summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--spec/features/security/admin_access_spec.rb (renamed from spec/features/admin/security_spec.rb)2
-rw-r--r--spec/features/security/dashboard_access_spec.rb2
-rw-r--r--spec/features/security/group/group_access_spec.rb98
-rw-r--r--spec/features/security/group/internal_group_access_spec.rb82
-rw-r--r--spec/features/security/group/mixed_group_access_spec.rb83
-rw-r--r--spec/features/security/group/public_group_access_spec.rb82
-rw-r--r--spec/features/security/group_access_spec.rb284
-rw-r--r--spec/features/security/profile_access_spec.rb14
-rw-r--r--spec/features/security/project/internal_access_spec.rb2
-rw-r--r--spec/features/security/project/private_access_spec.rb2
-rw-r--r--spec/features/security/project/public_access_spec.rb3
-rw-r--r--spec/support/matchers.rb66
-rw-r--r--spec/support/matchers/access_matchers.rb54
-rw-r--r--spec/support/matchers/include_module.rb13
-rw-r--r--spec/support/matchers/is_within.rb9
15 files changed, 371 insertions, 425 deletions
diff --git a/spec/features/admin/security_spec.rb b/spec/features/security/admin_access_spec.rb
index 175fa9d4647..fe8cd7b7602 100644
--- a/spec/features/admin/security_spec.rb
+++ b/spec/features/security/admin_access_spec.rb
@@ -1,6 +1,8 @@
require 'spec_helper'
describe "Admin::Projects", feature: true do
+ include AccessMatchers
+
describe "GET /admin/projects" do
subject { admin_namespaces_projects_path }
diff --git a/spec/features/security/dashboard_access_spec.rb b/spec/features/security/dashboard_access_spec.rb
index 67238e3ab76..c38cddbb904 100644
--- a/spec/features/security/dashboard_access_spec.rb
+++ b/spec/features/security/dashboard_access_spec.rb
@@ -1,6 +1,8 @@
require 'spec_helper'
describe "Dashboard access", feature: true do
+ include AccessMatchers
+
describe "GET /dashboard" do
subject { dashboard_path }
diff --git a/spec/features/security/group/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb
deleted file mode 100644
index 63793149459..00000000000
--- a/spec/features/security/group/group_access_spec.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true do
- describe "GET /projects/new" do
- it { expect(new_group_path).to be_allowed_for :admin }
- it { expect(new_group_path).to be_allowed_for :user }
- it { expect(new_group_path).to be_denied_for :visitor }
- end
-
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/projects" do
- subject { projects_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb
deleted file mode 100644
index d17a7412e43..00000000000
--- a/spec/features/security/group/internal_group_access_spec.rb
+++ /dev/null
@@ -1,82 +0,0 @@
-require 'spec_helper'
-
-describe "Group with internal project access", feature: true do
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :internal, group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb
deleted file mode 100644
index b3db7b5dea4..00000000000
--- a/spec/features/security/group/mixed_group_access_spec.rb
+++ /dev/null
@@ -1,83 +0,0 @@
-require 'spec_helper'
-
-describe "Group access", feature: true do
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :internal, path: "internal_project", group: group)
- create(:project, :public, path: "public_project", group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb
deleted file mode 100644
index c16f0c0d1e1..00000000000
--- a/spec/features/security/group/public_group_access_spec.rb
+++ /dev/null
@@ -1,82 +0,0 @@
-require 'spec_helper'
-
-describe "Group with public project access", feature: true do
- describe "Group" do
- let(:group) { create(:group) }
-
- let(:owner) { create(:owner) }
- let(:master) { create(:user) }
- let(:reporter) { create(:user) }
- let(:guest) { create(:user) }
- let(:nonmember) { create(:user) }
-
- before do
- group.add_user(owner, Gitlab::Access::OWNER)
- group.add_user(master, Gitlab::Access::MASTER)
- group.add_user(reporter, Gitlab::Access::REPORTER)
- group.add_user(guest, Gitlab::Access::GUEST)
-
- create(:project, :public, group: group)
- end
-
- describe "GET /groups/:path" do
- subject { group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/issues" do
- subject { issues_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/merge_requests" do
- subject { merge_requests_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/group_members" do
- subject { group_group_members_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_allowed_for master }
- it { is_expected.to be_allowed_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_allowed_for guest }
- it { is_expected.to be_allowed_for :user }
- it { is_expected.to be_allowed_for :visitor }
- end
-
- describe "GET /groups/:path/edit" do
- subject { edit_group_path(group) }
-
- it { is_expected.to be_allowed_for owner }
- it { is_expected.to be_denied_for master }
- it { is_expected.to be_denied_for reporter }
- it { is_expected.to be_allowed_for :admin }
- it { is_expected.to be_denied_for guest }
- it { is_expected.to be_denied_for :user }
- it { is_expected.to be_denied_for :visitor }
- end
- end
-end
diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb
new file mode 100644
index 00000000000..0f36e474989
--- /dev/null
+++ b/spec/features/security/group_access_spec.rb
@@ -0,0 +1,284 @@
+require 'rails_helper'
+
+describe 'Group access', feature: true do
+ include AccessMatchers
+
+ def group
+ @group ||= create(:group)
+ end
+
+ def create_project(access_level)
+ if access_level == :mixed
+ create(:empty_project, :public, group: group)
+ create(:empty_project, :internal, group: group)
+ else
+ create(:empty_project, access_level, group: group)
+ end
+ end
+
+ def group_member(access_level, group = group)
+ level = Object.const_get("Gitlab::Access::#{access_level.upcase}")
+
+ create(:user).tap do |user|
+ group.add_user(user, level)
+ end
+ end
+
+ describe 'GET /groups/new' do
+ subject { new_group_path }
+
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ describe 'GET /groups/:path' do
+ subject { group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/issues' do
+ subject { issues_group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/merge_requests' do
+ subject { merge_requests_group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/group_members' do
+ subject { group_group_members_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_allowed_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_allowed_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_allowed_for group_member(:master) }
+ it { is_expected.to be_allowed_for group_member(:reporter) }
+ it { is_expected.to be_allowed_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+
+ describe 'GET /groups/:path/edit' do
+ subject { edit_group_path(group) }
+
+ context 'with public projects' do
+ before(:all) { create_project(:public) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with mixed projects' do
+ before(:all) { create_project(:mixed) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with internal projects' do
+ before(:all) { create_project(:internal) }
+
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
+ context 'with no projects' do
+ it { is_expected.to be_allowed_for group_member(:owner) }
+ it { is_expected.to be_denied_for group_member(:master) }
+ it { is_expected.to be_denied_for group_member(:reporter) }
+ it { is_expected.to be_denied_for group_member(:guest) }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+ end
+end
diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb
index bcabc2d53ac..c19678ab381 100644
--- a/spec/features/security/profile_access_spec.rb
+++ b/spec/features/security/profile_access_spec.rb
@@ -1,18 +1,11 @@
require 'spec_helper'
describe "Profile access", feature: true do
- before do
- @u1 = create(:user)
- end
-
- describe "GET /login" do
- it { expect(new_user_session_path).not_to be_not_found_for :visitor }
- end
+ include AccessMatchers
describe "GET /profile/keys" do
subject { profile_keys_path }
- it { is_expected.to be_allowed_for @u1 }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :visitor }
@@ -21,7 +14,6 @@ describe "Profile access", feature: true do
describe "GET /profile" do
subject { profile_path }
- it { is_expected.to be_allowed_for @u1 }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :visitor }
@@ -30,7 +22,6 @@ describe "Profile access", feature: true do
describe "GET /profile/account" do
subject { profile_account_path }
- it { is_expected.to be_allowed_for @u1 }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :visitor }
@@ -39,7 +30,6 @@ describe "Profile access", feature: true do
describe "GET /profile/preferences" do
subject { profile_preferences_path }
- it { is_expected.to be_allowed_for @u1 }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :visitor }
@@ -48,7 +38,6 @@ describe "Profile access", feature: true do
describe "GET /profile/audit_log" do
subject { audit_log_profile_path }
- it { is_expected.to be_allowed_for @u1 }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :visitor }
@@ -57,7 +46,6 @@ describe "Profile access", feature: true do
describe "GET /profile/notifications" do
subject { profile_notifications_path }
- it { is_expected.to be_allowed_for @u1 }
it { is_expected.to be_allowed_for :admin }
it { is_expected.to be_allowed_for :user }
it { is_expected.to be_denied_for :visitor }
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
index 4649e58cb1a..57563add74c 100644
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -1,6 +1,8 @@
require 'spec_helper'
describe "Internal Project Access", feature: true do
+ include AccessMatchers
+
let(:project) { create(:project, :internal) }
let(:master) { create(:user) }
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index 2866bf0355b..a1e111c6cab 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -1,6 +1,8 @@
require 'spec_helper'
describe "Private Project Access", feature: true do
+ include AccessMatchers
+
let(:project) { create(:project) }
let(:master) { create(:user) }
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index 554c96bcdc5..655d2c8b7d9 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -1,6 +1,8 @@
require 'spec_helper'
describe "Public Project Access", feature: true do
+ include AccessMatchers
+
let(:project) { create(:project) }
let(:master) { create(:user) }
@@ -17,7 +19,6 @@ describe "Public Project Access", feature: true do
# readonly
project.team << [reporter, :reporter]
-
end
describe "Project should be public" do
diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb
deleted file mode 100644
index a2f853e3e70..00000000000
--- a/spec/support/matchers.rb
+++ /dev/null
@@ -1,66 +0,0 @@
-RSpec::Matchers.define :be_valid_commit do
- match do |actual|
- actual &&
- actual.id == ValidCommit::ID &&
- actual.message == ValidCommit::MESSAGE &&
- actual.author_name == ValidCommit::AUTHOR_FULL_NAME
- end
-end
-
-def emulate_user(user)
- user = case user
- when :user then create(:user)
- when :visitor then nil
- when :admin then create(:admin)
- else user
- end
- login_with(user) if user
-end
-
-RSpec::Matchers.define :be_allowed_for do |user|
- match do |url|
- emulate_user(user)
- visit url
- status_code != 404 && current_path != new_user_session_path
- end
-end
-
-RSpec::Matchers.define :be_denied_for do |user|
- match do |url|
- emulate_user(user)
- visit url
- status_code == 404 || current_path == new_user_session_path
- end
-end
-
-RSpec::Matchers.define :be_not_found_for do |user|
- match do |url|
- emulate_user(user)
- visit url
- status_code == 404
- end
-end
-
-RSpec::Matchers.define :include_module do |expected|
- match do
- described_class.included_modules.include?(expected)
- end
-
- description do
- "includes the #{expected} module"
- end
-
- failure_message do
- "expected #{described_class} to include the #{expected} module"
- end
-end
-
-# Extend shoulda-matchers
-module Shoulda::Matchers::ActiveModel
- class ValidateLengthOfMatcher
- # Shortcut for is_at_least and is_at_most
- def is_within(range)
- is_at_least(range.min) && is_at_most(range.max)
- end
- end
-end
diff --git a/spec/support/matchers/access_matchers.rb b/spec/support/matchers/access_matchers.rb
new file mode 100644
index 00000000000..558e8b1612f
--- /dev/null
+++ b/spec/support/matchers/access_matchers.rb
@@ -0,0 +1,54 @@
+# AccessMatchers
+#
+# The custom matchers contained in this module are used to test a user's access
+# to a URL by emulating a specific user or type of user account, visiting the
+# URL, and then checking the response status code and resulting path.
+module AccessMatchers
+ extend RSpec::Matchers::DSL
+ include Warden::Test::Helpers
+
+ def emulate_user(user)
+ case user
+ when :user
+ login_as(create(:user))
+ when :visitor
+ logout
+ when :admin
+ login_as(create(:admin))
+ when User
+ login_as(user)
+ else
+ raise ArgumentError, "cannot emulate user #{user}"
+ end
+ end
+
+ def description_for(user, type)
+ if user.kind_of?(User)
+ # User#inspect displays too much information for RSpec's description
+ # messages
+ "be #{type} for supplied User"
+ else
+ "be #{type} for #{user}"
+ end
+ end
+
+ matcher :be_allowed_for do |user|
+ match do |url|
+ emulate_user(user)
+ visit url
+ status_code != 404 && current_path != new_user_session_path
+ end
+
+ description { description_for(user, 'allowed') }
+ end
+
+ matcher :be_denied_for do |user|
+ match do |url|
+ emulate_user(user)
+ visit url
+ status_code == 404 || current_path == new_user_session_path
+ end
+
+ description { description_for(user, 'denied') }
+ end
+end
diff --git a/spec/support/matchers/include_module.rb b/spec/support/matchers/include_module.rb
new file mode 100644
index 00000000000..0a78af1e90e
--- /dev/null
+++ b/spec/support/matchers/include_module.rb
@@ -0,0 +1,13 @@
+RSpec::Matchers.define :include_module do |expected|
+ match do
+ described_class.included_modules.include?(expected)
+ end
+
+ description do
+ "includes the #{expected} module"
+ end
+
+ failure_message do
+ "expected #{described_class} to include the #{expected} module"
+ end
+end
diff --git a/spec/support/matchers/is_within.rb b/spec/support/matchers/is_within.rb
new file mode 100644
index 00000000000..0c35fc7e899
--- /dev/null
+++ b/spec/support/matchers/is_within.rb
@@ -0,0 +1,9 @@
+# Extend shoulda-matchers
+module Shoulda::Matchers::ActiveModel
+ class ValidateLengthOfMatcher
+ # Shortcut for is_at_least and is_at_most
+ def is_within(range)
+ is_at_least(range.min) && is_at_most(range.max)
+ end
+ end
+end
View Lorry Controller Status