summaryrefslogtreecommitdiff
path: root/spec/features/security
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2015-07-16 17:05:14 -0400
committerRobert Speicher <rspeicher@gmail.com>2015-07-22 00:01:17 -0400
commitb24d5f13a5dde7ab85dce93900fa309b3485adb9 (patch)
treef6c650a86bafc676ccec58e45510ba816de1fd45 /spec/features/security
parent0d5cf111f3070994c0e80ef764d1bd4b9e4936b1 (diff)
downloadgitlab-ce-b24d5f13a5dde7ab85dce93900fa309b3485adb9.tar.gz
Consolidate group access specs into one file
Diffstat (limited to 'spec/features/security')
-rw-r--r--spec/features/security/group/group_access_spec.rb100
-rw-r--r--spec/features/security/group/internal_group_access_spec.rb84
-rw-r--r--spec/features/security/group/mixed_group_access_spec.rb85
-rw-r--r--spec/features/security/group/public_group_access_spec.rb84
-rw-r--r--spec/features/security/group_access_spec.rb284
5 files changed, 284 insertions, 353 deletions
diff --git a/spec/features/security/group/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb
deleted file mode 100644
index e42b7b8d8a0..00000000000
--- a/spec/features/security/group/group_access_spec.rb
+++ /dev/null
@@ -1,100 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true do
- include AccessMatchers
-
- describe "GET /projects/new" do
- it { expect(new_group_path).to be_allowed_for :admin }
- it { expect(new_group_path).to be_allowed_for :user }
- it { expect(new_group_path).to be_denied_for :visitor }
- end
-
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/projects" do
- subject { projects_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb
deleted file mode 100644
index 28673a3ab2f..00000000000
--- a/spec/features/security/group/internal_group_access_spec.rb
+++ /dev/null
@@ -1,84 +0,0 @@
-require 'spec_helper'
-
-describe "Group with internal project access", feature: true do
- include AccessMatchers
-
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :internal, group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb
deleted file mode 100644
index f7f0213737e..00000000000
--- a/spec/features/security/group/mixed_group_access_spec.rb
+++ /dev/null
@@ -1,85 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true do
- include AccessMatchers
-
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :internal, path: "internal_project", group: group)
- create(:project, :public, path: "public_project", group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb
deleted file mode 100644
index 03cafad8d7e..00000000000
--- a/spec/features/security/group/public_group_access_spec.rb
+++ /dev/null
@@ -1,84 +0,0 @@
-require 'spec_helper'
-
-describe "Group with public project access", feature: true do
- include AccessMatchers
-
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :public, group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb
new file mode 100644
index 00000000000..0f36e474989
--- /dev/null
+++ b/spec/features/security/group_access_spec.rb
@@ -0,0 +1,284 @@
+require 'rails_helper'
+
+describe 'Group access', feature: true do
+ include AccessMatchers
+
+ def group
+ @group ||= create(:group)
+ end
+
+ def create_project(access_level)
+ if access_level == :mixed
+ create(:empty_project, :public, group: group)
+ create(:empty_project, :internal, group: group)
+ else
+ create(:empty_project, access_level, group: group)
+ end
+ end
+
+ def group_member(access_level, group = group)
+ level = Object.const_get("Gitlab::Access::#{access_level.upcase}")
+
+ create(:user).tap do |user|
+ group.add_user(user, level)
+ end
+ end
+
+ describe 'GET /groups/new' do
+ subject { new_group_path }
+
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ describe 'GET /groups/:path' do
+ subject { group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/issues' do
+ subject { issues_group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/merge_requests' do
+ subject { merge_requests_group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/group_members' do
+ subject { group_group_members_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/edit' do
+ subject { edit_group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+end
View Lorry Controller Status