... @@ -4,10 +4,12 @@ require 'spec_helper'
... @@ -4,10 +4,12 @@ require 'spec_helper'
# Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb
# Snippet visibility scenarios are included in more details in spec/support/snippet_visibility.rb
describe ProjectSnippetPolicy do
describe ProjectSnippetPolicy do
let ( :regular_user ) { create ( :user ) }
let_it_be ( :regular_user ) { create ( :user ) }
let ( :external_user ) { create ( :user , :external ) }
let_it_be ( :other_user ) { create ( :user ) }
let ( :project ) { create ( :project , :public ) }
let_it_be ( :external_user ) { create ( :user , :external ) }
let ( :snippet ) { create ( :project_snippet , snippet_visibility , project: project ) }
let_it_be ( :project ) { create ( :project , :public ) }
let ( :snippet ) { create ( :project_snippet , snippet_visibility , project: project , author: author ) }
let ( :author ) { other_user }
let ( :author_permissions ) do
let ( :author_permissions ) do
[
[
:update_project_snippet ,
:update_project_snippet ,
... @@ -17,6 +19,65 @@ describe ProjectSnippetPolicy do
... @@ -17,6 +19,65 @@ describe ProjectSnippetPolicy do
subject { described_class . new ( current_user , snippet ) }
subject { described_class . new ( current_user , snippet ) }
shared_examples 'regular user access rights' do
context 'project team member (non guest)' do
before do
project . add_developer ( current_user )
end
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( * author_permissions )
end
end
context 'project team member (guest)' do
before do
project . add_guest ( current_user )
end
context 'not snippet author' do
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( :admin_project_snippet )
end
end
end
context 'snippet author' do
let ( :author ) { current_user }
context 'project member (non guest)' do
before do
project . add_developer ( current_user )
end
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_allowed ( * author_permissions )
end
end
context 'project member (guest)' do
before do
project . add_guest ( current_user )
end
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( :admin_project_snippet )
end
end
context 'not a project member' do
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( :admin_project_snippet )
end
end
end
end
context 'public snippet' do
context 'public snippet' do
let ( :snippet_visibility ) { :public }
let ( :snippet_visibility ) { :public }
... @@ -36,6 +97,8 @@ describe ProjectSnippetPolicy do
... @@ -36,6 +97,8 @@ describe ProjectSnippetPolicy do
expect_allowed ( :read_project_snippet , :create_note )
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( * author_permissions )
expect_disallowed ( * author_permissions )
end
end
it_behaves_like 'regular user access rights'
end
end
context 'external user' do
context 'external user' do
... @@ -45,6 +108,17 @@ describe ProjectSnippetPolicy do
... @@ -45,6 +108,17 @@ describe ProjectSnippetPolicy do
expect_allowed ( :read_project_snippet , :create_note )
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( * author_permissions )
expect_disallowed ( * author_permissions )
end
end
context 'project team member' do
before do
project . add_developer ( external_user )
end
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( * author_permissions )
end
end
end
end
end
end
... @@ -67,6 +141,8 @@ describe ProjectSnippetPolicy do
... @@ -67,6 +141,8 @@ describe ProjectSnippetPolicy do
expect_allowed ( :read_project_snippet , :create_note )
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( * author_permissions )
expect_disallowed ( * author_permissions )
end
end
it_behaves_like 'regular user access rights'
end
end
context 'external user' do
context 'external user' do
... @@ -110,33 +186,20 @@ describe ProjectSnippetPolicy do
... @@ -110,33 +186,20 @@ describe ProjectSnippetPolicy do
expect_disallowed ( * author_permissions )
expect_disallowed ( * author_permissions )
end
end
context 'snippet author' do
it_behaves_like 'regular user access rights'
let ( :snippet ) { create ( :project_snippet , :private , author: regular_user , project: project ) }
end
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_allowed ( * author_permissions )
end
end
context 'project team member normal user' do
context 'external user' do
before do
let ( :current_user ) { external_user }
project . add_developer ( regular_user )
end
it do
it do
expect_allowed ( :read_project_snippet , :create_note )
expect_disallowed ( :read_project_snippet , :create_note )
expect_disallowed ( * author_permissions )
expect_disallowed ( * author_permissions )
end
end
end
end
context 'external user' do
context 'project team member' do
context 'project team member' do
let ( :current_user ) { external_user }
before do
before do
project . add_developer ( external _user)
project . add_developer ( current _user)
end
end
it do
it do
...
...
... ...