Commit 141593fa authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'rs-project-snippet-security-specs' into 'master'

Speed up project snippet security request specs

Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899

See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7779 and
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7813

See merge request !7890
parents 2394afe4 09b35c53
...@@ -5,76 +5,64 @@ describe "Internal Project Snippets Access", feature: true do ...@@ -5,76 +5,64 @@ describe "Internal Project Snippets Access", feature: true do
let(:project) { create(:empty_project, :internal) } let(:project) { create(:empty_project, :internal) }
let(:owner) { project.owner } let(:internal_snippet) { create(:project_snippet, :internal, project: project, author: project.owner) }
let(:master) { create(:user) } let(:private_snippet) { create(:project_snippet, :private, project: project, author: project.owner) }
let(:developer) { create(:user) }
let(:reporter) { create(:user) }
let(:guest) { create(:user) }
let(:internal_snippet) { create(:project_snippet, :internal, project: project, author: owner) }
let(:private_snippet) { create(:project_snippet, :private, project: project, author: owner) }
before do
project.team << [master, :master]
project.team << [developer, :developer]
project.team << [reporter, :reporter]
project.team << [guest, :guest]
end
describe "GET /:project_path/snippets" do describe "GET /:project_path/snippets" do
subject { namespace_project_snippets_path(project.namespace, project) } subject { namespace_project_snippets_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
describe "GET /:project_path/snippets/new" do describe "GET /:project_path/snippets/new" do
subject { new_namespace_project_snippet_path(project.namespace, project) } subject { new_namespace_project_snippet_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
describe "GET /:project_path/snippets/:id" do describe "GET /:project_path/snippets/:id" do
context "for an internal snippet" do context "for an internal snippet" do
subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) } subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
context "for a private snippet" do context "for a private snippet" do
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) } subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
end end
...@@ -82,29 +70,29 @@ describe "Internal Project Snippets Access", feature: true do ...@@ -82,29 +70,29 @@ describe "Internal Project Snippets Access", feature: true do
context "for an internal snippet" do context "for an internal snippet" do
subject { raw_namespace_project_snippet_path(project.namespace, project, internal_snippet) } subject { raw_namespace_project_snippet_path(project.namespace, project, internal_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
context "for a private snippet" do context "for a private snippet" do
subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) } subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
end end
end end
...@@ -5,73 +5,61 @@ describe "Private Project Snippets Access", feature: true do ...@@ -5,73 +5,61 @@ describe "Private Project Snippets Access", feature: true do
let(:project) { create(:empty_project, :private) } let(:project) { create(:empty_project, :private) }
let(:owner) { project.owner } let(:private_snippet) { create(:project_snippet, :private, project: project, author: project.owner) }
let(:master) { create(:user) }
let(:developer) { create(:user) }
let(:reporter) { create(:user) }
let(:guest) { create(:user) }
let(:private_snippet) { create(:project_snippet, :private, project: project, author: owner) }
before do
project.team << [master, :master]
project.team << [developer, :developer]
project.team << [reporter, :reporter]
project.team << [guest, :guest]
end
describe "GET /:project_path/snippets" do describe "GET /:project_path/snippets" do
subject { namespace_project_snippets_path(project.namespace, project) } subject { namespace_project_snippets_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
describe "GET /:project_path/snippets/new" do describe "GET /:project_path/snippets/new" do
subject { new_namespace_project_snippet_path(project.namespace, project) } subject { new_namespace_project_snippet_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
describe "GET /:project_path/snippets/:id for a private snippet" do describe "GET /:project_path/snippets/:id for a private snippet" do
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) } subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
describe "GET /:project_path/snippets/:id/raw for a private snippet" do describe "GET /:project_path/snippets/:id/raw for a private snippet" do
subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) } subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
end end
...@@ -5,91 +5,79 @@ describe "Public Project Snippets Access", feature: true do ...@@ -5,91 +5,79 @@ describe "Public Project Snippets Access", feature: true do
let(:project) { create(:empty_project, :public) } let(:project) { create(:empty_project, :public) }
let(:owner) { project.owner } let(:public_snippet) { create(:project_snippet, :public, project: project, author: project.owner) }
let(:master) { create(:user) } let(:internal_snippet) { create(:project_snippet, :internal, project: project, author: project.owner) }
let(:developer) { create(:user) } let(:private_snippet) { create(:project_snippet, :private, project: project, author: project.owner) }
let(:reporter) { create(:user) }
let(:guest) { create(:user) }
let(:public_snippet) { create(:project_snippet, :public, project: project, author: owner) }
let(:internal_snippet) { create(:project_snippet, :internal, project: project, author: owner) }
let(:private_snippet) { create(:project_snippet, :private, project: project, author: owner) }
before do
project.team << [master, :master]
project.team << [developer, :developer]
project.team << [reporter, :reporter]
project.team << [guest, :guest]
end
describe "GET /:project_path/snippets" do describe "GET /:project_path/snippets" do
subject { namespace_project_snippets_path(project.namespace, project) } subject { namespace_project_snippets_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for(:external) }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for(:visitor) }
end end
describe "GET /:project_path/snippets/new" do describe "GET /:project_path/snippets/new" do
subject { new_namespace_project_snippet_path(project.namespace, project) } subject { new_namespace_project_snippet_path(project.namespace, project) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_denied_for guest } it { is_expected.to be_denied_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
describe "GET /:project_path/snippets/:id" do describe "GET /:project_path/snippets/:id" do
context "for a public snippet" do context "for a public snippet" do
subject { namespace_project_snippet_path(project.namespace, project, public_snippet) } subject { namespace_project_snippet_path(project.namespace, project, public_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for(:external) }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for(:visitor) }
end end
context "for an internal snippet" do context "for an internal snippet" do
subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) } subject { namespace_project_snippet_path(project.namespace, project, internal_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
context "for a private snippet" do context "for a private snippet" do
subject { namespace_project_snippet_path(project.namespace, project, private_snippet) } subject { namespace_project_snippet_path(project.namespace, project, private_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
end end
...@@ -97,43 +85,43 @@ describe "Public Project Snippets Access", feature: true do ...@@ -97,43 +85,43 @@ describe "Public Project Snippets Access", feature: true do
context "for a public snippet" do context "for a public snippet" do
subject { raw_namespace_project_snippet_path(project.namespace, project, public_snippet) } subject { raw_namespace_project_snippet_path(project.namespace, project, public_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for(:external) }
it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for(:visitor) }
end end
context "for an internal snippet" do context "for an internal snippet" do
subject { raw_namespace_project_snippet_path(project.namespace, project, internal_snippet) } subject { raw_namespace_project_snippet_path(project.namespace, project, internal_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
context "for a private snippet" do context "for a private snippet" do
subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) } subject { raw_namespace_project_snippet_path(project.namespace, project, private_snippet) }
it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for(:admin) }
it { is_expected.to be_allowed_for owner } it { is_expected.to be_allowed_for(:owner).of(project) }
it { is_expected.to be_allowed_for master } it { is_expected.to be_allowed_for(:master).of(project) }
it { is_expected.to be_allowed_for developer } it { is_expected.to be_allowed_for(:developer).of(project) }
it { is_expected.to be_allowed_for reporter } it { is_expected.to be_allowed_for(:reporter).of(project) }
it { is_expected.to be_allowed_for guest } it { is_expected.to be_allowed_for(:guest).of(project) }
it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for(:user) }
it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for(:external) }
it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for(:visitor) }
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment