private_access_spec.rb 7.57 KB
Newer Older
1 2
require 'spec_helper'

3
describe "Private Project Access", feature: true  do
4 5
  include AccessMatchers

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
6
  let(:project) { create(:project) }
7 8 9 10 11 12 13 14 15 16 17 18 19

  let(:master)   { create(:user) }
  let(:guest)    { create(:user) }
  let(:reporter) { create(:user) }

  before do
    # full access
    project.team << [master, :master]

    # readonly
    project.team << [reporter, :reporter]
  end

20 21 22
  describe "Project should be private" do
    subject { project }

23 24 25 26
    describe '#private?' do
      subject { super().private? }
      it { is_expected.to be_truthy }
    end
27 28
  end

29
  describe "GET /:project_path" do
Vinnie Okada's avatar
Vinnie Okada committed
30
    subject { namespace_project_path(project.namespace, project) }
31

32 33 34 35 36 37
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
38 39 40
  end

  describe "GET /:project_path/tree/master" do
Vinnie Okada's avatar
Vinnie Okada committed
41
    subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) }
42

43 44 45 46 47 48
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
49 50 51
  end

  describe "GET /:project_path/commits/master" do
Vinnie Okada's avatar
Vinnie Okada committed
52
    subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) }
53

54 55 56 57 58 59
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
60 61 62
  end

  describe "GET /:project_path/commit/:sha" do
Vinnie Okada's avatar
Vinnie Okada committed
63
    subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) }
64

65 66 67 68 69 70
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
71 72 73
  end

  describe "GET /:project_path/compare" do
Vinnie Okada's avatar
Vinnie Okada committed
74
    subject { namespace_project_compare_index_path(project.namespace, project) }
75

76 77 78 79 80 81
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
82 83
  end

84 85
  describe "GET /:project_path/project_members" do
    subject { namespace_project_project_members_path(project.namespace, project) }
86

87 88 89 90 91 92
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
93 94 95 96 97
  end

  describe "GET /:project_path/blob" do
    before do
      commit = project.repository.commit
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
98
      path = '.gitignore'
Vinnie Okada's avatar
Vinnie Okada committed
99
      @blob_path = namespace_project_blob_path(project.namespace, project, File.join(commit.id, path))
100 101
    end

102 103 104 105 106 107
    it { expect(@blob_path).to be_allowed_for master }
    it { expect(@blob_path).to be_allowed_for reporter }
    it { expect(@blob_path).to be_allowed_for :admin }
    it { expect(@blob_path).to be_denied_for guest }
    it { expect(@blob_path).to be_denied_for :user }
    it { expect(@blob_path).to be_denied_for :visitor }
108 109 110
  end

  describe "GET /:project_path/edit" do
Vinnie Okada's avatar
Vinnie Okada committed
111
    subject { edit_namespace_project_path(project.namespace, project) }
112

113 114 115 116 117 118
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
119 120 121
  end

  describe "GET /:project_path/deploy_keys" do
Vinnie Okada's avatar
Vinnie Okada committed
122
    subject { namespace_project_deploy_keys_path(project.namespace, project) }
123

124 125 126 127 128 129
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
130 131 132
  end

  describe "GET /:project_path/issues" do
Vinnie Okada's avatar
Vinnie Okada committed
133
    subject { namespace_project_issues_path(project.namespace, project) }
134

135 136 137 138 139 140
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
141 142
  end

143 144 145 146 147 148 149 150 151 152 153 154
  describe "GET /:project_path/issues/:id/edit" do
    let(:issue) { create(:issue, project: project) }
    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }

    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
  end

155
  describe "GET /:project_path/snippets" do
Vinnie Okada's avatar
Vinnie Okada committed
156
    subject { namespace_project_snippets_path(project.namespace, project) }
157

158 159 160 161 162 163
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
164 165 166
  end

  describe "GET /:project_path/merge_requests" do
Vinnie Okada's avatar
Vinnie Okada committed
167
    subject { namespace_project_merge_requests_path(project.namespace, project) }
168

169 170 171 172 173 174
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
175 176 177
  end

  describe "GET /:project_path/branches" do
Vinnie Okada's avatar
Vinnie Okada committed
178
    subject { namespace_project_branches_path(project.namespace, project) }
179 180 181

    before do
      # Speed increase
182
      allow_any_instance_of(Project).to receive(:branches).and_return([])
183 184
    end

185 186 187 188 189 190
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
191 192 193
  end

  describe "GET /:project_path/tags" do
Vinnie Okada's avatar
Vinnie Okada committed
194
    subject { namespace_project_tags_path(project.namespace, project) }
195 196 197

    before do
      # Speed increase
198
      allow_any_instance_of(Project).to receive(:tags).and_return([])
199 200
    end

201 202 203 204 205 206
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_allowed_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
207 208 209
  end

  describe "GET /:project_path/hooks" do
Vinnie Okada's avatar
Vinnie Okada committed
210
    subject { namespace_project_hooks_path(project.namespace, project) }
211

212 213 214 215 216 217
    it { is_expected.to be_allowed_for master }
    it { is_expected.to be_denied_for reporter }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_denied_for guest }
    it { is_expected.to be_denied_for :user }
    it { is_expected.to be_denied_for :visitor }
218 219
  end
end