ES: update permission spec table

Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."

ES: update permission spec table
Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."
d5bfeee5 · Mark Chao · 1f0ab897 · d5bfeee5 · d5bfeee5
Commit d5bfeee5 authored Nov 08, 2019 by Mark Chao
2 changed files
--- a/spec/support/helpers/project_helpers.rb
+++ b/spec/support/helpers/project_helpers.rb
@@ -16,10 +16,10 @@ module ProjectHelpers
  end

  def update_feature_access_level(project, access_level)
-    project.update!(
-      repository_access_level: access_level,
-      merge_requests_access_level: access_level,
-      builds_access_level: access_level
-    )
+    features = ProjectFeature::FEATURES.dup
+    features.delete(:pages)
+    params = features.each_with_object({}) { |feature, h| h["#{feature}_access_level"] = access_level }
+
+    project.update!(params)
  end
 end
--- a/spec/support/shared_contexts/policies/project_policy_table_shared_context.rb
+++ b/spec/support/shared_contexts/policies/project_policy_table_shared_context.rb
@@ -3,7 +3,20 @@
 RSpec.shared_context 'ProjectPolicyTable context' do
  using RSpec::Parameterized::TableSyntax

+  let(:pendings) { {} }
+  let(:pending?) do
+    pendings.include?(
+      {
+        project_level: project_level,
+        feature_access_level: feature_access_level,
+        membership: membership,
+        expected_count: expected_count
+      }
+    )
+  end
+
  # rubocop:disable Metrics/AbcSize
+  # project_level, :feature_access_level, :membership, :expected_count
  def permission_table_for_reporter_feature_access
    :public   | :enabled  | :reporter   | 1
    :public   | :enabled  | :guest      | 1
@@ -35,11 +48,6 @@ RSpec.shared_context 'ProjectPolicyTable context' do
    :internal | :disabled | :non_member | 0
    :internal | :disabled | :anonymous  | 0

-    :private  | :enabled  | :reporter   | 1
-    :private  | :enabled  | :guest      | 1
-    :private  | :enabled  | :non_member | 0
-    :private  | :enabled  | :anonymous  | 0
-
    :private  | :private  | :reporter   | 1
    :private  | :private  | :guest      | 0
    :private  | :private  | :non_member | 0
@@ -51,6 +59,7 @@ RSpec.shared_context 'ProjectPolicyTable context' do
    :private  | :disabled | :anonymous  | 0
  end

+  # project_level, :feature_access_level, :membership, :expected_count
  def permission_table_for_guest_feature_access
    :public   | :enabled  | :reporter   | 1
    :public   | :enabled  | :guest      | 1
@@ -82,11 +91,6 @@ RSpec.shared_context 'ProjectPolicyTable context' do
    :internal | :disabled | :non_member | 0
    :internal | :disabled | :anonymous  | 0

-    :private  | :enabled  | :reporter   | 1
-    :private  | :enabled  | :guest      | 1
-    :private  | :enabled  | :non_member | 0
-    :private  | :enabled  | :anonymous  | 0
-
    :private  | :private  | :reporter   | 1
    :private  | :private  | :guest      | 1
    :private  | :private  | :non_member | 0
@@ -98,6 +102,172 @@ RSpec.shared_context 'ProjectPolicyTable context' do
    :private  | :disabled | :anonymous  | 0
  end

+  # This table is based on permission_table_for_guest_feature_access,
+  # but with a slight twist.
+  # Some features can be hidden away to GUEST, when project is private.
+  # (see ProjectFeature::PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT)
+  # This is the table for such features.
+  #
+  # e.g. `repository` feature has minimum requirement of GUEST,
+  # but a GUEST are prohibited from reading code if project is private.
+  #
+  # project_level, :feature_access_level, :membership, :expected_count
+  def permission_table_for_guest_feature_access_and_non_private_project_only
+    :public   | :enabled  | :reporter   | 1
+    :public   | :enabled  | :guest      | 1
+    :public   | :enabled  | :non_member | 1
+    :public   | :enabled  | :anonymous  | 1
+
+    :public   | :private  | :reporter   | 1
+    :public   | :private  | :guest      | 1
+    :public   | :private  | :non_member | 0
+    :public   | :private  | :anonymous  | 0
+
+    :public   | :disabled | :reporter   | 0
+    :public   | :disabled | :guest      | 0
+    :public   | :disabled | :non_member | 0
+    :public   | :disabled | :anonymous  | 0
+
+    :internal | :enabled  | :reporter   | 1
+    :internal | :enabled  | :guest      | 1
+    :internal | :enabled  | :non_member | 1
+    :internal | :enabled  | :anonymous  | 0
+
+    :internal | :private  | :reporter   | 1
+    :internal | :private  | :guest      | 1
+    :internal | :private  | :non_member | 0
+    :internal | :private  | :anonymous  | 0
+
+    :internal | :disabled | :reporter   | 0
+    :internal | :disabled | :guest      | 0
+    :internal | :disabled | :non_member | 0
+    :internal | :disabled | :anonymous  | 0
+
+    :private  | :private  | :reporter   | 1
+    :private  | :private  | :guest      | 0
+    :private  | :private  | :non_member | 0
+    :private  | :private  | :anonymous  | 0
+
+    :private  | :disabled | :reporter   | 0
+    :private  | :disabled | :guest      | 0
+    :private  | :disabled | :non_member | 0
+    :private  | :disabled | :anonymous  | 0
+  end
+
+  # :project_level, :issues_access_level, :merge_requests_access_level, :membership, :expected_count
+  def permission_table_for_milestone_access
+    :public   | :enabled  | :enabled  | :reporter   | 1
+    :public   | :enabled  | :enabled  | :guest      | 1
+    :public   | :enabled  | :enabled  | :non_member | 1
+    :public   | :enabled  | :enabled  | :anonymous  | 1
+
+    :public   | :enabled  | :private  | :reporter   | 1
+    :public   | :enabled  | :private  | :guest      | 1
+    :public   | :enabled  | :private  | :non_member | 1
+    :public   | :enabled  | :private  | :anonymous  | 1
+
+    :public   | :enabled  | :disabled | :reporter   | 1
+    :public   | :enabled  | :disabled | :guest      | 1
+    :public   | :enabled  | :disabled | :non_member | 1
+    :public   | :enabled  | :disabled | :anonymous  | 1
+
+    :public   | :private  | :enabled  | :reporter   | 1
+    :public   | :private  | :enabled  | :guest      | 1
+    :public   | :private  | :enabled  | :non_member | 1
+    :public   | :private  | :enabled  | :anonymous  | 1
+
+    :public   | :private  | :private  | :reporter   | 1
+    :public   | :private  | :private  | :guest      | 1
+    :public   | :private  | :private  | :non_member | 0
+    :public   | :private  | :private  | :anonymous  | 0
+
+    :public   | :private  | :disabled | :reporter   | 1
+    :public   | :private  | :disabled | :guest      | 1
+    :public   | :private  | :disabled | :non_member | 0
+    :public   | :private  | :disabled | :anonymous  | 0
+
+    :public   | :disabled | :enabled  | :reporter   | 1
+    :public   | :disabled | :enabled  | :guest      | 1
+    :public   | :disabled | :enabled  | :non_member | 1
+    :public   | :disabled | :enabled  | :anonymous  | 1
+
+    :public   | :disabled | :private  | :reporter   | 1
+    :public   | :disabled | :private  | :guest      | 0
+    :public   | :disabled | :private  | :non_member | 0
+    :public   | :disabled | :private  | :anonymous  | 0
+
+    :public   | :disabled | :disabled | :reporter   | 0
+    :public   | :disabled | :disabled | :guest      | 0
+    :public   | :disabled | :disabled | :non_member | 0
+    :public   | :disabled | :disabled | :anonymous  | 0
+
+    :internal | :enabled  | :enabled  | :reporter   | 1
+    :internal | :enabled  | :enabled  | :guest      | 1
+    :internal | :enabled  | :enabled  | :non_member | 1
+    :internal | :enabled  | :enabled  | :anonymous  | 0
+
+    :internal | :enabled  | :private  | :reporter   | 1
+    :internal | :enabled  | :private  | :guest      | 1
+    :internal | :enabled  | :private  | :non_member | 1
+    :internal | :enabled  | :private  | :anonymous  | 0
+
+    :internal | :enabled  | :disabled | :reporter   | 1
+    :internal | :enabled  | :disabled | :guest      | 1
+    :internal | :enabled  | :disabled | :non_member | 1
+    :internal | :enabled  | :disabled | :anonymous  | 0
+
+    :internal | :private  | :enabled  | :reporter   | 1
+    :internal | :private  | :enabled  | :guest      | 1
+    :internal | :private  | :enabled  | :non_member | 1
+    :internal | :private  | :enabled  | :anonymous  | 0
+
+    :internal | :private  | :private  | :reporter   | 1
+    :internal | :private  | :private  | :guest      | 1
+    :internal | :private  | :private  | :non_member | 0
+    :internal | :private  | :private  | :anonymous  | 0
+
+    :internal | :private  | :disabled | :reporter   | 1
+    :internal | :private  | :disabled | :guest      | 1
+    :internal | :private  | :disabled | :non_member | 0
+    :internal | :private  | :disabled | :anonymous  | 0
+
+    :internal | :disabled | :enabled  | :reporter   | 1
+    :internal | :disabled | :enabled  | :guest      | 1
+    :internal | :disabled | :enabled  | :non_member | 1
+    :internal | :disabled | :enabled  | :anonymous  | 0
+
+    :internal | :disabled | :private  | :reporter   | 1
+    :internal | :disabled | :private  | :guest      | 0
+    :internal | :disabled | :private  | :non_member | 0
+    :internal | :disabled | :private  | :anonymous  | 0
+
+    :internal | :disabled | :disabled | :reporter   | 0
+    :internal | :disabled | :disabled | :guest      | 0
+    :internal | :disabled | :disabled | :non_member | 0
+    :internal | :disabled | :disabled | :anonymous  | 0
+
+    :private  | :private  | :private  | :reporter   | 1
+    :private  | :private  | :private  | :guest      | 1
+    :private  | :private  | :private  | :non_member | 0
+    :private  | :private  | :private  | :anonymous  | 0
+
+    :private  | :private  | :disabled | :reporter   | 1
+    :private  | :private  | :disabled | :guest      | 1
+    :private  | :private  | :disabled | :non_member | 0
+    :private  | :private  | :disabled | :anonymous  | 0
+
+    :private  | :disabled | :private  | :reporter   | 1
+    :private  | :disabled | :private  | :guest      | 0
+    :private  | :disabled | :private  | :non_member | 0
+    :private  | :disabled | :private  | :anonymous  | 0
+
+    :private  | :disabled | :disabled | :reporter   | 0
+    :private  | :disabled | :disabled | :guest      | 0
+    :private  | :disabled | :disabled | :non_member | 0
+    :private  | :disabled | :disabled | :anonymous  | 0
+  end
+
+  # :project_level, :membership, :expected_count
  def permission_table_for_project_access
    :public   | :reporter   | 1
    :public   | :guest      | 1