Commit 09476843 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge branch 'pl-spec-dedupe-base-permissions' into 'master'

Use permission definitions from ProjectPolicy shared context exclusively

See merge request gitlab-org/gitlab!38185
parents b8a8e49d 4d5e047d
...@@ -65,6 +65,7 @@ RSpec.describe ProjectPolicy do ...@@ -65,6 +65,7 @@ RSpec.describe ProjectPolicy do
read_project_security_dashboard read_vulnerability read_vulnerability_scanner read_project_security_dashboard read_vulnerability read_vulnerability_scanner
read_software_license_policy read_software_license_policy
read_threat_monitoring read_merge_train read_threat_monitoring read_merge_train
read_release
] ]
end end
......
...@@ -5,6 +5,7 @@ require 'spec_helper' ...@@ -5,6 +5,7 @@ require 'spec_helper'
RSpec.describe ProjectPolicy do RSpec.describe ProjectPolicy do
include ExternalAuthorizationServiceHelpers include ExternalAuthorizationServiceHelpers
include_context 'ProjectPolicy context' include_context 'ProjectPolicy context'
let_it_be(:other_user) { create(:user) } let_it_be(:other_user) { create(:user) }
let_it_be(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
let_it_be(:reporter) { create(:user) } let_it_be(:reporter) { create(:user) }
...@@ -14,78 +15,6 @@ RSpec.describe ProjectPolicy do ...@@ -14,78 +15,6 @@ RSpec.describe ProjectPolicy do
let_it_be(:admin) { create(:admin) } let_it_be(:admin) { create(:admin) }
let(:project) { create(:project, :public, namespace: owner.namespace) } let(:project) { create(:project, :public, namespace: owner.namespace) }
let(:base_guest_permissions) do
%i[
read_project read_board read_list read_wiki read_issue
read_project_for_iids read_issue_iid read_label
read_milestone read_snippet read_project_member read_note
create_project create_issue create_note upload_file create_merge_request_in
award_emoji read_release read_issue_link
]
end
let(:base_reporter_permissions) do
%i[
download_code fork_project create_snippet update_issue
admin_issue admin_label admin_list read_commit_status read_build
read_container_image read_pipeline read_environment read_deployment
read_merge_request download_wiki_code read_sentry_issue read_metrics_dashboard_annotation
metrics_dashboard read_confidential_issues admin_issue_link
]
end
let(:team_member_reporter_permissions) do
%i[build_download_code build_read_container_image]
end
let(:developer_permissions) do
%i[
admin_tag admin_milestone admin_merge_request update_merge_request create_commit_status
update_commit_status create_build update_build create_pipeline
update_pipeline create_merge_request_from create_wiki push_code
resolve_note create_container_image update_container_image destroy_container_image daily_statistics
create_environment update_environment create_deployment update_deployment create_release update_release
create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation
read_terraform_state read_pod_logs
]
end
let(:base_maintainer_permissions) do
%i[
push_to_delete_protected_branch update_snippet
admin_snippet admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment admin_deployment destroy_release add_cluster
read_deploy_token create_deploy_token destroy_deploy_token
admin_terraform_state
]
end
let(:public_permissions) do
%i[
download_code fork_project read_commit_status read_pipeline
read_container_image build_download_code build_read_container_image
download_wiki_code read_release
]
end
let(:owner_permissions) do
%i[
change_namespace change_visibility_level rename_project remove_project
archive_project remove_fork_project destroy_merge_request destroy_issue
set_issue_iid set_issue_created_at set_issue_updated_at set_note_created_at
]
end
# Used in EE specs
let(:additional_guest_permissions) { [] }
let(:additional_reporter_permissions) { [] }
let(:additional_maintainer_permissions) { [] }
let(:guest_permissions) { base_guest_permissions + additional_guest_permissions }
let(:reporter_permissions) { base_reporter_permissions + additional_reporter_permissions }
let(:maintainer_permissions) { base_maintainer_permissions + additional_maintainer_permissions }
before do before do
project.add_guest(guest) project.add_guest(guest)
project.add_maintainer(maintainer) project.add_maintainer(maintainer)
......
...@@ -11,20 +11,22 @@ RSpec.shared_context 'ProjectPolicy context' do ...@@ -11,20 +11,22 @@ RSpec.shared_context 'ProjectPolicy context' do
let(:base_guest_permissions) do let(:base_guest_permissions) do
%i[ %i[
read_project read_board read_list read_wiki read_issue award_emoji create_issue create_merge_request_in create_note
read_project_for_iids read_issue_iid read_label create_project read_board read_issue read_issue_iid read_issue_link
read_milestone read_snippet read_project_member read_note read_label read_list read_milestone read_note read_project
create_project create_issue create_note upload_file create_merge_request_in read_project_for_iids read_project_member read_release read_snippet
award_emoji read_wiki upload_file
] ]
end end
let(:base_reporter_permissions) do let(:base_reporter_permissions) do
%i[ %i[
download_code fork_project create_snippet update_issue admin_issue admin_issue_link admin_label admin_list create_snippet
admin_issue admin_label admin_list read_commit_status read_build download_code download_wiki_code fork_project metrics_dashboard
read_container_image read_pipeline read_environment read_deployment read_build read_commit_status read_confidential_issues
read_merge_request download_wiki_code read_sentry_issue read_prometheus read_container_image read_deployment read_environment read_merge_request
read_metrics_dashboard_annotation read_pipeline read_prometheus
read_sentry_issue update_issue
] ]
end end
...@@ -34,37 +36,42 @@ RSpec.shared_context 'ProjectPolicy context' do ...@@ -34,37 +36,42 @@ RSpec.shared_context 'ProjectPolicy context' do
let(:developer_permissions) do let(:developer_permissions) do
%i[ %i[
admin_milestone admin_merge_request update_merge_request create_commit_status admin_merge_request admin_milestone admin_tag create_build
update_commit_status create_build update_build create_pipeline create_commit_status create_container_image create_deployment
update_pipeline create_merge_request_from create_wiki push_code create_environment create_merge_request_from
resolve_note create_container_image update_container_image create_metrics_dashboard_annotation create_pipeline create_release
create_environment create_deployment update_deployment create_release update_release create_wiki daily_statistics delete_metrics_dashboard_annotation
update_environment daily_statistics destroy_container_image push_code read_pod_logs read_terraform_state
resolve_note update_build update_commit_status update_container_image
update_deployment update_environment update_merge_request
update_metrics_dashboard_annotation update_pipeline update_release
] ]
end end
let(:base_maintainer_permissions) do let(:base_maintainer_permissions) do
%i[ %i[
push_to_delete_protected_branch update_snippet add_cluster admin_build admin_commit_status admin_container_image
admin_snippet admin_project_member admin_note admin_wiki admin_project admin_deployment admin_environment admin_note admin_pipeline
admin_commit_status admin_build admin_container_image admin_project admin_project_member admin_snippet admin_terraform_state
admin_pipeline admin_environment admin_deployment destroy_release add_cluster admin_wiki create_deploy_token destroy_deploy_token destroy_release
push_to_delete_protected_branch read_deploy_token update_snippet
] ]
end end
let(:public_permissions) do let(:public_permissions) do
%i[ %i[
download_code fork_project read_commit_status read_pipeline build_download_code build_read_container_image download_code
read_container_image build_download_code build_read_container_image download_wiki_code fork_project read_commit_status read_container_image
download_wiki_code read_release read_pipeline read_release
] ]
end end
let(:base_owner_permissions) do let(:base_owner_permissions) do
%i[ %i[
change_namespace change_visibility_level rename_project remove_project archive_project change_namespace change_visibility_level destroy_issue
archive_project remove_fork_project destroy_merge_request destroy_issue destroy_merge_request remove_fork_project remove_project rename_project
set_issue_iid set_issue_created_at set_issue_updated_at set_note_created_at set_issue_created_at set_issue_iid set_issue_updated_at
set_note_created_at
] ]
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment