37 +05:30
2021-02-22 17:27:13 +05:30
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { is_expected.to be_allowed_for(:maintainer).of(project) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
end
2016-06-02 11:05:42 +05:30
end
2017-08-17 22:00:37 +05:30
describe "GET /:project_path/snippets/:id/raw" do
context "for an internal snippet" do
2017-09-10 17:25:29 +05:30
subject { raw_project_snippet_path(project, internal_snippet) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { is_expected.to be_allowed_for(:maintainer).of(project) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
end
context "for a private snippet" do
2017-09-10 17:25:29 +05:30
subject { raw_project_snippet_path(project, private_snippet) }
2016-06-02 11:05:42 +05:30
2021-02-22 17:27:13 +05:30
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { is_expected.to be_allowed_for(:admin) }
it('is denied for admin when admin mode is disabled') { is_expected.to be_denied_for(:admin) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { is_expected.to be_allowed_for(:maintainer).of(project) }
2017-08-17 22:00:37 +05:30
it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for(:visitor) }
end
2016-06-02 11:05:42 +05:30
end
end