3 files changed, 129 insertions, 0 deletions

diff --git a/spec/migrations/fix_wrong_pages_access_level_spec.rb b/spec/migrations/fix_wrong_pages_access_level_spec.rb
new file mode 100644
index 00000000000..75ac5d919b2
--- /dev/null
+++ b/spec/migrations/fix_wrong_pages_access_level_spec.rb
@@ -0,0 +1,97 @@
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20190703185326_fix_wrong_pages_access_level.rb')
+
+describe FixWrongPagesAccessLevel, :migration, :sidekiq, schema: 20190628185004 do
+  using RSpec::Parameterized::TableSyntax
+
+  let(:migration_class) { described_class::MIGRATION }
+  let(:migration_name)  { migration_class.to_s.demodulize }
+
+  project_class = ::Gitlab::BackgroundMigration::FixPagesAccessLevel::Project
+  feature_class = ::Gitlab::BackgroundMigration::FixPagesAccessLevel::ProjectFeature
+
+  let(:namespaces_table) { table(:namespaces) }
+  let(:projects_table) { table(:projects) }
+  let(:features_table) { table(:project_features) }
+
+  let(:subgroup) do
+    root_group = namespaces_table.create(path: "group", name: "group")
+    namespaces_table.create!(path: "subgroup", name: "group", parent_id: root_group.id)
+  end
+
+  def create_project_feature(path, project_visibility, pages_access_level)
+    project = projects_table.create!(path: path, visibility_level: project_visibility,
+                                     namespace_id: subgroup.id)
+    features_table.create!(project_id: project.id, pages_access_level: pages_access_level)
+  end
+
+  it 'correctly schedules background migrations' do
+    Sidekiq::Testing.fake! do
+      Timecop.freeze do
+        first_id = create_project_feature("project1", project_class::PRIVATE, feature_class::PRIVATE).id
+        last_id = create_project_feature("project2", project_class::PRIVATE, feature_class::PUBLIC).id
+
+        migrate!
+
+        expect(migration_name).to be_scheduled_delayed_migration(2.minutes, first_id, last_id)
+        expect(BackgroundMigrationWorker.jobs.size).to eq(1)
+      end
+    end
+  end
+
+  def expect_migration
+    expect do
+      perform_enqueued_jobs do
+        migrate!
+      end
+    end
+  end
+
+  where(:project_visibility, :pages_access_level, :access_control_is_enabled,
+        :pages_deployed, :resulting_pages_access_level) do
+    # update settings for public projects regardless of access_control being enabled
+    project_class::PUBLIC | feature_class::PUBLIC | true | true  | feature_class::ENABLED
+    project_class::PUBLIC | feature_class::PUBLIC | false | true | feature_class::ENABLED
+    # don't update public level for private and internal projects
+    project_class::PRIVATE | feature_class::PUBLIC  | true | true | feature_class::PUBLIC
+    project_class::INTERNAL | feature_class::PUBLIC | true | true | feature_class::PUBLIC
+
+    # if access control is disabled but pages are deployed we make them public
+    project_class::INTERNAL | feature_class::ENABLED | false | true  | feature_class::PUBLIC
+    # don't change anything if one of the conditions is not satisfied
+    project_class::INTERNAL | feature_class::ENABLED | true  | true  | feature_class::ENABLED
+    project_class::INTERNAL | feature_class::ENABLED | true  | false | feature_class::ENABLED
+
+    # private projects
+    # if access control is enabled update pages_access_level to private regardless of deployment
+    project_class::PRIVATE | feature_class::ENABLED | true  | true  | feature_class::PRIVATE
+    project_class::PRIVATE | feature_class::ENABLED | true  | false | feature_class::PRIVATE
+    # if access control is disabled and pages are deployed update pages_access_level to public
+    project_class::PRIVATE | feature_class::ENABLED | false | true  | feature_class::PUBLIC
+    # if access control is disabled but pages aren't deployed update pages_access_level to private
+    project_class::PRIVATE | feature_class::ENABLED | false | false | feature_class::PRIVATE
+  end
+
+  with_them do
+    let!(:project_feature) do
+      create_project_feature("projectpath", project_visibility, pages_access_level)
+    end
+
+    before do
+      tested_path = File.join(Settings.pages.path, "group/subgroup/projectpath", "public")
+      allow(Dir).to receive(:exist?).with(tested_path).and_return(pages_deployed)
+
+      stub_pages_setting(access_control: access_control_is_enabled)
+    end
+
+    it "sets proper pages_access_level" do
+      expect(project_feature.reload.pages_access_level).to eq(pages_access_level)
+
+      perform_enqueued_jobs do
+        migrate!
+      end
+
+      expect(project_feature.reload.pages_access_level).to eq(resulting_pages_access_level)
+    end
+  end
+end
diff --git a/spec/models/project_feature_spec.rb b/spec/models/project_feature_spec.rb
index 50c9d5968ac..31e55bf6be6 100644
--- a/spec/models/project_feature_spec.rb
+++ b/spec/models/project_feature_spec.rb
@@ -150,4 +150,32 @@ describe ProjectFeature do
       end
     end
   end
+
+  describe 'default pages access level' do
+    subject { project.project_feature.pages_access_level }
+
+    before do
+      # project factory overrides all values in project_feature after creation
+      project.project_feature.destroy!
+      project.build_project_feature.save!
+    end
+
+    context 'when new project is private' do
+      let(:project) { create(:project, :private) }
+
+      it { is_expected.to eq(ProjectFeature::PRIVATE) }
+    end
+
+    context 'when new project is internal' do
+      let(:project) { create(:project, :internal) }
+
+      it { is_expected.to eq(ProjectFeature::PRIVATE) }
+    end
+
+    context 'when new project is public' do
+      let(:project) { create(:project, :public) }
+
+      it { is_expected.to eq(ProjectFeature::ENABLED) }
+    end
+  end
 end
diff --git a/spec/support/helpers/stub_configuration.rb b/spec/support/helpers/stub_configuration.rb
index c372a3f0e49..049702be1f6 100644
--- a/spec/support/helpers/stub_configuration.rb
+++ b/spec/support/helpers/stub_configuration.rb
@@ -65,6 +65,10 @@ module StubConfiguration
     allow(Gitlab.config.artifacts).to receive_messages(to_settings(messages))
   end
 
+  def stub_pages_setting(messages)
+    allow(Gitlab.config.pages).to receive_messages(to_settings(messages))
+  end
+
   def stub_storage_settings(messages)
     messages.deep_stringify_keys!