project_policy_spec.rb 1.43 KB
require 'spec_helper'

describe ProjectPolicy, models: true do
  let(:project) { create(:empty_project, :public) }
  let(:guest) { create(:user) }
  let(:reporter) { create(:user) }
  let(:dev) { create(:user) }
  let(:master) { create(:user) }
  let(:owner) { create(:user) }
  let(:admin) { create(:admin) }

  let(:users_ordered_by_permissions) do
    [nil, guest, reporter, dev, master, owner, admin]
  end

  let(:users_permissions) do
    users_ordered_by_permissions.map { |u| Ability.allowed(u, project).size }
  end

  before do
    project.team << [guest, :guest]
    project.team << [master, :master]
    project.team << [dev, :developer]
    project.team << [reporter, :reporter]

    group = create(:group)
    project.project_group_links.create(
      group: group,
      group_access: Gitlab::Access::MASTER)
    group.add_owner(owner)
  end

  it 'returns increasing permissions for each level' do
    expect(users_permissions).to eq(users_permissions.sort.uniq)
  end

  it 'does not include the read_issue permission when the issue author is not a member of the private project' do
    project = create(:project, :private)
    issue   = create(:issue, project: project)
    user    = issue.author

    expect(project.team.member?(issue.author)).to eq(false)

    expect(BasePolicy.class_for(project).abilities(user, project).can_set).
      not_to include(:read_issue)

    expect(Ability.allowed?(user, :read_issue, project)).to be_falsy
  end
end