diff options
| -rw-r--r-- | spec/features/security/project/internal_access_spec.rb | 293 | ||||
| -rw-r--r-- | spec/features/security/project/private_access_spec.rb | 253 | ||||
| -rw-r--r-- | spec/features/security/project/public_access_spec.rb | 293 | ||||
| -rw-r--r-- | spec/support/matchers/access_matchers.rb | 35 |
4 files changed, 428 insertions, 446 deletions
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index b6acc509342..0f77c7b28f9 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -5,19 +5,6 @@ describe "Internal Project Access", feature: true do let(:project) { create(:project, :internal) } - let(:owner) { project.owner } - let(:master) { create(:user) } - let(:developer) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - - before do - project.team << [master, :master] - project.team << [developer, :developer] - project.team << [reporter, :reporter] - project.team << [guest, :guest] - end - describe "Project should be internal" do describe '#internal?' do subject { project.internal? } @@ -29,11 +16,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -43,11 +30,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -57,11 +44,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -71,11 +58,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -85,11 +72,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_compare_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -99,11 +86,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_project_members_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } it { is_expected.to be_denied_for :external } @@ -114,11 +101,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -128,11 +115,11 @@ describe "Internal Project Access", feature: true do subject { edit_namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -142,11 +129,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_deploy_keys_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -156,11 +143,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_issues_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -171,11 +158,11 @@ describe "Internal Project Access", feature: true do subject { edit_namespace_project_issue_path(project.namespace, project, issue) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -185,11 +172,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_snippets_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -199,11 +186,11 @@ describe "Internal Project Access", feature: true do subject { new_namespace_project_snippet_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -213,11 +200,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_merge_requests_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -227,11 +214,11 @@ describe "Internal Project Access", feature: true do subject { new_namespace_project_merge_request_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -246,11 +233,11 @@ describe "Internal Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -265,11 +252,11 @@ describe "Internal Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -279,11 +266,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_hooks_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -293,11 +280,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_pipelines_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -308,11 +295,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -325,11 +312,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -339,11 +326,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -359,11 +346,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -373,11 +360,11 @@ describe "Internal Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -388,11 +375,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_environments_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -403,11 +390,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_environment_path(project.namespace, project, environment) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -417,11 +404,11 @@ describe "Internal Project Access", feature: true do subject { new_namespace_project_environment_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -436,11 +423,11 @@ describe "Internal Project Access", feature: true do subject { namespace_project_container_registry_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index 79417c769a8..a9a883c4019 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -5,19 +5,6 @@ describe "Private Project Access", feature: true do let(:project) { create(:project, :private) } - let(:owner) { project.owner } - let(:master) { create(:user) } - let(:developer) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - - before do - project.team << [master, :master] - project.team << [developer, :developer] - project.team << [reporter, :reporter] - project.team << [guest, :guest] - end - describe "Project should be private" do describe '#private?' do subject { project.private? } @@ -29,11 +16,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -43,11 +30,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -57,11 +44,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -71,11 +58,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -85,11 +72,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_compare_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -99,11 +86,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_project_members_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -114,11 +101,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore'))} it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -128,11 +115,11 @@ describe "Private Project Access", feature: true do subject { edit_namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -142,11 +129,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_deploy_keys_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -156,11 +143,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_issues_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -171,11 +158,11 @@ describe "Private Project Access", feature: true do subject { edit_namespace_project_issue_path(project.namespace, project, issue) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -185,11 +172,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_snippets_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -199,11 +186,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_merge_requests_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -218,11 +205,11 @@ describe "Private Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -237,11 +224,11 @@ describe "Private Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -251,11 +238,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_hooks_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -265,11 +252,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_pipelines_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -280,11 +267,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -294,11 +281,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_builds_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -310,11 +297,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_build_path(project.namespace, project, build.id) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -324,11 +311,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_environments_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -339,11 +326,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_environment_path(project.namespace, project, environment) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -353,11 +340,11 @@ describe "Private Project Access", feature: true do subject { new_namespace_project_environment_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -372,11 +359,11 @@ describe "Private Project Access", feature: true do subject { namespace_project_container_registry_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index 985663e7c98..92b2194acf5 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -5,19 +5,6 @@ describe "Public Project Access", feature: true do let(:project) { create(:project, :public) } - let(:owner) { project.owner } - let(:master) { create(:user) } - let(:developer) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - - before do - project.team << [master, :master] - project.team << [developer, :developer] - project.team << [reporter, :reporter] - project.team << [guest, :guest] - end - describe "Project should be public" do describe '#public?' do subject { project.public? } @@ -29,11 +16,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -43,11 +30,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_tree_path(project.namespace, project, project.repository.root_ref) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -57,11 +44,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_commits_path(project.namespace, project, project.repository.root_ref, limit: 1) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -71,11 +58,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_commit_path(project.namespace, project, project.repository.commit) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -85,11 +72,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_compare_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -99,11 +86,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_project_members_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :visitor } it { is_expected.to be_allowed_for :external } @@ -113,11 +100,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_pipelines_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -128,11 +115,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_pipeline_path(project.namespace, project, pipeline) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -145,11 +132,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -159,11 +146,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -179,11 +166,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: true) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -193,11 +180,11 @@ describe "Public Project Access", feature: true do before { project.update(public_builds: false) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -208,11 +195,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_environments_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -223,11 +210,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_environment_path(project.namespace, project, environment) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -237,11 +224,11 @@ describe "Public Project Access", feature: true do subject { new_namespace_project_environment_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -253,11 +240,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :visitor } end @@ -266,11 +253,11 @@ describe "Public Project Access", feature: true do subject { edit_namespace_project_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -280,11 +267,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_deploy_keys_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -294,11 +281,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_issues_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -309,11 +296,11 @@ describe "Public Project Access", feature: true do subject { edit_namespace_project_issue_path(project.namespace, project, issue) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -323,11 +310,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_snippets_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -337,11 +324,11 @@ describe "Public Project Access", feature: true do subject { new_namespace_project_snippet_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -351,11 +338,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_merge_requests_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -365,11 +352,11 @@ describe "Public Project Access", feature: true do subject { new_namespace_project_merge_request_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -384,11 +371,11 @@ describe "Public Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -403,11 +390,11 @@ describe "Public Project Access", feature: true do end it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } @@ -417,11 +404,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_hooks_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_denied_for developer } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_denied_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_denied_for(:developer).on(project) } + it { is_expected.to be_denied_for(:reporter).on(project) } + it { is_expected.to be_denied_for(:guest).on(project) } it { is_expected.to be_denied_for :user } it { is_expected.to be_denied_for :external } it { is_expected.to be_denied_for :visitor } @@ -436,11 +423,11 @@ describe "Public Project Access", feature: true do subject { namespace_project_container_registry_index_path(project.namespace, project) } it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for developer } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for guest } + it { is_expected.to be_allowed_for(:owner).on(project) } + it { is_expected.to be_allowed_for(:master).on(project) } + it { is_expected.to be_allowed_for(:developer).on(project) } + it { is_expected.to be_allowed_for(:reporter).on(project) } + it { is_expected.to be_allowed_for(:guest).on(project) } it { is_expected.to be_allowed_for :user } it { is_expected.to be_allowed_for :external } it { is_expected.to be_allowed_for :visitor } diff --git a/spec/support/matchers/access_matchers.rb b/spec/support/matchers/access_matchers.rb index 0497e391860..141c38e7bd3 100644 --- a/spec/support/matchers/access_matchers.rb +++ b/spec/support/matchers/access_matchers.rb @@ -7,7 +7,7 @@ module AccessMatchers extend RSpec::Matchers::DSL include Warden::Test::Helpers - def emulate_user(user) + def emulate_user(user, project = nil) case user when :user login_as(create(:user)) @@ -19,6 +19,18 @@ module AccessMatchers login_as(create(:user, external: true)) when User login_as(user) + when :owner + raise ArgumentError, "cannot emulate owner without project" unless project + + login_as(project.owner) + when *Gitlab::Access.sym_options.keys + raise ArgumentError, "cannot emulate user #{user} without project" unless project + + role = user + user = create(:user) + project.public_send(:"add_#{role}", user) + + login_as(user) else raise ArgumentError, "cannot emulate user #{user}" end @@ -26,8 +38,7 @@ module AccessMatchers def description_for(user, type) if user.kind_of?(User) - # User#inspect displays too much information for RSpec's description - # messages + # User#inspect displays too much information for RSpec's descriptions "be #{type} for the specified user" else "be #{type} for #{user}" @@ -36,21 +47,31 @@ module AccessMatchers matcher :be_allowed_for do |user| match do |url| - emulate_user(user) - visit url + emulate_user(user, @project) + visit(url) + status_code != 404 && current_path != new_user_session_path end + chain :on do |project| + @project = project + end + description { description_for(user, 'allowed') } end matcher :be_denied_for do |user| match do |url| - emulate_user(user) - visit url + emulate_user(user, @project) + visit(url) + status_code == 404 || current_path == new_user_session_path end + chain :on do |project| + @project = project + end + description { description_for(user, 'denied') } end end |