Commit cbcc0b6e authored by Imre Farkas's avatar Imre Farkas

Merge branch 'chore/disable-admin-mode-remains' into 'master'

Fully disable auto admin mode and migrate remaining specs

See merge request gitlab-org/gitlab!50331
parents 1c8deba0 891ac050
---
title: Fully disable auto admin mode and migrate remaining specs
merge_request: 50331
author: Diego Louzán
type: other
......@@ -3,8 +3,11 @@
require 'spec_helper'
RSpec.describe 'GlobalSearch', :elastic do
include AdminModeHelper
let(:features) { %i(issues merge_requests repository builds wiki snippets) }
let(:admin) { create :user, admin: true }
let(:admin_with_admin_mode) { create :user, admin: true }
let(:admin_without_admin_mode) { create :user, admin: true }
let(:auditor) {create :user, auditor: true }
let(:non_member) { create :user }
let(:external_non_member) { create :user, external: true }
......@@ -19,6 +22,8 @@ RSpec.describe 'GlobalSearch', :elastic do
project.add_developer(member)
project.add_developer(external_member)
project.add_guest(guest)
enable_admin_mode!(admin_with_admin_mode)
end
context "Respect feature visibility levels", :aggregate_failures do
......@@ -29,7 +34,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "does not find items if features are disabled" do
create_items(project, feature_settings(:disabled))
expect_no_items_to_be_found(admin)
expect_no_items_to_be_found(admin_with_admin_mode)
expect_no_items_to_be_found(admin_without_admin_mode)
expect_no_items_to_be_found(auditor)
expect_no_items_to_be_found(member)
expect_no_items_to_be_found(external_member)
......@@ -42,7 +48,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "shows items to member only if features are enabled" do
create_items(project, feature_settings(:enabled))
expect_items_to_be_found(admin)
expect_items_to_be_found(admin_with_admin_mode)
expect_no_items_to_be_found(admin_without_admin_mode)
expect_items_to_be_found(auditor)
expect_items_to_be_found(member)
expect_items_to_be_found(external_member)
......@@ -60,7 +67,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "does not find items if features are disabled" do
create_items(project, feature_settings(:disabled))
expect_no_items_to_be_found(admin)
expect_no_items_to_be_found(admin_with_admin_mode)
expect_no_items_to_be_found(admin_without_admin_mode)
expect_no_items_to_be_found(auditor)
expect_no_items_to_be_found(member)
expect_no_items_to_be_found(external_member)
......@@ -73,7 +81,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "shows items to member only if features are enabled" do
create_items(project, feature_settings(:enabled))
expect_items_to_be_found(admin)
expect_items_to_be_found(admin_with_admin_mode)
expect_items_to_be_found(admin_without_admin_mode)
expect_items_to_be_found(auditor)
expect_items_to_be_found(member)
expect_items_to_be_found(external_member)
......@@ -86,7 +95,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "shows items to member only if features are private" do
create_items(project, feature_settings(:private))
expect_items_to_be_found(admin)
expect_items_to_be_found(admin_with_admin_mode)
expect_no_items_to_be_found(admin_without_admin_mode)
expect_items_to_be_found(auditor)
expect_items_to_be_found(member)
expect_items_to_be_found(external_member)
......@@ -104,7 +114,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "does not find items if features are disabled" do
create_items(project, feature_settings(:disabled))
expect_no_items_to_be_found(admin)
expect_no_items_to_be_found(admin_with_admin_mode)
expect_no_items_to_be_found(admin_without_admin_mode)
expect_no_items_to_be_found(auditor)
expect_no_items_to_be_found(member)
expect_no_items_to_be_found(external_member)
......@@ -117,7 +128,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "finds items if features are enabled" do
create_items(project, feature_settings(:enabled))
expect_items_to_be_found(admin)
expect_items_to_be_found(admin_with_admin_mode)
expect_items_to_be_found(admin_without_admin_mode)
expect_items_to_be_found(auditor)
expect_items_to_be_found(member)
expect_items_to_be_found(external_member)
......@@ -130,7 +142,8 @@ RSpec.describe 'GlobalSearch', :elastic do
it "shows items to member only if features are private", :aggregate_failures do
create_items(project, feature_settings(:private))
expect_items_to_be_found(admin)
expect_items_to_be_found(admin_with_admin_mode)
expect_no_items_to_be_found(admin_without_admin_mode)
expect_items_to_be_found(auditor)
expect_items_to_be_found(member)
expect_items_to_be_found(external_member)
......
......@@ -7,6 +7,7 @@ RSpec.describe LicensesFinder do
let_it_be(:user) { create(:admin) }
context 'with admin mode enabled', :enable_admin_mode do
it 'returns a license by id' do
expect(described_class.new(user, id: license.id).execute.take).to eq(license)
end
......@@ -18,6 +19,13 @@ RSpec.describe LicensesFinder do
it 'returns empty relation if the license doesnt exist' do
expect(described_class.new(user, id: 0).execute).to be_empty
end
end
context 'with admin mode disabled' do
it 'raises an error' do
expect { described_class.new(user, id: 0).execute }.to raise_error Gitlab::Access::AccessDeniedError
end
end
it 'raises an error if the user is not an admin' do
expect { described_class.new(create(:user), id: 0).execute }.to raise_error Gitlab::Access::AccessDeniedError
......
......@@ -5,7 +5,8 @@ require 'spec_helper'
RSpec.describe ProductivityAnalyticsFinder do
subject { described_class.new(current_user, search_params.merge(state: :merged)) }
let(:current_user) { create(:admin) }
let(:project) { create(:project) }
let(:current_user) { project.owner }
let(:search_params) { {} }
describe '.array_params' do
......@@ -23,12 +24,12 @@ RSpec.describe ProductivityAnalyticsFinder do
describe '#execute' do
let(:long_mr) do
metrics_data = { merged_at: 1.day.ago }
create(:merge_request, :merged, :with_productivity_metrics, created_at: 31.days.ago, metrics_data: metrics_data)
create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 31.days.ago, metrics_data: metrics_data)
end
let(:short_mr) do
metrics_data = { merged_at: 28.days.ago }
create(:merge_request, :merged, :with_productivity_metrics, created_at: 31.days.ago, metrics_data: metrics_data)
create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 31.days.ago, metrics_data: metrics_data)
end
context 'allows to filter by days_to_merge' do
......@@ -90,7 +91,7 @@ RSpec.describe ProductivityAnalyticsFinder do
it 'uses start_date as filter value' do
metrics_data = { merged_at: (2.years + 1.day).ago }
create(:merge_request, :merged, :with_productivity_metrics, created_at: 800.days.ago, metrics_data: metrics_data)
create(:merge_request, :merged, :with_productivity_metrics, project: project, created_at: 800.days.ago, metrics_data: metrics_data)
long_mr
expect(subject.execute).to match_array([long_mr])
......
......@@ -95,7 +95,7 @@ RSpec.describe DashboardOperationsProjectEntity do
expect(subject).not_to include(:alert_count, :upgrade_path)
end
context 'the user has permission to upgrade plan' do
context 'the user has permission to upgrade plan', :enable_admin_mode do
let(:user) { build(:user, :admin) }
it 'shows the profile upgrade path' do
......@@ -103,7 +103,7 @@ RSpec.describe DashboardOperationsProjectEntity do
end
end
context 'the user has permission to upgrade group' do
context 'the user has permission to upgrade group', :enable_admin_mode do
let(:project) { build(:project, namespace: create(:group)) }
let(:user) { build(:user, :admin) }
......
......@@ -20,17 +20,23 @@ RSpec.shared_examples 'a framework registry finder' do |registry_factory|
context 'when user can read all Geo' do
let_it_be(:user) { create(:user, :admin) }
context 'when admin mode is disabled' do
it { is_expected.to be_empty }
end
context 'when admin mode is enabled', :enable_admin_mode do
context 'with an ids param' do
let(:params) { { ids: [registry3.id, registry1.id] } }
it 'returns specified registries' do
expect(registries.to_a).to eq([registry1, registry3])
expect(registries.to_a).to contain_exactly(registry1, registry3)
end
end
context 'without an ids param' do
it 'returns all registries' do
expect(registries.to_a).to eq([registry1, registry2, registry3])
expect(registries.to_a).to contain_exactly(registry1, registry2, registry3)
end
end
end
end
......
......@@ -20,6 +20,7 @@ RSpec.shared_examples_for 'a Geo registries resolver' do |registry_factory_name|
context 'when the user has permission to view Geo data' do
let_it_be(:current_user) { create(:admin) }
context 'when admin mode is enabled', :enable_admin_mode do
context 'when the ids argument is null' do
it 'returns registries, in order' do
expect(resolve_registries.to_a).to eq(registries)
......@@ -37,6 +38,13 @@ RSpec.shared_examples_for 'a Geo registries resolver' do |registry_factory_name|
end
end
context 'when admin mode is disabled' do
it 'returns nothing' do
expect(resolve_registries).to be_empty
end
end
end
context 'when the user does not have permission to view Geo data' do
let_it_be(:current_user) { create(:user) }
......
......@@ -83,8 +83,16 @@ RSpec.describe ClusterAncestorsFinder, '#execute' do
let(:clusterable) { Clusters::Instance.new }
let(:user) { create(:admin) }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns the list of instance clusters' do
is_expected.to eq([instance_cluster])
end
end
context 'when admin mode is disabled' do
it 'returns nothing' do
is_expected.to be_empty
end
end
end
end
......@@ -142,20 +142,40 @@ RSpec.describe GroupProjectsFinder do
describe 'with an admin current user' do
let(:current_user) { create(:admin) }
context 'when admin mode is enabled', :enable_admin_mode do
context "only shared" do
let(:options) { { only_shared: true } }
it { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
it { is_expected.to contain_exactly(shared_project_3, shared_project_2, shared_project_1) }
end
context "only owned" do
let(:options) { { only_owned: true } }
it { is_expected.to eq([private_project, public_project]) }
it { is_expected.to contain_exactly(private_project, public_project) }
end
context "all" do
it { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, private_project, public_project]) }
it { is_expected.to contain_exactly(shared_project_3, shared_project_2, shared_project_1, private_project, public_project) }
end
end
context 'when admin mode is disabled' do
context "only shared" do
let(:options) { { only_shared: true } }
it { is_expected.to contain_exactly(shared_project_3, shared_project_1) }
end
context "only owned" do
let(:options) { { only_owned: true } }
it { is_expected.to contain_exactly(public_project) }
end
context "all" do
it { is_expected.to contain_exactly(shared_project_3, shared_project_1, public_project) }
end
end
end
......
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe GroupsFinder do
include AdminModeHelper
describe '#execute' do
let(:user) { create(:user) }
......@@ -23,10 +25,15 @@ RSpec.describe GroupsFinder do
:external | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
:external | {} | %i(public_group user_public_group user_internal_group user_private_group)
:admin | { all_available: true } | %i(public_group internal_group private_group user_public_group
:admin_without_admin_mode | { all_available: true } | %i(public_group internal_group user_public_group
user_internal_group user_private_group)
:admin_without_admin_mode | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
:admin_without_admin_mode | {} | %i(public_group internal_group user_public_group user_internal_group user_private_group)
:admin_with_admin_mode | { all_available: true } | %i(public_group internal_group private_group user_public_group
user_internal_group user_private_group)
:admin | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
:admin | {} | %i(public_group internal_group private_group user_public_group user_internal_group
:admin_with_admin_mode | { all_available: false } | %i(user_public_group user_internal_group user_private_group)
:admin_with_admin_mode | {} | %i(public_group internal_group private_group user_public_group user_internal_group
user_private_group)
end
......@@ -52,8 +59,12 @@ RSpec.describe GroupsFinder do
create(:user)
when :external
create(:user, external: true)
when :admin
when :admin_without_admin_mode
create(:user, :admin)
when :admin_with_admin_mode
admin = create(:user, :admin)
enable_admin_mode!(admin)
admin
end
@groups.values_at(:user_private_group, :user_internal_group, :user_public_group).each do |group|
group.add_developer(user)
......
......@@ -918,6 +918,7 @@ RSpec.describe IssuesFinder do
describe '#row_count', :request_store do
let_it_be(:admin) { create(:admin) }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns the number of rows for the default state' do
finder = described_class.new(admin)
......@@ -929,6 +930,15 @@ RSpec.describe IssuesFinder do
expect(finder.row_count).to be_zero
end
end
context 'when admin mode is disabled' do
it 'returns no rows' do
finder = described_class.new(admin)
expect(finder.row_count).to be_zero
end
end
it 'returns -1 if the query times out' do
finder = described_class.new(admin)
......@@ -996,10 +1006,19 @@ RSpec.describe IssuesFinder do
subject { described_class.new(admin_user, params).with_confidentiality_access_check }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns all issues' do
expect(subject).to include(public_issue, confidential_issue)
end
end
context 'when admin mode is disabled' do
it 'returns only public issues' do
expect(subject).to include(public_issue)
expect(subject).not_to include(confidential_issue)
end
end
end
end
context 'when searching within a specific project' do
......@@ -1069,6 +1088,7 @@ RSpec.describe IssuesFinder do
subject { described_class.new(admin_user, params).with_confidentiality_access_check }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns all issues' do
expect(subject).to include(public_issue, confidential_issue)
end
......@@ -1079,6 +1099,18 @@ RSpec.describe IssuesFinder do
subject
end
end
context 'when admin mode is disabled' do
it 'returns only public issues' do
expect(subject).to include(public_issue)
expect(subject).not_to include(confidential_issue)
end
it 'filters by confidentiality' do
expect(subject.to_sql).to match("issues.confidential")
end
end
end
end
end
......
......@@ -697,13 +697,21 @@ RSpec.describe MergeRequestsFinder do
context 'with admin user' do
let(:user) { create(:user, :admin) }
context 'when admin mode is enabled', :enable_admin_mode do
it 'returns all merge requests' do
expect(merge_requests).to eq(
[mr_internal_private_repo_access, mr_private_repo_access, mr_internal, mr_private, mr_public]
expect(merge_requests).to contain_exactly(
mr_internal_private_repo_access, mr_private_repo_access, mr_internal, mr_private, mr_public
)
end
end
context 'when admin mode is disabled' do
it 'returns public and internal merge requests' do
expect(merge_requests).to contain_exactly(mr_internal, mr_public)
end
end
end
context 'when project restricts merge requests' do
let(:non_member) { create(:user) }
let(:project) { create(:project, :repository, :public, :merge_requests_private) }
......
......@@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe ProjectsFinder, :do_not_mock_admin_mode do
RSpec.describe ProjectsFinder do
include AdminModeHelper
describe '#execute' do
......
......@@ -106,12 +106,18 @@ RSpec.describe SnippetsFinder do
expect(snippets).to contain_exactly(public_personal_snippet)
end
it 'returns all snippets for an admin' do
it 'returns all snippets for an admin in admin mode', :enable_admin_mode do
snippets = described_class.new(admin, author: user).execute
expect(snippets).to contain_exactly(private_personal_snippet, internal_personal_snippet, public_personal_snippet)
end
it 'returns all public and internal snippets for an admin without admin mode' do
snippets = described_class.new(admin, author: user).execute
expect(snippets).to contain_exactly(internal_personal_snippet, public_personal_snippet)
end
context 'when author is not valid' do
it 'returns quickly' do
finder = described_class.new(admin, author: non_existing_record_id)
......@@ -180,12 +186,18 @@ RSpec.describe SnippetsFinder do
expect(snippets).to contain_exactly(private_project_snippet)
end
it 'returns all snippets for an admin' do
it 'returns all snippets for an admin in admin mode', :enable_admin_mode do
snippets = described_class.new(admin, project: project).execute
expect(snippets).to contain_exactly(private_project_snippet, internal_project_snippet, public_project_snippet)
end
it 'returns public and internal snippets for an admin without admin mode' do
snippets = described_class.new(admin, project: project).execute
expect(snippets).to contain_exactly(internal_project_snippet, public_project_snippet)
end
context 'filter by author' do
let!(:other_user) { create(:user) }
let!(:other_private_project_snippet) { create(:project_snippet, :private, project: project, author: other_user) }
......@@ -218,7 +230,7 @@ RSpec.describe SnippetsFinder do
end
context 'filter by snippet type' do
context 'when filtering by only_personal snippet' do
context 'when filtering by only_personal snippet', :enable_admin_mode do
it 'returns only personal snippet' do
snippets = described_class.new(admin, only_personal: true).execute
......@@ -228,7 +240,7 @@ RSpec.describe SnippetsFinder do
end
end
context 'when filtering by only_project snippet' do
context 'when filtering by only_project snippet', :enable_admin_mode do
it 'returns only project snippet' do
snippets = described_class.new(admin, only_project: true).execute
......@@ -239,7 +251,7 @@ RSpec.describe SnippetsFinder do
end
end
context 'filtering by ids' do
context 'filtering by ids', :enable_admin_mode do
it 'returns only personal snippet' do
snippets = described_class.new(
admin, ids: [private_personal_snippet.id,
......@@ -265,13 +277,21 @@ RSpec.describe SnippetsFinder do
)
end
it 'returns all personal snippets for admins' do
it 'returns all personal snippets for admins when in admin mode', :enable_admin_mode do
snippets = described_class.new(admin, explore: true).execute
expect(snippets).to contain_exactly(
private_personal_snippet, internal_personal_snippet, public_personal_snippet
)
end
it 'also returns internal personal snippets for admins without admin mode' do
snippets = described_class.new(admin, explore: true).execute
expect(snippets).to contain_exactly(
internal_personal_snippet, public_personal_snippet
)
end
end
context 'when the user cannot read cross project' do
......@@ -302,7 +322,7 @@ RSpec.describe SnippetsFinder do
end
end
context 'no sort param is provided' do
context 'no sort param is provided', :enable_admin_mode do
it 'returns snippets sorted by id' do
snippets = described_class.new(admin).execute
......@@ -310,7 +330,7 @@ RSpec.describe SnippetsFinder do
end
end
context 'sort param is provided' do
context 'sort param is provided', :enable_admin_mode do
it 'returns snippets sorted by sort param' do
snippets = described_class.new(admin, sort: 'updated_desc').execute
......
......@@ -90,7 +90,7 @@ RSpec.describe UsersFinder do
end
end
context 'with an admin user' do
context 'with an admin user', :enable_admin_mode do
let(:admin) { create(:admin) }
it 'filters by external users' do
......
......@@ -5,14 +5,13 @@ require 'spec_helper'
RSpec.describe BuildDetailsEntity do
include ProjectForksHelper
let_it_be(:user) { create(:admin) }
it 'inherits from JobEntity' do
expect(described_class).to be < JobEntity
end
describe '#as_json' do
let(:project) { create(:project, :repository) }
let(:user) { project.owner }
let(:pipeline) { create(:ci_pipeline, project: project) }
let(:build) { create(:ci_build, :failed, pipeline: pipeline) }
let(:request) { double('request', project: project) }
......@@ -66,6 +65,7 @@ RSpec.describe BuildDetailsEntity do
before do
allow(build).to receive(:merge_request).and_return(merge_request)
forked_project.add_developer(user)
end
let(:merge_request) do
......@@ -186,7 +186,7 @@ RSpec.describe BuildDetailsEntity do
end
context 'when the build has expired artifacts' do
let!(:build) { create(:ci_build, :artifacts, artifacts_expire_at: 7.days.ago) }
let!(:build) { create(:ci_build, :artifacts, pipeline: pipeline, artifacts_expire_at: 7.days.ago) }
context 'when pipeline is unlocked' do
before do
......@@ -218,7 +218,7 @@ RSpec.describe BuildDetailsEntity do
end
context 'when the build has archive type artifacts' do
let!(:build) { create(:ci_build, :artifacts, artifacts_expire_at: 7.days.from_now) }
let!(:build) { create(:ci_build, :artifacts, pipeline: pipeline, artifacts_expire_at: 7.days.from_now) }
let!(:report) { create(:ci_job_artifact, :codequality, job: build) }
it 'exposes artifact details' do
......
......@@ -52,9 +52,15 @@ RSpec.describe DeployKeyEntity do
context 'user is an admin' do
let(:user) { create(:user, :admin) }
context 'when admin mode is enabled', :enable_admin_mode do
it { expect(entity.as_json).to include(can_edit: true) }
end
context 'when admin mode is disabled' do
it { expect(entity.as_json).not_to include(can_edit: true) }
end
end
context 'user is a project maintainer' do
before do
project.add_maintainer(user)
......
......@@ -7,7 +7,7 @@ RSpec.describe RunnerEntity do
let(:runner) { create(:ci_runner, :project, projects: [project]) }
let(:entity) { described_class.new(runner, request: request, current_user: user) }
let(:request) { double('request') }
let(:user) { create(:admin) }
let(:user) { project.owner }
before do
allow(request).to receive(:current_user).and_return(user)
......
......@@ -272,38 +272,6 @@ RSpec.configure do |config|
Sidekiq::Worker.clear_all
# Temporary patch to force admin mode to be active by default in tests when
# using the feature flag :user_mode_in_session, since this will require
# modifying a significant number of specs to test both states for admin
# mode enabled / disabled.
#
# This will only be applied to specs below dirs in `admin_mode_mock_dirs`
#
# See ongoing migration: https://gitlab.com/gitlab-org/gitlab/-/issues/31511
#
# Until the migration is finished, if it is required to have the real
# behaviour in any of the mocked dirs specs that an admin is signed in
# with normal user mode and needs to switch to admin mode, it is possible to
# mark such tests with the `do_not_mock_admin_mode` metadata tag, e.g:
#
# context 'some test in mocked dir', :do_not_mock_admin_mode do ... end
admin_mode_mock_dirs = %w(
./ee/spec/elastic_integration
./ee/spec/finders
./ee/spec/serializers
./ee/spec/support/shared_examples/finders/geo
./ee/spec/support/shared_examples/graphql/geo
./spec/finders
./spec/serializers
./spec/workers
)
if !example.metadata[:do_not_mock_admin_mode] && example.metadata[:file_path].start_with?(*admin_mode_mock_dirs)
allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
current_user_mode.send(:user)&.admin?
end
end
# Administrators have to re-authenticate in order to access administrative
# functionality when feature flag :user_mode_in_session is active. Any spec
# that requires administrative access can use the tag :enable_admin_mode
......@@ -311,6 +279,10 @@ RSpec.configure do |config|
#
# context 'some test that requires admin mode', :enable_admin_mode do ... end
#
# Some specs do get admin mode enabled automatically (e.g. `spec/controllers/admin`).
# In this case, specs that need to test both admin mode states can use the
# :do_not_mock_admin_mode tag to disable auto admin mode.
#
# See also spec/support/helpers/admin_mode_helpers.rb
if example.metadata[:enable_admin_mode] && !example.metadata[:do_not_mock_admin_mode]
allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
......
......@@ -4,8 +4,12 @@ require 'spec_helper'
RSpec.describe GroupDestroyWorker do
let(:group) { create(:group) }
let(:user) { create(:admin) }
let!(:project) { create(:project, namespace: group) }
let(:user) { create(:user) }
before do
group.add_owner(user)
end
subject { described_class.new }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment