From 1fee24a36143e8057d495e8a7e0f2d4b93d83f2a Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Thu, 16 Jul 2015 14:17:43 -0400 Subject: Remove unused `be_valid_commit` matcher --- spec/support/matchers.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb index a2f853e3e70..87a034cca3b 100644 --- a/spec/support/matchers.rb +++ b/spec/support/matchers.rb @@ -1,12 +1,3 @@ -RSpec::Matchers.define :be_valid_commit do - match do |actual| - actual && - actual.id == ValidCommit::ID && - actual.message == ValidCommit::MESSAGE && - actual.author_name == ValidCommit::AUTHOR_FULL_NAME - end -end - def emulate_user(user) user = case user when :user then create(:user) -- cgit v1.2.1 From a2ecfdc5859c1703dbbad6dde888f7a0eb5817c8 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Tue, 21 Jul 2015 22:09:02 -0400 Subject: Move access-related matchers to their own module --- spec/features/security/dashboard_access_spec.rb | 2 + spec/features/security/group/group_access_spec.rb | 2 + .../security/group/internal_group_access_spec.rb | 2 + .../security/group/mixed_group_access_spec.rb | 2 + .../security/group/public_group_access_spec.rb | 2 + spec/features/security/profile_access_spec.rb | 2 + .../security/project/internal_access_spec.rb | 2 + .../security/project/private_access_spec.rb | 2 + .../security/project/public_access_spec.rb | 3 +- spec/support/matchers.rb | 34 -------------- spec/support/matchers/access_matchers.rb | 54 ++++++++++++++++++++++ 11 files changed, 72 insertions(+), 35 deletions(-) create mode 100644 spec/support/matchers/access_matchers.rb diff --git a/spec/features/security/dashboard_access_spec.rb b/spec/features/security/dashboard_access_spec.rb index 67238e3ab76..c38cddbb904 100644 --- a/spec/features/security/dashboard_access_spec.rb +++ b/spec/features/security/dashboard_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Dashboard access", feature: true do + include AccessMatchers + describe "GET /dashboard" do subject { dashboard_path } diff --git a/spec/features/security/group/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb index 63793149459..e42b7b8d8a0 100644 --- a/spec/features/security/group/group_access_spec.rb +++ b/spec/features/security/group/group_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Group access", feature: true do + include AccessMatchers + describe "GET /projects/new" do it { expect(new_group_path).to be_allowed_for :admin } it { expect(new_group_path).to be_allowed_for :user } diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb index d17a7412e43..28673a3ab2f 100644 --- a/spec/features/security/group/internal_group_access_spec.rb +++ b/spec/features/security/group/internal_group_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Group with internal project access", feature: true do + include AccessMatchers + describe "Group" do let(:group) { create(:group) } diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb index b3db7b5dea4..f7f0213737e 100644 --- a/spec/features/security/group/mixed_group_access_spec.rb +++ b/spec/features/security/group/mixed_group_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Group access", feature: true do + include AccessMatchers + describe "Group" do let(:group) { create(:group) } diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb index c16f0c0d1e1..03cafad8d7e 100644 --- a/spec/features/security/group/public_group_access_spec.rb +++ b/spec/features/security/group/public_group_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Group with public project access", feature: true do + include AccessMatchers + describe "Group" do let(:group) { create(:group) } diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb index bcabc2d53ac..847566d0de9 100644 --- a/spec/features/security/profile_access_spec.rb +++ b/spec/features/security/profile_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Profile access", feature: true do + include AccessMatchers + before do @u1 = create(:user) end diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb index 4649e58cb1a..57563add74c 100644 --- a/spec/features/security/project/internal_access_spec.rb +++ b/spec/features/security/project/internal_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Internal Project Access", feature: true do + include AccessMatchers + let(:project) { create(:project, :internal) } let(:master) { create(:user) } diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb index 2866bf0355b..a1e111c6cab 100644 --- a/spec/features/security/project/private_access_spec.rb +++ b/spec/features/security/project/private_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Private Project Access", feature: true do + include AccessMatchers + let(:project) { create(:project) } let(:master) { create(:user) } diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb index 554c96bcdc5..655d2c8b7d9 100644 --- a/spec/features/security/project/public_access_spec.rb +++ b/spec/features/security/project/public_access_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe "Public Project Access", feature: true do + include AccessMatchers + let(:project) { create(:project) } let(:master) { create(:user) } @@ -17,7 +19,6 @@ describe "Public Project Access", feature: true do # readonly project.team << [reporter, :reporter] - end describe "Project should be public" do diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb index 87a034cca3b..d9b27ab08d8 100644 --- a/spec/support/matchers.rb +++ b/spec/support/matchers.rb @@ -1,37 +1,3 @@ -def emulate_user(user) - user = case user - when :user then create(:user) - when :visitor then nil - when :admin then create(:admin) - else user - end - login_with(user) if user -end - -RSpec::Matchers.define :be_allowed_for do |user| - match do |url| - emulate_user(user) - visit url - status_code != 404 && current_path != new_user_session_path - end -end - -RSpec::Matchers.define :be_denied_for do |user| - match do |url| - emulate_user(user) - visit url - status_code == 404 || current_path == new_user_session_path - end -end - -RSpec::Matchers.define :be_not_found_for do |user| - match do |url| - emulate_user(user) - visit url - status_code == 404 - end -end - RSpec::Matchers.define :include_module do |expected| match do described_class.included_modules.include?(expected) diff --git a/spec/support/matchers/access_matchers.rb b/spec/support/matchers/access_matchers.rb new file mode 100644 index 00000000000..558e8b1612f --- /dev/null +++ b/spec/support/matchers/access_matchers.rb @@ -0,0 +1,54 @@ +# AccessMatchers +# +# The custom matchers contained in this module are used to test a user's access +# to a URL by emulating a specific user or type of user account, visiting the +# URL, and then checking the response status code and resulting path. +module AccessMatchers + extend RSpec::Matchers::DSL + include Warden::Test::Helpers + + def emulate_user(user) + case user + when :user + login_as(create(:user)) + when :visitor + logout + when :admin + login_as(create(:admin)) + when User + login_as(user) + else + raise ArgumentError, "cannot emulate user #{user}" + end + end + + def description_for(user, type) + if user.kind_of?(User) + # User#inspect displays too much information for RSpec's description + # messages + "be #{type} for supplied User" + else + "be #{type} for #{user}" + end + end + + matcher :be_allowed_for do |user| + match do |url| + emulate_user(user) + visit url + status_code != 404 && current_path != new_user_session_path + end + + description { description_for(user, 'allowed') } + end + + matcher :be_denied_for do |user| + match do |url| + emulate_user(user) + visit url + status_code == 404 || current_path == new_user_session_path + end + + description { description_for(user, 'denied') } + end +end -- cgit v1.2.1 From 421b06508d6ddc76c90ed8e54271dfb18e5c5833 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Thu, 16 Jul 2015 15:01:20 -0400 Subject: Remove be_not_found_for matcher It was only used in one test, and the test was kind of redundant. --- spec/features/security/profile_access_spec.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb index 847566d0de9..eee2588408a 100644 --- a/spec/features/security/profile_access_spec.rb +++ b/spec/features/security/profile_access_spec.rb @@ -6,11 +6,6 @@ describe "Profile access", feature: true do before do @u1 = create(:user) end - - describe "GET /login" do - it { expect(new_user_session_path).not_to be_not_found_for :visitor } - end - describe "GET /profile/keys" do subject { profile_keys_path } -- cgit v1.2.1 From ff8811c40b33a3a98203478925810035fffe7094 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Thu, 16 Jul 2015 15:02:06 -0400 Subject: Remove redundant Profile access test cases The user being created was no different than what `be_allowed_for` was doing behind the scenes so we were essentially testing all user-level accesses twice. --- spec/features/security/profile_access_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/features/security/profile_access_spec.rb b/spec/features/security/profile_access_spec.rb index eee2588408a..c19678ab381 100644 --- a/spec/features/security/profile_access_spec.rb +++ b/spec/features/security/profile_access_spec.rb @@ -3,13 +3,9 @@ require 'spec_helper' describe "Profile access", feature: true do include AccessMatchers - before do - @u1 = create(:user) - end describe "GET /profile/keys" do subject { profile_keys_path } - it { is_expected.to be_allowed_for @u1 } it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } @@ -18,7 +14,6 @@ describe "Profile access", feature: true do describe "GET /profile" do subject { profile_path } - it { is_expected.to be_allowed_for @u1 } it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } @@ -27,7 +22,6 @@ describe "Profile access", feature: true do describe "GET /profile/account" do subject { profile_account_path } - it { is_expected.to be_allowed_for @u1 } it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } @@ -36,7 +30,6 @@ describe "Profile access", feature: true do describe "GET /profile/preferences" do subject { profile_preferences_path } - it { is_expected.to be_allowed_for @u1 } it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } @@ -45,7 +38,6 @@ describe "Profile access", feature: true do describe "GET /profile/audit_log" do subject { audit_log_profile_path } - it { is_expected.to be_allowed_for @u1 } it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } @@ -54,7 +46,6 @@ describe "Profile access", feature: true do describe "GET /profile/notifications" do subject { profile_notifications_path } - it { is_expected.to be_allowed_for @u1 } it { is_expected.to be_allowed_for :admin } it { is_expected.to be_allowed_for :user } it { is_expected.to be_denied_for :visitor } -- cgit v1.2.1 From 0d5cf111f3070994c0e80ef764d1bd4b9e4936b1 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Tue, 21 Jul 2015 22:09:58 -0400 Subject: Move custom matchers to their own files under spec/support/matchers --- spec/support/matchers.rb | 23 ----------------------- spec/support/matchers/include_module.rb | 13 +++++++++++++ spec/support/matchers/is_within.rb | 9 +++++++++ 3 files changed, 22 insertions(+), 23 deletions(-) delete mode 100644 spec/support/matchers.rb create mode 100644 spec/support/matchers/include_module.rb create mode 100644 spec/support/matchers/is_within.rb diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb deleted file mode 100644 index d9b27ab08d8..00000000000 --- a/spec/support/matchers.rb +++ /dev/null @@ -1,23 +0,0 @@ -RSpec::Matchers.define :include_module do |expected| - match do - described_class.included_modules.include?(expected) - end - - description do - "includes the #{expected} module" - end - - failure_message do - "expected #{described_class} to include the #{expected} module" - end -end - -# Extend shoulda-matchers -module Shoulda::Matchers::ActiveModel - class ValidateLengthOfMatcher - # Shortcut for is_at_least and is_at_most - def is_within(range) - is_at_least(range.min) && is_at_most(range.max) - end - end -end diff --git a/spec/support/matchers/include_module.rb b/spec/support/matchers/include_module.rb new file mode 100644 index 00000000000..0a78af1e90e --- /dev/null +++ b/spec/support/matchers/include_module.rb @@ -0,0 +1,13 @@ +RSpec::Matchers.define :include_module do |expected| + match do + described_class.included_modules.include?(expected) + end + + description do + "includes the #{expected} module" + end + + failure_message do + "expected #{described_class} to include the #{expected} module" + end +end diff --git a/spec/support/matchers/is_within.rb b/spec/support/matchers/is_within.rb new file mode 100644 index 00000000000..0c35fc7e899 --- /dev/null +++ b/spec/support/matchers/is_within.rb @@ -0,0 +1,9 @@ +# Extend shoulda-matchers +module Shoulda::Matchers::ActiveModel + class ValidateLengthOfMatcher + # Shortcut for is_at_least and is_at_most + def is_within(range) + is_at_least(range.min) && is_at_most(range.max) + end + end +end -- cgit v1.2.1 From b24d5f13a5dde7ab85dce93900fa309b3485adb9 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Thu, 16 Jul 2015 17:05:14 -0400 Subject: Consolidate group access specs into one file --- spec/features/security/group/group_access_spec.rb | 100 -------- .../security/group/internal_group_access_spec.rb | 84 ------ .../security/group/mixed_group_access_spec.rb | 85 ------ .../security/group/public_group_access_spec.rb | 84 ------ spec/features/security/group_access_spec.rb | 284 +++++++++++++++++++++ 5 files changed, 284 insertions(+), 353 deletions(-) delete mode 100644 spec/features/security/group/group_access_spec.rb delete mode 100644 spec/features/security/group/internal_group_access_spec.rb delete mode 100644 spec/features/security/group/mixed_group_access_spec.rb delete mode 100644 spec/features/security/group/public_group_access_spec.rb create mode 100644 spec/features/security/group_access_spec.rb diff --git a/spec/features/security/group/group_access_spec.rb b/spec/features/security/group/group_access_spec.rb deleted file mode 100644 index e42b7b8d8a0..00000000000 --- a/spec/features/security/group/group_access_spec.rb +++ /dev/null @@ -1,100 +0,0 @@ -require 'spec_helper' - -describe "Group access", feature: true do - include AccessMatchers - - describe "GET /projects/new" do - it { expect(new_group_path).to be_allowed_for :admin } - it { expect(new_group_path).to be_allowed_for :user } - it { expect(new_group_path).to be_denied_for :visitor } - end - - describe "Group" do - let(:group) { create(:group) } - - let(:owner) { create(:owner) } - let(:master) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - let(:nonmember) { create(:user) } - - before do - group.add_user(owner, Gitlab::Access::OWNER) - group.add_user(master, Gitlab::Access::MASTER) - group.add_user(reporter, Gitlab::Access::REPORTER) - group.add_user(guest, Gitlab::Access::GUEST) - end - - describe "GET /groups/:path" do - subject { group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/issues" do - subject { issues_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/merge_requests" do - subject { merge_requests_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/group_members" do - subject { group_group_members_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/edit" do - subject { edit_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_denied_for master } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/projects" do - subject { projects_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_denied_for master } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - end -end diff --git a/spec/features/security/group/internal_group_access_spec.rb b/spec/features/security/group/internal_group_access_spec.rb deleted file mode 100644 index 28673a3ab2f..00000000000 --- a/spec/features/security/group/internal_group_access_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -require 'spec_helper' - -describe "Group with internal project access", feature: true do - include AccessMatchers - - describe "Group" do - let(:group) { create(:group) } - - let(:owner) { create(:owner) } - let(:master) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - let(:nonmember) { create(:user) } - - before do - group.add_user(owner, Gitlab::Access::OWNER) - group.add_user(master, Gitlab::Access::MASTER) - group.add_user(reporter, Gitlab::Access::REPORTER) - group.add_user(guest, Gitlab::Access::GUEST) - - create(:project, :internal, group: group) - end - - describe "GET /groups/:path" do - subject { group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/issues" do - subject { issues_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/merge_requests" do - subject { merge_requests_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/group_members" do - subject { group_group_members_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /groups/:path/edit" do - subject { edit_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_denied_for master } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - end -end diff --git a/spec/features/security/group/mixed_group_access_spec.rb b/spec/features/security/group/mixed_group_access_spec.rb deleted file mode 100644 index f7f0213737e..00000000000 --- a/spec/features/security/group/mixed_group_access_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -require 'spec_helper' - -describe "Group access", feature: true do - include AccessMatchers - - describe "Group" do - let(:group) { create(:group) } - - let(:owner) { create(:owner) } - let(:master) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - let(:nonmember) { create(:user) } - - before do - group.add_user(owner, Gitlab::Access::OWNER) - group.add_user(master, Gitlab::Access::MASTER) - group.add_user(reporter, Gitlab::Access::REPORTER) - group.add_user(guest, Gitlab::Access::GUEST) - - create(:project, :internal, path: "internal_project", group: group) - create(:project, :public, path: "public_project", group: group) - end - - describe "GET /groups/:path" do - subject { group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/issues" do - subject { issues_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/merge_requests" do - subject { merge_requests_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/group_members" do - subject { group_group_members_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/edit" do - subject { edit_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_denied_for master } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - end -end diff --git a/spec/features/security/group/public_group_access_spec.rb b/spec/features/security/group/public_group_access_spec.rb deleted file mode 100644 index 03cafad8d7e..00000000000 --- a/spec/features/security/group/public_group_access_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -require 'spec_helper' - -describe "Group with public project access", feature: true do - include AccessMatchers - - describe "Group" do - let(:group) { create(:group) } - - let(:owner) { create(:owner) } - let(:master) { create(:user) } - let(:reporter) { create(:user) } - let(:guest) { create(:user) } - let(:nonmember) { create(:user) } - - before do - group.add_user(owner, Gitlab::Access::OWNER) - group.add_user(master, Gitlab::Access::MASTER) - group.add_user(reporter, Gitlab::Access::REPORTER) - group.add_user(guest, Gitlab::Access::GUEST) - - create(:project, :public, group: group) - end - - describe "GET /groups/:path" do - subject { group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/issues" do - subject { issues_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/merge_requests" do - subject { merge_requests_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/group_members" do - subject { group_group_members_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_allowed_for master } - it { is_expected.to be_allowed_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_allowed_for guest } - it { is_expected.to be_allowed_for :user } - it { is_expected.to be_allowed_for :visitor } - end - - describe "GET /groups/:path/edit" do - subject { edit_group_path(group) } - - it { is_expected.to be_allowed_for owner } - it { is_expected.to be_denied_for master } - it { is_expected.to be_denied_for reporter } - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for guest } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - end -end diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb new file mode 100644 index 00000000000..0f36e474989 --- /dev/null +++ b/spec/features/security/group_access_spec.rb @@ -0,0 +1,284 @@ +require 'rails_helper' + +describe 'Group access', feature: true do + include AccessMatchers + + def group + @group ||= create(:group) + end + + def create_project(access_level) + if access_level == :mixed + create(:empty_project, :public, group: group) + create(:empty_project, :internal, group: group) + else + create(:empty_project, access_level, group: group) + end + end + + def group_member(access_level, group = group) + level = Object.const_get("Gitlab::Access::#{access_level.upcase}") + + create(:user).tap do |user| + group.add_user(user, level) + end + end + + describe 'GET /groups/new' do + subject { new_group_path } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_denied_for :visitor } + end + + describe 'GET /groups/:path' do + subject { group_path(group) } + + context 'with public projects' do + before(:all) { create_project(:public) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with mixed projects' do + before(:all) { create_project(:mixed) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with internal projects' do + before(:all) { create_project(:internal) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with no projects' do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + end + + describe 'GET /groups/:path/issues' do + subject { issues_group_path(group) } + + context 'with public projects' do + before(:all) { create_project(:public) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with mixed projects' do + before(:all) { create_project(:mixed) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with internal projects' do + before(:all) { create_project(:internal) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with no projects' do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + end + + describe 'GET /groups/:path/merge_requests' do + subject { merge_requests_group_path(group) } + + context 'with public projects' do + before(:all) { create_project(:public) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with mixed projects' do + before(:all) { create_project(:mixed) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with internal projects' do + before(:all) { create_project(:internal) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with no projects' do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + end + + describe 'GET /groups/:path/group_members' do + subject { group_group_members_path(group) } + + context 'with public projects' do + before(:all) { create_project(:public) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with mixed projects' do + before(:all) { create_project(:mixed) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_allowed_for :visitor } + end + + context 'with internal projects' do + before(:all) { create_project(:internal) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_allowed_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with no projects' do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_allowed_for group_member(:master) } + it { is_expected.to be_allowed_for group_member(:reporter) } + it { is_expected.to be_allowed_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + end + + describe 'GET /groups/:path/edit' do + subject { edit_group_path(group) } + + context 'with public projects' do + before(:all) { create_project(:public) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_denied_for group_member(:master) } + it { is_expected.to be_denied_for group_member(:reporter) } + it { is_expected.to be_denied_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with mixed projects' do + before(:all) { create_project(:mixed) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_denied_for group_member(:master) } + it { is_expected.to be_denied_for group_member(:reporter) } + it { is_expected.to be_denied_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with internal projects' do + before(:all) { create_project(:internal) } + + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_denied_for group_member(:master) } + it { is_expected.to be_denied_for group_member(:reporter) } + it { is_expected.to be_denied_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + + context 'with no projects' do + it { is_expected.to be_allowed_for group_member(:owner) } + it { is_expected.to be_denied_for group_member(:master) } + it { is_expected.to be_denied_for group_member(:reporter) } + it { is_expected.to be_denied_for group_member(:guest) } + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + end +end -- cgit v1.2.1 From b42422a7a97d376fb5f78e8dfa614857d6b8d1fa Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Wed, 22 Jul 2015 00:39:18 -0400 Subject: Move spec/features/admin/security_spec to spec/features/security --- spec/features/admin/security_spec.rb | 27 --------------------------- spec/features/security/admin_access_spec.rb | 29 +++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 27 deletions(-) delete mode 100644 spec/features/admin/security_spec.rb create mode 100644 spec/features/security/admin_access_spec.rb diff --git a/spec/features/admin/security_spec.rb b/spec/features/admin/security_spec.rb deleted file mode 100644 index 175fa9d4647..00000000000 --- a/spec/features/admin/security_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -require 'spec_helper' - -describe "Admin::Projects", feature: true do - describe "GET /admin/projects" do - subject { admin_namespaces_projects_path } - - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /admin/users" do - subject { admin_users_path } - - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end - - describe "GET /admin/hooks" do - subject { admin_hooks_path } - - it { is_expected.to be_allowed_for :admin } - it { is_expected.to be_denied_for :user } - it { is_expected.to be_denied_for :visitor } - end -end diff --git a/spec/features/security/admin_access_spec.rb b/spec/features/security/admin_access_spec.rb new file mode 100644 index 00000000000..fe8cd7b7602 --- /dev/null +++ b/spec/features/security/admin_access_spec.rb @@ -0,0 +1,29 @@ +require 'spec_helper' + +describe "Admin::Projects", feature: true do + include AccessMatchers + + describe "GET /admin/projects" do + subject { admin_namespaces_projects_path } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + + describe "GET /admin/users" do + subject { admin_users_path } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end + + describe "GET /admin/hooks" do + subject { admin_hooks_path } + + it { is_expected.to be_allowed_for :admin } + it { is_expected.to be_denied_for :user } + it { is_expected.to be_denied_for :visitor } + end +end -- cgit v1.2.1