Milestones cucumber. Renamed app security test

Dmitriy Zaporozhets
1 parent 6de48825
Showing 5 changed files with 243 additions and 238 deletions Show diff stats
features/projects/issues/milestones.feature
features/step_definitions/project_merge_requests_steps.rb
spec/requests/access_spec.rb
spec/requests/milestones_spec.rb
spec/requests/projects_security_spec.rb
@@ -0,0 +1,18 @@
+Feature: Milestones
+  Background:
+    Given I signin as a user
+    And I own project "Shop"
+    And project "Shop" has milestone "v2.2"
+    Given I visit project "Shop" milestones page 
+
+  Scenario: I should see active milestones
+    Then I should see milestone "v2.2"
+
+  Scenario: I should see milestone
+    Given I click link "v2.2"
+    Then I should see milestone "v2.2"
+
+  Scenario: I create new milestone
+    Given I click link "New Milestone"
+    And I submit new milestone "v2.3"
+    Then I should see milestone "v2.3"
@@ -0,0 +1,38 @@
+Given /^project "(.*?)" has milestone "(.*?)"$/ do |arg1, arg2|
+  project = Project.find_by_name(arg1)
+
+  milestone = Factory :milestone,
+    :title => arg2,
+    :project => project
+
+  3.times do |i|
+    issue = Factory :issue,
+      :project => project,
+      :milestone => milestone
+  end
+end
+
+Given /^I visit project "(.*?)" milestones page$/ do |arg1|
+  @project = Project.find_by_name(arg1)
+  visit project_milestones_path(@project)
+end
+
+Then /^I should see active milestones$/ do
+  milestone = @project.milestones.first
+  page.should have_content(milestone.title[0..10])
+  page.should have_content(milestone.expires_at)
+  page.should have_content("Browse Issues")
+end
+
+Then /^I should see milestone "(.*?)"$/ do |arg1|
+  milestone = @project.milestones.find_by_title(arg1)
+  page.should have_content(milestone.title[0..10])
+  page.should have_content(milestone.expires_at)
+  page.should have_content("Browse Issues")
+end
+
+Given /^I submit new milestone "(.*?)"$/ do |arg1|
+  fill_in "milestone_title", :with => arg1
+  click_button "Create milestone"
+end
+
@@ -0,0 +1,187 @@
+require 'spec_helper'
+
+describe "Application access" do
+  describe "GET /" do
+    it { root_path.should be_allowed_for :admin }
+    it { root_path.should be_allowed_for :user }
+    it { root_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /projects/new" do
+    it { new_project_path.should be_allowed_for :admin }
+    it { new_project_path.should be_allowed_for :user }
+    it { new_project_path.should be_denied_for :visitor }
+  end
+
+  describe "Project" do
+    before do
+      @project = Factory :project
+      @u1 = Factory :user
+      @u2 = Factory :user
+      @u3 = Factory :user
+      # full access
+      @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
+      # readonly
+      @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
+    end
+
+    describe "GET /project_code" do
+      it { project_path(@project).should be_allowed_for @u1 }
+      it { project_path(@project).should be_allowed_for @u3 }
+      it { project_path(@project).should be_denied_for :admin }
+      it { project_path(@project).should be_denied_for @u2 }
+      it { project_path(@project).should be_denied_for :user }
+      it { project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/master/tree" do
+      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/commits" do
+      it { project_commits_path(@project).should be_allowed_for @u1 }
+      it { project_commits_path(@project).should be_allowed_for @u3 }
+      it { project_commits_path(@project).should be_denied_for :admin }
+      it { project_commits_path(@project).should be_denied_for @u2 }
+      it { project_commits_path(@project).should be_denied_for :user }
+      it { project_commits_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/commit" do
+      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
+      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/team" do
+      it { team_project_path(@project).should be_allowed_for @u1 }
+      it { team_project_path(@project).should be_allowed_for @u3 }
+      it { team_project_path(@project).should be_denied_for :admin }
+      it { team_project_path(@project).should be_denied_for @u2 }
+      it { team_project_path(@project).should be_denied_for :user }
+      it { team_project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/wall" do
+      it { wall_project_path(@project).should be_allowed_for @u1 }
+      it { wall_project_path(@project).should be_allowed_for @u3 }
+      it { wall_project_path(@project).should be_denied_for :admin }
+      it { wall_project_path(@project).should be_denied_for @u2 }
+      it { wall_project_path(@project).should be_denied_for :user }
+      it { wall_project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/blob" do
+      before do
+        @commit = @project.commit
+        @path = @commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
+        @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
+      end
+
+      it { @blob_path.should be_allowed_for @u1 }
+      it { @blob_path.should be_allowed_for @u3 }
+      it { @blob_path.should be_denied_for :admin }
+      it { @blob_path.should be_denied_for @u2 }
+      it { @blob_path.should be_denied_for :user }
+      it { @blob_path.should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/edit" do
+      it { edit_project_path(@project).should be_allowed_for @u1 }
+      it { edit_project_path(@project).should be_denied_for @u3 }
+      it { edit_project_path(@project).should be_denied_for :admin }
+      it { edit_project_path(@project).should be_denied_for @u2 }
+      it { edit_project_path(@project).should be_denied_for :user }
+      it { edit_project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/deploy_keys" do
+      it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
+      it { project_deploy_keys_path(@project).should be_denied_for @u3 }
+      it { project_deploy_keys_path(@project).should be_denied_for :admin }
+      it { project_deploy_keys_path(@project).should be_denied_for @u2 }
+      it { project_deploy_keys_path(@project).should be_denied_for :user }
+      it { project_deploy_keys_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/issues" do
+      it { project_issues_path(@project).should be_allowed_for @u1 }
+      it { project_issues_path(@project).should be_allowed_for @u3 }
+      it { project_issues_path(@project).should be_denied_for :admin }
+      it { project_issues_path(@project).should be_denied_for @u2 }
+      it { project_issues_path(@project).should be_denied_for :user }
+      it { project_issues_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/snippets" do
+      it { project_snippets_path(@project).should be_allowed_for @u1 }
+      it { project_snippets_path(@project).should be_allowed_for @u3 }
+      it { project_snippets_path(@project).should be_denied_for :admin }
+      it { project_snippets_path(@project).should be_denied_for @u2 }
+      it { project_snippets_path(@project).should be_denied_for :user }
+      it { project_snippets_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/merge_requests" do
+      it { project_merge_requests_path(@project).should be_allowed_for @u1 }
+      it { project_merge_requests_path(@project).should be_allowed_for @u3 }
+      it { project_merge_requests_path(@project).should be_denied_for :admin }
+      it { project_merge_requests_path(@project).should be_denied_for @u2 }
+      it { project_merge_requests_path(@project).should be_denied_for :user }
+      it { project_merge_requests_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/repository" do
+      it { project_repository_path(@project).should be_allowed_for @u1 }
+      it { project_repository_path(@project).should be_allowed_for @u3 }
+      it { project_repository_path(@project).should be_denied_for :admin }
+      it { project_repository_path(@project).should be_denied_for @u2 }
+      it { project_repository_path(@project).should be_denied_for :user }
+      it { project_repository_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/repository/branches" do
+      it { branches_project_repository_path(@project).should be_allowed_for @u1 }
+      it { branches_project_repository_path(@project).should be_allowed_for @u3 }
+      it { branches_project_repository_path(@project).should be_denied_for :admin }
+      it { branches_project_repository_path(@project).should be_denied_for @u2 }
+      it { branches_project_repository_path(@project).should be_denied_for :user }
+      it { branches_project_repository_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/repository/tags" do
+      it { tags_project_repository_path(@project).should be_allowed_for @u1 }
+      it { tags_project_repository_path(@project).should be_allowed_for @u3 }
+      it { tags_project_repository_path(@project).should be_denied_for :admin }
+      it { tags_project_repository_path(@project).should be_denied_for @u2 }
+      it { tags_project_repository_path(@project).should be_denied_for :user }
+      it { tags_project_repository_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/hooks" do
+      it { project_hooks_path(@project).should be_allowed_for @u1 }
+      it { project_hooks_path(@project).should be_allowed_for @u3 }
+      it { project_hooks_path(@project).should be_denied_for :admin }
+      it { project_hooks_path(@project).should be_denied_for @u2 }
+      it { project_hooks_path(@project).should be_denied_for :user }
+      it { project_hooks_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/files" do
+      it { files_project_path(@project).should be_allowed_for @u1 }
+      it { files_project_path(@project).should be_allowed_for @u3 }
+      it { files_project_path(@project).should be_denied_for :admin }
+      it { files_project_path(@project).should be_denied_for @u2 }
+      it { files_project_path(@project).should be_denied_for :user }
+      it { files_project_path(@project).should be_denied_for :visitor }
+    end
+  end
+end
@@ -1,51 +0,0 @@
-require 'spec_helper'
-
-describe "Milestones" do
-  let(:project) { Factory :project }
-
-  before do
-    login_as :user
-    project.add_access(@user, :admin)
-
-    @milestone = Factory :milestone, :project => project
-    @issue = Factory :issue, :project => project
-    
-    @milestone.issues << @issue
-  end
-
-  describe "GET /milestones" do
-    before do 
-      visit project_milestones_path(project)
-    end
-
-    subject { page }
-
-    it { should have_content(@milestone.title[0..10]) }
-    it { should have_content(@milestone.expires_at) }
-    it { should have_content("Browse Issues") }
-  end
-
-  describe "GET /milestone/:id" do 
-    before do 
-      visit project_milestone_path(project, @milestone)
-    end
-
-    subject { page }
-
-    it { should have_content(@milestone.title[0..10]) }
-    it { should have_content(@milestone.expires_at) }
-    it { should have_content("Browse Issues") }
-  end
-
-  describe "GET /milestones/new" do 
-    before do
-      visit new_project_milestone_path(project)
-      fill_in "milestone_title", :with => "v2.3" 
-      click_button "Create milestone"
-    end
-
-    it { current_path.should == project_milestone_path(project, project.milestones.last) }
-    it { page.should have_content(project.milestones.last.title[0..10]) }
-    it { page.should have_content(project.milestones.last.expires_at) }
-  end
-end
@@ -1,187 +0,0 @@
-require 'spec_helper'
-
-describe "Projects Security" do
-  describe "GET /" do
-    it { root_path.should be_allowed_for :admin }
-    it { root_path.should be_allowed_for :user }
-    it { root_path.should be_denied_for :visitor }
-  end
-
-  describe "GET /projects/new" do
-    it { new_project_path.should be_allowed_for :admin }
-    it { new_project_path.should be_allowed_for :user }
-    it { new_project_path.should be_denied_for :visitor }
-  end
-
-  describe "Project" do
-    before do
-      @project = Factory :project
-      @u1 = Factory :user
-      @u2 = Factory :user
-      @u3 = Factory :user
-      # full access
-      @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
-      # readonly
-      @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
-    end
-
-    describe "GET /project_code" do
-      it { project_path(@project).should be_allowed_for @u1 }
-      it { project_path(@project).should be_allowed_for @u3 }
-      it { project_path(@project).should be_denied_for :admin }
-      it { project_path(@project).should be_denied_for @u2 }
-      it { project_path(@project).should be_denied_for :user }
-      it { project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/master/tree" do
-      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits" do
-      it { project_commits_path(@project).should be_allowed_for @u1 }
-      it { project_commits_path(@project).should be_allowed_for @u3 }
-      it { project_commits_path(@project).should be_denied_for :admin }
-      it { project_commits_path(@project).should be_denied_for @u2 }
-      it { project_commits_path(@project).should be_denied_for :user }
-      it { project_commits_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit" do
-      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
-      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      it { team_project_path(@project).should be_allowed_for @u1 }
-      it { team_project_path(@project).should be_allowed_for @u3 }
-      it { team_project_path(@project).should be_denied_for :admin }
-      it { team_project_path(@project).should be_denied_for @u2 }
-      it { team_project_path(@project).should be_denied_for :user }
-      it { team_project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      it { wall_project_path(@project).should be_allowed_for @u1 }
-      it { wall_project_path(@project).should be_allowed_for @u3 }
-      it { wall_project_path(@project).should be_denied_for :admin }
-      it { wall_project_path(@project).should be_denied_for @u2 }
-      it { wall_project_path(@project).should be_denied_for :user }
-      it { wall_project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        @commit = @project.commit
-        @path = @commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
-        @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
-      end
-
-      it { @blob_path.should be_allowed_for @u1 }
-      it { @blob_path.should be_allowed_for @u3 }
-      it { @blob_path.should be_denied_for :admin }
-      it { @blob_path.should be_denied_for @u2 }
-      it { @blob_path.should be_denied_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      it { edit_project_path(@project).should be_allowed_for @u1 }
-      it { edit_project_path(@project).should be_denied_for @u3 }
-      it { edit_project_path(@project).should be_denied_for :admin }
-      it { edit_project_path(@project).should be_denied_for @u2 }
-      it { edit_project_path(@project).should be_denied_for :user }
-      it { edit_project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
-      it { project_deploy_keys_path(@project).should be_denied_for @u3 }
-      it { project_deploy_keys_path(@project).should be_denied_for :admin }
-      it { project_deploy_keys_path(@project).should be_denied_for @u2 }
-      it { project_deploy_keys_path(@project).should be_denied_for :user }
-      it { project_deploy_keys_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      it { project_issues_path(@project).should be_allowed_for @u1 }
-      it { project_issues_path(@project).should be_allowed_for @u3 }
-      it { project_issues_path(@project).should be_denied_for :admin }
-      it { project_issues_path(@project).should be_denied_for @u2 }
-      it { project_issues_path(@project).should be_denied_for :user }
-      it { project_issues_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      it { project_snippets_path(@project).should be_allowed_for @u1 }
-      it { project_snippets_path(@project).should be_allowed_for @u3 }
-      it { project_snippets_path(@project).should be_denied_for :admin }
-      it { project_snippets_path(@project).should be_denied_for @u2 }
-      it { project_snippets_path(@project).should be_denied_for :user }
-      it { project_snippets_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      it { project_merge_requests_path(@project).should be_allowed_for @u1 }
-      it { project_merge_requests_path(@project).should be_allowed_for @u3 }
-      it { project_merge_requests_path(@project).should be_denied_for :admin }
-      it { project_merge_requests_path(@project).should be_denied_for @u2 }
-      it { project_merge_requests_path(@project).should be_denied_for :user }
-      it { project_merge_requests_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/repository" do
-      it { project_repository_path(@project).should be_allowed_for @u1 }
-      it { project_repository_path(@project).should be_allowed_for @u3 }
-      it { project_repository_path(@project).should be_denied_for :admin }
-      it { project_repository_path(@project).should be_denied_for @u2 }
-      it { project_repository_path(@project).should be_denied_for :user }
-      it { project_repository_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/repository/branches" do
-      it { branches_project_repository_path(@project).should be_allowed_for @u1 }
-      it { branches_project_repository_path(@project).should be_allowed_for @u3 }
-      it { branches_project_repository_path(@project).should be_denied_for :admin }
-      it { branches_project_repository_path(@project).should be_denied_for @u2 }
-      it { branches_project_repository_path(@project).should be_denied_for :user }
-      it { branches_project_repository_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/repository/tags" do
-      it { tags_project_repository_path(@project).should be_allowed_for @u1 }
-      it { tags_project_repository_path(@project).should be_allowed_for @u3 }
-      it { tags_project_repository_path(@project).should be_denied_for :admin }
-      it { tags_project_repository_path(@project).should be_denied_for @u2 }
-      it { tags_project_repository_path(@project).should be_denied_for :user }
-      it { tags_project_repository_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      it { project_hooks_path(@project).should be_allowed_for @u1 }
-      it { project_hooks_path(@project).should be_allowed_for @u3 }
-      it { project_hooks_path(@project).should be_denied_for :admin }
-      it { project_hooks_path(@project).should be_denied_for @u2 }
-      it { project_hooks_path(@project).should be_denied_for :user }
-      it { project_hooks_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/files" do
-      it { files_project_path(@project).should be_allowed_for @u1 }
-      it { files_project_path(@project).should be_allowed_for @u3 }
-      it { files_project_path(@project).should be_denied_for :admin }
-      it { files_project_path(@project).should be_denied_for @u2 }
-      it { files_project_path(@project).should be_denied_for :user }
-      it { files_project_path(@project).should be_denied_for :visitor }
-    end
-  end
-end
...	...	@@ -0,0 +1,18 @@
	1	+Feature: Milestones
	2	+ Background:
	3	+ Given I signin as a user
	4	+ And I own project "Shop"
	5	+ And project "Shop" has milestone "v2.2"
	6	+ Given I visit project "Shop" milestones page
	7	+
	8	+ Scenario: I should see active milestones
	9	+ Then I should see milestone "v2.2"
	10	+
	11	+ Scenario: I should see milestone
	12	+ Given I click link "v2.2"
	13	+ Then I should see milestone "v2.2"
	14	+
	15	+ Scenario: I create new milestone
	16	+ Given I click link "New Milestone"
	17	+ And I submit new milestone "v2.3"
	18	+ Then I should see milestone "v2.3"
...	...
...	...	@@ -0,0 +1,38 @@
	1	+Given /^project "(.?)" has milestone "(.?)"$/ do \|arg1, arg2\|
	2	+ project = Project.find_by_name(arg1)
	3	+
	4	+ milestone = Factory :milestone,
	5	+ :title => arg2,
	6	+ :project => project
	7	+
	8	+ 3.times do \|i\|
	9	+ issue = Factory :issue,
	10	+ :project => project,
	11	+ :milestone => milestone
	12	+ end
	13	+end
	14	+
	15	+Given /^I visit project "(.*?)" milestones page$/ do \|arg1\|
	16	+ @project = Project.find_by_name(arg1)
	17	+ visit project_milestones_path(@project)
	18	+end
	19	+
	20	+Then /^I should see active milestones$/ do
	21	+ milestone = @project.milestones.first
	22	+ page.should have_content(milestone.title[0..10])
	23	+ page.should have_content(milestone.expires_at)
	24	+ page.should have_content("Browse Issues")
	25	+end
	26	+
	27	+Then /^I should see milestone "(.*?)"$/ do \|arg1\|
	28	+ milestone = @project.milestones.find_by_title(arg1)
	29	+ page.should have_content(milestone.title[0..10])
	30	+ page.should have_content(milestone.expires_at)
	31	+ page.should have_content("Browse Issues")
	32	+end
	33	+
	34	+Given /^I submit new milestone "(.*?)"$/ do \|arg1\|
	35	+ fill_in "milestone_title", :with => arg1
	36	+ click_button "Create milestone"
	37	+end
	38	+
...	...
...	...	@@ -0,0 +1,187 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Application access" do
	4	+ describe "GET /" do
	5	+ it { root_path.should be_allowed_for :admin }
	6	+ it { root_path.should be_allowed_for :user }
	7	+ it { root_path.should be_denied_for :visitor }
	8	+ end
	9	+
	10	+ describe "GET /projects/new" do
	11	+ it { new_project_path.should be_allowed_for :admin }
	12	+ it { new_project_path.should be_allowed_for :user }
	13	+ it { new_project_path.should be_denied_for :visitor }
	14	+ end
	15	+
	16	+ describe "Project" do
	17	+ before do
	18	+ @project = Factory :project
	19	+ @u1 = Factory :user
	20	+ @u2 = Factory :user
	21	+ @u3 = Factory :user
	22	+ # full access
	23	+ @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
	24	+ # readonly
	25	+ @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
	26	+ end
	27	+
	28	+ describe "GET /project_code" do
	29	+ it { project_path(@project).should be_allowed_for @u1 }
	30	+ it { project_path(@project).should be_allowed_for @u3 }
	31	+ it { project_path(@project).should be_denied_for :admin }
	32	+ it { project_path(@project).should be_denied_for @u2 }
	33	+ it { project_path(@project).should be_denied_for :user }
	34	+ it { project_path(@project).should be_denied_for :visitor }
	35	+ end
	36	+
	37	+ describe "GET /project_code/master/tree" do
	38	+ it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
	39	+ it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
	40	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
	41	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
	42	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
	43	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
	44	+ end
	45	+
	46	+ describe "GET /project_code/commits" do
	47	+ it { project_commits_path(@project).should be_allowed_for @u1 }
	48	+ it { project_commits_path(@project).should be_allowed_for @u3 }
	49	+ it { project_commits_path(@project).should be_denied_for :admin }
	50	+ it { project_commits_path(@project).should be_denied_for @u2 }
	51	+ it { project_commits_path(@project).should be_denied_for :user }
	52	+ it { project_commits_path(@project).should be_denied_for :visitor }
	53	+ end
	54	+
	55	+ describe "GET /project_code/commit" do
	56	+ it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
	57	+ it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
	58	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
	59	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
	60	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
	61	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
	62	+ end
	63	+
	64	+ describe "GET /project_code/team" do
	65	+ it { team_project_path(@project).should be_allowed_for @u1 }
	66	+ it { team_project_path(@project).should be_allowed_for @u3 }
	67	+ it { team_project_path(@project).should be_denied_for :admin }
	68	+ it { team_project_path(@project).should be_denied_for @u2 }
	69	+ it { team_project_path(@project).should be_denied_for :user }
	70	+ it { team_project_path(@project).should be_denied_for :visitor }
	71	+ end
	72	+
	73	+ describe "GET /project_code/wall" do
	74	+ it { wall_project_path(@project).should be_allowed_for @u1 }
	75	+ it { wall_project_path(@project).should be_allowed_for @u3 }
	76	+ it { wall_project_path(@project).should be_denied_for :admin }
	77	+ it { wall_project_path(@project).should be_denied_for @u2 }
	78	+ it { wall_project_path(@project).should be_denied_for :user }
	79	+ it { wall_project_path(@project).should be_denied_for :visitor }
	80	+ end
	81	+
	82	+ describe "GET /project_code/blob" do
	83	+ before do
	84	+ @commit = @project.commit
	85	+ @path = @commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob)}.first.name
	86	+ @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
	87	+ end
	88	+
	89	+ it { @blob_path.should be_allowed_for @u1 }
	90	+ it { @blob_path.should be_allowed_for @u3 }
	91	+ it { @blob_path.should be_denied_for :admin }
	92	+ it { @blob_path.should be_denied_for @u2 }
	93	+ it { @blob_path.should be_denied_for :user }
	94	+ it { @blob_path.should be_denied_for :visitor }
	95	+ end
	96	+
	97	+ describe "GET /project_code/edit" do
	98	+ it { edit_project_path(@project).should be_allowed_for @u1 }
	99	+ it { edit_project_path(@project).should be_denied_for @u3 }
	100	+ it { edit_project_path(@project).should be_denied_for :admin }
	101	+ it { edit_project_path(@project).should be_denied_for @u2 }
	102	+ it { edit_project_path(@project).should be_denied_for :user }
	103	+ it { edit_project_path(@project).should be_denied_for :visitor }
	104	+ end
	105	+
	106	+ describe "GET /project_code/deploy_keys" do
	107	+ it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
	108	+ it { project_deploy_keys_path(@project).should be_denied_for @u3 }
	109	+ it { project_deploy_keys_path(@project).should be_denied_for :admin }
	110	+ it { project_deploy_keys_path(@project).should be_denied_for @u2 }
	111	+ it { project_deploy_keys_path(@project).should be_denied_for :user }
	112	+ it { project_deploy_keys_path(@project).should be_denied_for :visitor }
	113	+ end
	114	+
	115	+ describe "GET /project_code/issues" do
	116	+ it { project_issues_path(@project).should be_allowed_for @u1 }
	117	+ it { project_issues_path(@project).should be_allowed_for @u3 }
	118	+ it { project_issues_path(@project).should be_denied_for :admin }
	119	+ it { project_issues_path(@project).should be_denied_for @u2 }
	120	+ it { project_issues_path(@project).should be_denied_for :user }
	121	+ it { project_issues_path(@project).should be_denied_for :visitor }
	122	+ end
	123	+
	124	+ describe "GET /project_code/snippets" do
	125	+ it { project_snippets_path(@project).should be_allowed_for @u1 }
	126	+ it { project_snippets_path(@project).should be_allowed_for @u3 }
	127	+ it { project_snippets_path(@project).should be_denied_for :admin }
	128	+ it { project_snippets_path(@project).should be_denied_for @u2 }
	129	+ it { project_snippets_path(@project).should be_denied_for :user }
	130	+ it { project_snippets_path(@project).should be_denied_for :visitor }
	131	+ end
	132	+
	133	+ describe "GET /project_code/merge_requests" do
	134	+ it { project_merge_requests_path(@project).should be_allowed_for @u1 }
	135	+ it { project_merge_requests_path(@project).should be_allowed_for @u3 }
	136	+ it { project_merge_requests_path(@project).should be_denied_for :admin }
	137	+ it { project_merge_requests_path(@project).should be_denied_for @u2 }
	138	+ it { project_merge_requests_path(@project).should be_denied_for :user }
	139	+ it { project_merge_requests_path(@project).should be_denied_for :visitor }
	140	+ end
	141	+
	142	+ describe "GET /project_code/repository" do
	143	+ it { project_repository_path(@project).should be_allowed_for @u1 }
	144	+ it { project_repository_path(@project).should be_allowed_for @u3 }
	145	+ it { project_repository_path(@project).should be_denied_for :admin }
	146	+ it { project_repository_path(@project).should be_denied_for @u2 }
	147	+ it { project_repository_path(@project).should be_denied_for :user }
	148	+ it { project_repository_path(@project).should be_denied_for :visitor }
	149	+ end
	150	+
	151	+ describe "GET /project_code/repository/branches" do
	152	+ it { branches_project_repository_path(@project).should be_allowed_for @u1 }
	153	+ it { branches_project_repository_path(@project).should be_allowed_for @u3 }
	154	+ it { branches_project_repository_path(@project).should be_denied_for :admin }
	155	+ it { branches_project_repository_path(@project).should be_denied_for @u2 }
	156	+ it { branches_project_repository_path(@project).should be_denied_for :user }
	157	+ it { branches_project_repository_path(@project).should be_denied_for :visitor }
	158	+ end
	159	+
	160	+ describe "GET /project_code/repository/tags" do
	161	+ it { tags_project_repository_path(@project).should be_allowed_for @u1 }
	162	+ it { tags_project_repository_path(@project).should be_allowed_for @u3 }
	163	+ it { tags_project_repository_path(@project).should be_denied_for :admin }
	164	+ it { tags_project_repository_path(@project).should be_denied_for @u2 }
	165	+ it { tags_project_repository_path(@project).should be_denied_for :user }
	166	+ it { tags_project_repository_path(@project).should be_denied_for :visitor }
	167	+ end
	168	+
	169	+ describe "GET /project_code/hooks" do
	170	+ it { project_hooks_path(@project).should be_allowed_for @u1 }
	171	+ it { project_hooks_path(@project).should be_allowed_for @u3 }
	172	+ it { project_hooks_path(@project).should be_denied_for :admin }
	173	+ it { project_hooks_path(@project).should be_denied_for @u2 }
	174	+ it { project_hooks_path(@project).should be_denied_for :user }
	175	+ it { project_hooks_path(@project).should be_denied_for :visitor }
	176	+ end
	177	+
	178	+ describe "GET /project_code/files" do
	179	+ it { files_project_path(@project).should be_allowed_for @u1 }
	180	+ it { files_project_path(@project).should be_allowed_for @u3 }
	181	+ it { files_project_path(@project).should be_denied_for :admin }
	182	+ it { files_project_path(@project).should be_denied_for @u2 }
	183	+ it { files_project_path(@project).should be_denied_for :user }
	184	+ it { files_project_path(@project).should be_denied_for :visitor }
	185	+ end
	186	+ end
	187	+end
...	...
...	...	@@ -1,51 +0,0 @@
1		-require 'spec_helper'
2		-
3		-describe "Milestones" do
4		- let(:project) { Factory :project }
5		-
6		- before do
7		- login_as :user
8		- project.add_access(@user, :admin)
9		-
10		- @milestone = Factory :milestone, :project => project
11		- @issue = Factory :issue, :project => project
12		-
13		- @milestone.issues << @issue
14		- end
15		-
16		- describe "GET /milestones" do
17		- before do
18		- visit project_milestones_path(project)
19		- end
20		-
21		- subject { page }
22		-
23		- it { should have_content(@milestone.title[0..10]) }
24		- it { should have_content(@milestone.expires_at) }
25		- it { should have_content("Browse Issues") }
26		- end
27		-
28		- describe "GET /milestone/:id" do
29		- before do
30		- visit project_milestone_path(project, @milestone)
31		- end
32		-
33		- subject { page }
34		-
35		- it { should have_content(@milestone.title[0..10]) }
36		- it { should have_content(@milestone.expires_at) }
37		- it { should have_content("Browse Issues") }
38		- end
39		-
40		- describe "GET /milestones/new" do
41		- before do
42		- visit new_project_milestone_path(project)
43		- fill_in "milestone_title", :with => "v2.3"
44		- click_button "Create milestone"
45		- end
46		-
47		- it { current_path.should == project_milestone_path(project, project.milestones.last) }
48		- it { page.should have_content(project.milestones.last.title[0..10]) }
49		- it { page.should have_content(project.milestones.last.expires_at) }
50		- end
51		-end
...	...	@@ -1,187 +0,0 @@
1		-require 'spec_helper'
2		-
3		-describe "Projects Security" do
4		- describe "GET /" do
5		- it { root_path.should be_allowed_for :admin }
6		- it { root_path.should be_allowed_for :user }
7		- it { root_path.should be_denied_for :visitor }
8		- end
9		-
10		- describe "GET /projects/new" do
11		- it { new_project_path.should be_allowed_for :admin }
12		- it { new_project_path.should be_allowed_for :user }
13		- it { new_project_path.should be_denied_for :visitor }
14		- end
15		-
16		- describe "Project" do
17		- before do
18		- @project = Factory :project
19		- @u1 = Factory :user
20		- @u2 = Factory :user
21		- @u3 = Factory :user
22		- # full access
23		- @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
24		- # readonly
25		- @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
26		- end
27		-
28		- describe "GET /project_code" do
29		- it { project_path(@project).should be_allowed_for @u1 }
30		- it { project_path(@project).should be_allowed_for @u3 }
31		- it { project_path(@project).should be_denied_for :admin }
32		- it { project_path(@project).should be_denied_for @u2 }
33		- it { project_path(@project).should be_denied_for :user }
34		- it { project_path(@project).should be_denied_for :visitor }
35		- end
36		-
37		- describe "GET /project_code/master/tree" do
38		- it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
39		- it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
40		- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
41		- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
42		- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
43		- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
44		- end
45		-
46		- describe "GET /project_code/commits" do
47		- it { project_commits_path(@project).should be_allowed_for @u1 }
48		- it { project_commits_path(@project).should be_allowed_for @u3 }
49		- it { project_commits_path(@project).should be_denied_for :admin }
50		- it { project_commits_path(@project).should be_denied_for @u2 }
51		- it { project_commits_path(@project).should be_denied_for :user }
52		- it { project_commits_path(@project).should be_denied_for :visitor }
53		- end
54		-
55		- describe "GET /project_code/commit" do
56		- it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
57		- it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
58		- it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
59		- it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
60		- it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
61		- it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
62		- end
63		-
64		- describe "GET /project_code/team" do
65		- it { team_project_path(@project).should be_allowed_for @u1 }
66		- it { team_project_path(@project).should be_allowed_for @u3 }
67		- it { team_project_path(@project).should be_denied_for :admin }
68		- it { team_project_path(@project).should be_denied_for @u2 }
69		- it { team_project_path(@project).should be_denied_for :user }
70		- it { team_project_path(@project).should be_denied_for :visitor }
71		- end
72		-
73		- describe "GET /project_code/wall" do
74		- it { wall_project_path(@project).should be_allowed_for @u1 }
75		- it { wall_project_path(@project).should be_allowed_for @u3 }
76		- it { wall_project_path(@project).should be_denied_for :admin }
77		- it { wall_project_path(@project).should be_denied_for @u2 }
78		- it { wall_project_path(@project).should be_denied_for :user }
79		- it { wall_project_path(@project).should be_denied_for :visitor }
80		- end
81		-
82		- describe "GET /project_code/blob" do
83		- before do
84		- @commit = @project.commit
85		- @path = @commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob)}.first.name
86		- @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
87		- end
88		-
89		- it { @blob_path.should be_allowed_for @u1 }
90		- it { @blob_path.should be_allowed_for @u3 }
91		- it { @blob_path.should be_denied_for :admin }
92		- it { @blob_path.should be_denied_for @u2 }
93		- it { @blob_path.should be_denied_for :user }
94		- it { @blob_path.should be_denied_for :visitor }
95		- end
96		-
97		- describe "GET /project_code/edit" do
98		- it { edit_project_path(@project).should be_allowed_for @u1 }
99		- it { edit_project_path(@project).should be_denied_for @u3 }
100		- it { edit_project_path(@project).should be_denied_for :admin }
101		- it { edit_project_path(@project).should be_denied_for @u2 }
102		- it { edit_project_path(@project).should be_denied_for :user }
103		- it { edit_project_path(@project).should be_denied_for :visitor }
104		- end
105		-
106		- describe "GET /project_code/deploy_keys" do
107		- it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
108		- it { project_deploy_keys_path(@project).should be_denied_for @u3 }
109		- it { project_deploy_keys_path(@project).should be_denied_for :admin }
110		- it { project_deploy_keys_path(@project).should be_denied_for @u2 }
111		- it { project_deploy_keys_path(@project).should be_denied_for :user }
112		- it { project_deploy_keys_path(@project).should be_denied_for :visitor }
113		- end
114		-
115		- describe "GET /project_code/issues" do
116		- it { project_issues_path(@project).should be_allowed_for @u1 }
117		- it { project_issues_path(@project).should be_allowed_for @u3 }
118		- it { project_issues_path(@project).should be_denied_for :admin }
119		- it { project_issues_path(@project).should be_denied_for @u2 }
120		- it { project_issues_path(@project).should be_denied_for :user }
121		- it { project_issues_path(@project).should be_denied_for :visitor }
122		- end
123		-
124		- describe "GET /project_code/snippets" do
125		- it { project_snippets_path(@project).should be_allowed_for @u1 }
126		- it { project_snippets_path(@project).should be_allowed_for @u3 }
127		- it { project_snippets_path(@project).should be_denied_for :admin }
128		- it { project_snippets_path(@project).should be_denied_for @u2 }
129		- it { project_snippets_path(@project).should be_denied_for :user }
130		- it { project_snippets_path(@project).should be_denied_for :visitor }
131		- end
132		-
133		- describe "GET /project_code/merge_requests" do
134		- it { project_merge_requests_path(@project).should be_allowed_for @u1 }
135		- it { project_merge_requests_path(@project).should be_allowed_for @u3 }
136		- it { project_merge_requests_path(@project).should be_denied_for :admin }
137		- it { project_merge_requests_path(@project).should be_denied_for @u2 }
138		- it { project_merge_requests_path(@project).should be_denied_for :user }
139		- it { project_merge_requests_path(@project).should be_denied_for :visitor }
140		- end
141		-
142		- describe "GET /project_code/repository" do
143		- it { project_repository_path(@project).should be_allowed_for @u1 }
144		- it { project_repository_path(@project).should be_allowed_for @u3 }
145		- it { project_repository_path(@project).should be_denied_for :admin }
146		- it { project_repository_path(@project).should be_denied_for @u2 }
147		- it { project_repository_path(@project).should be_denied_for :user }
148		- it { project_repository_path(@project).should be_denied_for :visitor }
149		- end
150		-
151		- describe "GET /project_code/repository/branches" do
152		- it { branches_project_repository_path(@project).should be_allowed_for @u1 }
153		- it { branches_project_repository_path(@project).should be_allowed_for @u3 }
154		- it { branches_project_repository_path(@project).should be_denied_for :admin }
155		- it { branches_project_repository_path(@project).should be_denied_for @u2 }
156		- it { branches_project_repository_path(@project).should be_denied_for :user }
157		- it { branches_project_repository_path(@project).should be_denied_for :visitor }
158		- end
159		-
160		- describe "GET /project_code/repository/tags" do
161		- it { tags_project_repository_path(@project).should be_allowed_for @u1 }
162		- it { tags_project_repository_path(@project).should be_allowed_for @u3 }
163		- it { tags_project_repository_path(@project).should be_denied_for :admin }
164		- it { tags_project_repository_path(@project).should be_denied_for @u2 }
165		- it { tags_project_repository_path(@project).should be_denied_for :user }
166		- it { tags_project_repository_path(@project).should be_denied_for :visitor }
167		- end
168		-
169		- describe "GET /project_code/hooks" do
170		- it { project_hooks_path(@project).should be_allowed_for @u1 }
171		- it { project_hooks_path(@project).should be_allowed_for @u3 }
172		- it { project_hooks_path(@project).should be_denied_for :admin }
173		- it { project_hooks_path(@project).should be_denied_for @u2 }
174		- it { project_hooks_path(@project).should be_denied_for :user }
175		- it { project_hooks_path(@project).should be_denied_for :visitor }
176		- end
177		-
178		- describe "GET /project_code/files" do
179		- it { files_project_path(@project).should be_allowed_for @u1 }
180		- it { files_project_path(@project).should be_allowed_for @u3 }
181		- it { files_project_path(@project).should be_denied_for :admin }
182		- it { files_project_path(@project).should be_denied_for @u2 }
183		- it { files_project_path(@project).should be_denied_for :user }
184		- it { files_project_path(@project).should be_denied_for :visitor }
185		- end
186		- end
187		-end