Merge remote-tracking branch 'upstream/master' into fix-git-hooks-when-creating-filefix-git-hooks-when-creating-file

* upstream/master: (190 commits)
  Remove unnecessary returns / unset variables from the CoffeeScript -> JS conversion.
  update spec
  Change the reply shortcut to focus the field even without a selection.
  use destroy_all
  Remove settings cog from within admin scroll tabs; keep links centered
  add changelog
  remove old project members from project
  add spec replicating validation error
  Fix small typo on new branch button spec
  Improve styling of the new issue message
  Don't capitalize environment name in show page
  Abillity to promote project labels to group labels
  Edited the column header for the environments list from created to updated and added created to environments detail page colum header titles
  Update and pin the `jwt` gem to ~> 1.5.6
  refactor merge request build service
  Update index.md
  Clarify that Auto Deploy requires a public project.
  19164 Add settings dropdown to mobile screens
  cop for gem fetched from a git source
  Add CHANGELOG entry
  ...

1 files changed, 93 insertions, 0 deletions

diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
new file mode 100644
index 00000000000..0f280f32eac
--- /dev/null
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -0,0 +1,93 @@
+require 'spec_helper'
+
+describe Ci::BuildPolicy, :models do
+  let(:user) { create(:user) }
+  let(:build) { create(:ci_build, pipeline: pipeline) }
+  let(:pipeline) { create(:ci_empty_pipeline, project: project) }
+
+  let(:policies) do
+    described_class.abilities(user, build).to_set
+  end
+
+  shared_context 'public pipelines disabled' do
+    before { project.update_attribute(:public_builds, false) }
+  end
+
+  describe '#rules' do
+    context 'when user does not have access to the project' do
+      let(:project) { create(:empty_project, :private) }
+
+      context 'when public builds are enabled' do
+        it 'does not include ability to read build' do
+          expect(policies).not_to include :read_build
+        end
+      end
+
+      context 'when public builds are disabled' do
+        include_context 'public pipelines disabled'
+
+        it 'does not include ability to read build' do
+          expect(policies).not_to include :read_build
+        end
+      end
+    end
+
+    context 'when anonymous user has access to the project' do
+      let(:project) { create(:empty_project, :public) }
+
+      context 'when public builds are enabled' do
+        it 'includes ability to read build' do
+          expect(policies).to include :read_build
+        end
+      end
+
+      context 'when public builds are disabled' do
+        include_context 'public pipelines disabled'
+
+        it 'does not include ability to read build' do
+          expect(policies).not_to include :read_build
+        end
+      end
+    end
+
+    context 'when team member has access to the project' do
+      let(:project) { create(:empty_project, :public) }
+
+      context 'team member is a guest' do
+        before { project.team << [user, :guest] }
+
+        context 'when public builds are enabled' do
+          it 'includes ability to read build' do
+            expect(policies).to include :read_build
+          end
+        end
+
+        context 'when public builds are disabled' do
+          include_context 'public pipelines disabled'
+
+          it 'does not include ability to read build' do
+            expect(policies).not_to include :read_build
+          end
+        end
+      end
+
+      context 'team member is a reporter' do
+        before { project.team << [user, :reporter] }
+
+        context 'when public builds are enabled' do
+          it 'includes ability to read build' do
+            expect(policies).to include :read_build
+          end
+        end
+
+        context 'when public builds are disabled' do
+          include_context 'public pipelines disabled'
+
+          it 'does not include ability to read build' do
+            expect(policies).to include :read_build
+          end
+        end
+      end
+    end
+  end
+end