Clean up project access spec

Robert Speicher
1 parent cf237f1d
Showing 1 changed file with 92 additions and 78 deletions Show diff stats
spec/requests/security/project_access_spec.rb
@@ -14,204 +14,218 @@ describe &quot;Application access&quot; do
   end
  
   describe "Project" do
+    let(:project)  { create(:project) }
+
+    let(:master)   { create(:user) }
+    let(:guest)    { create(:user) }
+    let(:reporter) { create(:user) }
+
     before do
-      @project = Factory :project
-      @u1 = Factory :user
-      @u2 = Factory :user
-      @u3 = Factory :user
       # full access
-      @project.users_projects.create(user: @u1, project_access: UsersProject::MASTER)
+      project.users_projects.create(user: master, project_access: UsersProject::MASTER)
+
       # readonly
-      @project.users_projects.create(user: @u3, project_access: UsersProject::REPORTER)
+      project.users_projects.create(user: reporter, project_access: UsersProject::REPORTER)
     end
  
     describe "GET /project_code" do
-      subject { project_path(@project) }
+      subject { project_path(project) }
+
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_denied_for :admin }
+      it { should be_denied_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/tree/master" do
+      subject { project_tree_path(project, project.root_ref) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
-    describe "GET /project_code/master/tree" do
-      subject { project_tree_path(@project, @project.root_ref) }
+    describe "GET /project_code/commits/master" do
+      subject { project_commits_path(project, project.root_ref) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
-    describe "GET /project_code/commits" do
-      subject { project_commits_path(@project) }
+    describe "GET /project_code/commit/:sha" do
+      subject { project_commit_path(project, project.commit) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
-    describe "GET /project_code/commit" do
-      subject { project_commit_path(@project, @project.commit.id) }
+    describe "GET /project_code/compare" do
+      subject { project_compare_index_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/team" do
-      subject { project_team_index_path(@project) }
+      subject { project_team_index_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/wall" do
-      subject { wall_project_path(@project) }
+      subject { wall_project_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/blob" do
       before do
-        commit = @project.commit
+        commit = project.commit
         path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
-        @blob_path = project_blob_path(@project, File.join(commit.id, path))
+        @blob_path = project_blob_path(project, File.join(commit.id, path))
       end
  
-      it { @blob_path.should be_allowed_for @u1 }
-      it { @blob_path.should be_allowed_for @u3 }
+      it { @blob_path.should be_allowed_for master }
+      it { @blob_path.should be_allowed_for reporter }
       it { @blob_path.should be_denied_for :admin }
-      it { @blob_path.should be_denied_for @u2 }
+      it { @blob_path.should be_denied_for guest }
       it { @blob_path.should be_denied_for :user }
       it { @blob_path.should be_denied_for :visitor }
     end
  
     describe "GET /project_code/edit" do
-      subject { edit_project_path(@project) }
+      subject { edit_project_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_denied_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_denied_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(@project) }
+      subject { project_deploy_keys_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_denied_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_denied_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/issues" do
-      subject { project_issues_path(@project) }
+      subject { project_issues_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/snippets" do
-      subject { project_snippets_path(@project) }
+      subject { project_snippets_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(@project) }
+      subject { project_merge_requests_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/repository" do
-      subject { project_repository_path(@project) }
+      subject { project_repository_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/repository/branches" do
-      subject { branches_project_repository_path(@project) }
+      subject { branches_project_repository_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/repository/tags" do
-      subject { tags_project_repository_path(@project) }
+      subject { tags_project_repository_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/hooks" do
-      subject { project_hooks_path(@project) }
+      subject { project_hooks_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
  
     describe "GET /project_code/files" do
-      subject { files_project_path(@project) }
+      subject { files_project_path(project) }
  
-      it { should be_allowed_for @u1 }
-      it { should be_allowed_for @u3 }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
       it { should be_denied_for :admin }
-      it { should be_denied_for @u2 }
+      it { should be_denied_for guest }
       it { should be_denied_for :user }
       it { should be_denied_for :visitor }
     end
...	...	@@ -14,204 +14,218 @@ describe "Application access" do
14	14	end
15	15
16	16	describe "Project" do
	17	+ let(:project) { create(:project) }
	18	+
	19	+ let(:master) { create(:user) }
	20	+ let(:guest) { create(:user) }
	21	+ let(:reporter) { create(:user) }
	22	+
17	23	before do
18		- @project = Factory :project
19		- @u1 = Factory :user
20		- @u2 = Factory :user
21		- @u3 = Factory :user
22	24	# full access
23		- @project.users_projects.create(user: @u1, project_access: UsersProject::MASTER)
	25	+ project.users_projects.create(user: master, project_access: UsersProject::MASTER)
	26	+
24	27	# readonly
25		- @project.users_projects.create(user: @u3, project_access: UsersProject::REPORTER)
	28	+ project.users_projects.create(user: reporter, project_access: UsersProject::REPORTER)
26	29	end
27	30
28	31	describe "GET /project_code" do
29		- subject { project_path(@project) }
	32	+ subject { project_path(project) }
	33	+
	34	+ it { should be_allowed_for master }
	35	+ it { should be_allowed_for reporter }
	36	+ it { should be_denied_for :admin }
	37	+ it { should be_denied_for guest }
	38	+ it { should be_denied_for :user }
	39	+ it { should be_denied_for :visitor }
	40	+ end
	41	+
	42	+ describe "GET /project_code/tree/master" do
	43	+ subject { project_tree_path(project, project.root_ref) }
30	44
31		- it { should be_allowed_for @u1 }
32		- it { should be_allowed_for @u3 }
	45	+ it { should be_allowed_for master }
	46	+ it { should be_allowed_for reporter }
33	47	it { should be_denied_for :admin }
34		- it { should be_denied_for @u2 }
	48	+ it { should be_denied_for guest }
35	49	it { should be_denied_for :user }
36	50	it { should be_denied_for :visitor }
37	51	end
38	52
39		- describe "GET /project_code/master/tree" do
40		- subject { project_tree_path(@project, @project.root_ref) }
	53	+ describe "GET /project_code/commits/master" do
	54	+ subject { project_commits_path(project, project.root_ref) }
41	55
42		- it { should be_allowed_for @u1 }
43		- it { should be_allowed_for @u3 }
	56	+ it { should be_allowed_for master }
	57	+ it { should be_allowed_for reporter }
44	58	it { should be_denied_for :admin }
45		- it { should be_denied_for @u2 }
	59	+ it { should be_denied_for guest }
46	60	it { should be_denied_for :user }
47	61	it { should be_denied_for :visitor }
48	62	end
49	63
50		- describe "GET /project_code/commits" do
51		- subject { project_commits_path(@project) }
	64	+ describe "GET /project_code/commit/:sha" do
	65	+ subject { project_commit_path(project, project.commit) }
52	66
53		- it { should be_allowed_for @u1 }
54		- it { should be_allowed_for @u3 }
	67	+ it { should be_allowed_for master }
	68	+ it { should be_allowed_for reporter }
55	69	it { should be_denied_for :admin }
56		- it { should be_denied_for @u2 }
	70	+ it { should be_denied_for guest }
57	71	it { should be_denied_for :user }
58	72	it { should be_denied_for :visitor }
59	73	end
60	74
61		- describe "GET /project_code/commit" do
62		- subject { project_commit_path(@project, @project.commit.id) }
	75	+ describe "GET /project_code/compare" do
	76	+ subject { project_compare_index_path(project) }
63	77
64		- it { should be_allowed_for @u1 }
65		- it { should be_allowed_for @u3 }
	78	+ it { should be_allowed_for master }
	79	+ it { should be_allowed_for reporter }
66	80	it { should be_denied_for :admin }
67		- it { should be_denied_for @u2 }
	81	+ it { should be_denied_for guest }
68	82	it { should be_denied_for :user }
69	83	it { should be_denied_for :visitor }
70	84	end
71	85
72	86	describe "GET /project_code/team" do
73		- subject { project_team_index_path(@project) }
	87	+ subject { project_team_index_path(project) }
74	88
75		- it { should be_allowed_for @u1 }
76		- it { should be_allowed_for @u3 }
	89	+ it { should be_allowed_for master }
	90	+ it { should be_allowed_for reporter }
77	91	it { should be_denied_for :admin }
78		- it { should be_denied_for @u2 }
	92	+ it { should be_denied_for guest }
79	93	it { should be_denied_for :user }
80	94	it { should be_denied_for :visitor }
81	95	end
82	96
83	97	describe "GET /project_code/wall" do
84		- subject { wall_project_path(@project) }
	98	+ subject { wall_project_path(project) }
85	99
86		- it { should be_allowed_for @u1 }
87		- it { should be_allowed_for @u3 }
	100	+ it { should be_allowed_for master }
	101	+ it { should be_allowed_for reporter }
88	102	it { should be_denied_for :admin }
89		- it { should be_denied_for @u2 }
	103	+ it { should be_denied_for guest }
90	104	it { should be_denied_for :user }
91	105	it { should be_denied_for :visitor }
92	106	end
93	107
94	108	describe "GET /project_code/blob" do
95	109	before do
96		- commit = @project.commit
	110	+ commit = project.commit
97	111	path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob)}.first.name
98		- @blob_path = project_blob_path(@project, File.join(commit.id, path))
	112	+ @blob_path = project_blob_path(project, File.join(commit.id, path))
99	113	end
100	114
101		- it { @blob_path.should be_allowed_for @u1 }
102		- it { @blob_path.should be_allowed_for @u3 }
	115	+ it { @blob_path.should be_allowed_for master }
	116	+ it { @blob_path.should be_allowed_for reporter }
103	117	it { @blob_path.should be_denied_for :admin }
104		- it { @blob_path.should be_denied_for @u2 }
	118	+ it { @blob_path.should be_denied_for guest }
105	119	it { @blob_path.should be_denied_for :user }
106	120	it { @blob_path.should be_denied_for :visitor }
107	121	end
108	122
109	123	describe "GET /project_code/edit" do
110		- subject { edit_project_path(@project) }
	124	+ subject { edit_project_path(project) }
111	125
112		- it { should be_allowed_for @u1 }
113		- it { should be_denied_for @u3 }
	126	+ it { should be_allowed_for master }
	127	+ it { should be_denied_for reporter }
114	128	it { should be_denied_for :admin }
115		- it { should be_denied_for @u2 }
	129	+ it { should be_denied_for guest }
116	130	it { should be_denied_for :user }
117	131	it { should be_denied_for :visitor }
118	132	end
119	133
120	134	describe "GET /project_code/deploy_keys" do
121		- subject { project_deploy_keys_path(@project) }
	135	+ subject { project_deploy_keys_path(project) }
122	136
123		- it { should be_allowed_for @u1 }
124		- it { should be_denied_for @u3 }
	137	+ it { should be_allowed_for master }
	138	+ it { should be_denied_for reporter }
125	139	it { should be_denied_for :admin }
126		- it { should be_denied_for @u2 }
	140	+ it { should be_denied_for guest }
127	141	it { should be_denied_for :user }
128	142	it { should be_denied_for :visitor }
129	143	end
130	144
131	145	describe "GET /project_code/issues" do
132		- subject { project_issues_path(@project) }
	146	+ subject { project_issues_path(project) }
133	147
134		- it { should be_allowed_for @u1 }
135		- it { should be_allowed_for @u3 }
	148	+ it { should be_allowed_for master }
	149	+ it { should be_allowed_for reporter }
136	150	it { should be_denied_for :admin }
137		- it { should be_denied_for @u2 }
	151	+ it { should be_denied_for guest }
138	152	it { should be_denied_for :user }
139	153	it { should be_denied_for :visitor }
140	154	end
141	155
142	156	describe "GET /project_code/snippets" do
143		- subject { project_snippets_path(@project) }
	157	+ subject { project_snippets_path(project) }
144	158
145		- it { should be_allowed_for @u1 }
146		- it { should be_allowed_for @u3 }
	159	+ it { should be_allowed_for master }
	160	+ it { should be_allowed_for reporter }
147	161	it { should be_denied_for :admin }
148		- it { should be_denied_for @u2 }
	162	+ it { should be_denied_for guest }
149	163	it { should be_denied_for :user }
150	164	it { should be_denied_for :visitor }
151	165	end
152	166
153	167	describe "GET /project_code/merge_requests" do
154		- subject { project_merge_requests_path(@project) }
	168	+ subject { project_merge_requests_path(project) }
155	169
156		- it { should be_allowed_for @u1 }
157		- it { should be_allowed_for @u3 }
	170	+ it { should be_allowed_for master }
	171	+ it { should be_allowed_for reporter }
158	172	it { should be_denied_for :admin }
159		- it { should be_denied_for @u2 }
	173	+ it { should be_denied_for guest }
160	174	it { should be_denied_for :user }
161	175	it { should be_denied_for :visitor }
162	176	end
163	177
164	178	describe "GET /project_code/repository" do
165		- subject { project_repository_path(@project) }
	179	+ subject { project_repository_path(project) }
166	180
167		- it { should be_allowed_for @u1 }
168		- it { should be_allowed_for @u3 }
	181	+ it { should be_allowed_for master }
	182	+ it { should be_allowed_for reporter }
169	183	it { should be_denied_for :admin }
170		- it { should be_denied_for @u2 }
	184	+ it { should be_denied_for guest }
171	185	it { should be_denied_for :user }
172	186	it { should be_denied_for :visitor }
173	187	end
174	188
175	189	describe "GET /project_code/repository/branches" do
176		- subject { branches_project_repository_path(@project) }
	190	+ subject { branches_project_repository_path(project) }
177	191
178		- it { should be_allowed_for @u1 }
179		- it { should be_allowed_for @u3 }
	192	+ it { should be_allowed_for master }
	193	+ it { should be_allowed_for reporter }
180	194	it { should be_denied_for :admin }
181		- it { should be_denied_for @u2 }
	195	+ it { should be_denied_for guest }
182	196	it { should be_denied_for :user }
183	197	it { should be_denied_for :visitor }
184	198	end
185	199
186	200	describe "GET /project_code/repository/tags" do
187		- subject { tags_project_repository_path(@project) }
	201	+ subject { tags_project_repository_path(project) }
188	202
189		- it { should be_allowed_for @u1 }
190		- it { should be_allowed_for @u3 }
	203	+ it { should be_allowed_for master }
	204	+ it { should be_allowed_for reporter }
191	205	it { should be_denied_for :admin }
192		- it { should be_denied_for @u2 }
	206	+ it { should be_denied_for guest }
193	207	it { should be_denied_for :user }
194	208	it { should be_denied_for :visitor }
195	209	end
196	210
197	211	describe "GET /project_code/hooks" do
198		- subject { project_hooks_path(@project) }
	212	+ subject { project_hooks_path(project) }
199	213
200		- it { should be_allowed_for @u1 }
201		- it { should be_allowed_for @u3 }
	214	+ it { should be_allowed_for master }
	215	+ it { should be_allowed_for reporter }
202	216	it { should be_denied_for :admin }
203		- it { should be_denied_for @u2 }
	217	+ it { should be_denied_for guest }
204	218	it { should be_denied_for :user }
205	219	it { should be_denied_for :visitor }
206	220	end
207	221
208	222	describe "GET /project_code/files" do
209		- subject { files_project_path(@project) }
	223	+ subject { files_project_path(project) }
210	224
211		- it { should be_allowed_for @u1 }
212		- it { should be_allowed_for @u3 }
	225	+ it { should be_allowed_for master }
	226	+ it { should be_allowed_for reporter }
213	227	it { should be_denied_for :admin }
214		- it { should be_denied_for @u2 }
	228	+ it { should be_denied_for guest }
215	229	it { should be_denied_for :user }
216	230	it { should be_denied_for :visitor }
217	231	end
...	...