diff options
| author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-03-23 18:24:06 +0000 |
|---|---|---|
| committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-03-26 01:17:27 +0100 |
| commit | 1f7328f8ee6a86b1c8e50b7451450e90d78b9424 (patch) | |
| tree | f40b736e3e1306df58ff40cd84bead8a0937a8e2 /spec | |
| parent | 391732a2c1b04baf565c77f2788a1ec035b1d85e (diff) | |
| download | gitlab-ce-1f7328f8ee6a86b1c8e50b7451450e90d78b9424.tar.gz | |
Branch unprotection restriction starting point
Explored Policy framework to create something I can use as a starting point.
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/policies/protected_branch_policy_spec.rb | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/spec/policies/protected_branch_policy_spec.rb b/spec/policies/protected_branch_policy_spec.rb new file mode 100644 index 00000000000..00a7d8153ae --- /dev/null +++ b/spec/policies/protected_branch_policy_spec.rb @@ -0,0 +1,60 @@ +require 'spec_helper' + +describe ProtectedBranchPolicy do + let(:user) { create(:user) } + let(:name) { 'feature' } + let(:protected_branch) { create(:protected_branch, name: name) } + let(:project) { protected_branch.project } + + subject { described_class.new(user, protected_branch) } + + context 'when unprotection restriction feature is disabled' do + it "branches can't be updated by guests" do + project.add_guest(user) + + is_expected.to be_disallowed(:update_protected_branch) + end + + it 'branches can be updated via access to project settings' do + project.add_master(user) + + is_expected.to be_allowed(:update_protected_branch) + end + end + + context 'when unprotection restriction feature is enabled' do + before do + # stub_licensed_features(unprotection_restrictions: true) + end + + context 'and unprotection is limited to admins' do #TODO: remove this is temporary exploration + before do + stub_ee_application_setting(only_admins_can_unprotect_master_branch: true) + end + + context 'and the protection is for master' do + let(:name) { 'master' } + + it 'project owners cannot remove protections' do + project.add_master(user) + + is_expected.not_to be_allowed(:update_protected_branch) + end + + it 'admins can remove protections' do + user.update!(admin: true) + + is_expected.to be_allowed(:update_protected_branch) + end + end + + context "and the protection isn't for master" do + it 'project owners can remove protections' do + project.add_master(user) + + is_expected.to be_allowed(:update_protected_branch) + end + end + end + end +end |