Milestones cucumber. Renamed app security test

Dmitriy Zaporozhets
1 parent 6de48825
Showing 5 changed files with 243 additions and 238 deletions Show diff stats
features/projects/issues/milestones.feature
features/step_definitions/project_merge_requests_steps.rb
spec/requests/access_spec.rb
spec/requests/milestones_spec.rb
spec/requests/projects_security_spec.rb
@@ -0,0 +1,18 @@
+Feature: Milestones
+  Background:
+    Given I signin as a user
+    And I own project "Shop"
+    And project "Shop" has milestone "v2.2"
+    Given I visit project "Shop" milestones page 
+
+  Scenario: I should see active milestones
+    Then I should see milestone "v2.2"
+
+  Scenario: I should see milestone
+    Given I click link "v2.2"
+    Then I should see milestone "v2.2"
+
+  Scenario: I create new milestone
+    Given I click link "New Milestone"
+    And I submit new milestone "v2.3"
+    Then I should see milestone "v2.3"
@@ -0,0 +1,38 @@
+Given /^project "(.*?)" has milestone "(.*?)"$/ do |arg1, arg2|
+  project = Project.find_by_name(arg1)
+
+  milestone = Factory :milestone,
+    :title => arg2,
+    :project => project
+
+  3.times do |i|
+    issue = Factory :issue,
+      :project => project,
+      :milestone => milestone
+  end
+end
+
+Given /^I visit project "(.*?)" milestones page$/ do |arg1|
+  @project = Project.find_by_name(arg1)
+  visit project_milestones_path(@project)
+end
+
+Then /^I should see active milestones$/ do
+  milestone = @project.milestones.first
+  page.should have_content(milestone.title[0..10])
+  page.should have_content(milestone.expires_at)
+  page.should have_content("Browse Issues")
+end
+
+Then /^I should see milestone "(.*?)"$/ do |arg1|
+  milestone = @project.milestones.find_by_title(arg1)
+  page.should have_content(milestone.title[0..10])
+  page.should have_content(milestone.expires_at)
+  page.should have_content("Browse Issues")
+end
+
+Given /^I submit new milestone "(.*?)"$/ do |arg1|
+  fill_in "milestone_title", :with => arg1
+  click_button "Create milestone"
+end
+
@@ -0,0 +1,187 @@
+require 'spec_helper'
+
+describe "Application access" do
+  describe "GET /" do
+    it { root_path.should be_allowed_for :admin }
+    it { root_path.should be_allowed_for :user }
+    it { root_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /projects/new" do
+    it { new_project_path.should be_allowed_for :admin }
+    it { new_project_path.should be_allowed_for :user }
+    it { new_project_path.should be_denied_for :visitor }
+  end
+
+  describe "Project" do
+    before do
+      @project = Factory :project
+      @u1 = Factory :user
+      @u2 = Factory :user
+      @u3 = Factory :user
+      # full access
+      @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
+      # readonly
+      @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
+    end
+
+    describe "GET /project_code" do
+      it { project_path(@project).should be_allowed_for @u1 }
+      it { project_path(@project).should be_allowed_for @u3 }
+      it { project_path(@project).should be_denied_for :admin }
+      it { project_path(@project).should be_denied_for @u2 }
+      it { project_path(@project).should be_denied_for :user }
+      it { project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/master/tree" do
+      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
+      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/commits" do
+      it { project_commits_path(@project).should be_allowed_for @u1 }
+      it { project_commits_path(@project).should be_allowed_for @u3 }
+      it { project_commits_path(@project).should be_denied_for :admin }
+      it { project_commits_path(@project).should be_denied_for @u2 }
+      it { project_commits_path(@project).should be_denied_for :user }
+      it { project_commits_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/commit" do
+      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
+      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
+      it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/team" do
+      it { team_project_path(@project).should be_allowed_for @u1 }
+      it { team_project_path(@project).should be_allowed_for @u3 }
+      it { team_project_path(@project).should be_denied_for :admin }
+      it { team_project_path(@project).should be_denied_for @u2 }
+      it { team_project_path(@project).should be_denied_for :user }
+      it { team_project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/wall" do
+      it { wall_project_path(@project).should be_allowed_for @u1 }
+      it { wall_project_path(@project).should be_allowed_for @u3 }
+      it { wall_project_path(@project).should be_denied_for :admin }
+      it { wall_project_path(@project).should be_denied_for @u2 }
+      it { wall_project_path(@project).should be_denied_for :user }
+      it { wall_project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/blob" do
+      before do
+        @commit = @project.commit
+        @path = @commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
+        @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
+      end
+
+      it { @blob_path.should be_allowed_for @u1 }
+      it { @blob_path.should be_allowed_for @u3 }
+      it { @blob_path.should be_denied_for :admin }
+      it { @blob_path.should be_denied_for @u2 }
+      it { @blob_path.should be_denied_for :user }
+      it { @blob_path.should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/edit" do
+      it { edit_project_path(@project).should be_allowed_for @u1 }
+      it { edit_project_path(@project).should be_denied_for @u3 }
+      it { edit_project_path(@project).should be_denied_for :admin }
+      it { edit_project_path(@project).should be_denied_for @u2 }
+      it { edit_project_path(@project).should be_denied_for :user }
+      it { edit_project_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/deploy_keys" do
+      it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
+      it { project_deploy_keys_path(@project).should be_denied_for @u3 }
+      it { project_deploy_keys_path(@project).should be_denied_for :admin }
+      it { project_deploy_keys_path(@project).should be_denied_for @u2 }
+      it { project_deploy_keys_path(@project).should be_denied_for :user }
+      it { project_deploy_keys_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/issues" do
+      it { project_issues_path(@project).should be_allowed_for @u1 }
+      it { project_issues_path(@project).should be_allowed_for @u3 }
+      it { project_issues_path(@project).should be_denied_for :admin }
+      it { project_issues_path(@project).should be_denied_for @u2 }
+      it { project_issues_path(@project).should be_denied_for :user }
+      it { project_issues_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/snippets" do
+      it { project_snippets_path(@project).should be_allowed_for @u1 }
+      it { project_snippets_path(@project).should be_allowed_for @u3 }
+      it { project_snippets_path(@project).should be_denied_for :admin }
+      it { project_snippets_path(@project).should be_denied_for @u2 }
+      it { project_snippets_path(@project).should be_denied_for :user }
+      it { project_snippets_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/merge_requests" do
+      it { project_merge_requests_path(@project).should be_allowed_for @u1 }
+      it { project_merge_requests_path(@project).should be_allowed_for @u3 }
+      it { project_merge_requests_path(@project).should be_denied_for :admin }
+      it { project_merge_requests_path(@project).should be_denied_for @u2 }
+      it { project_merge_requests_path(@project).should be_denied_for :user }
+      it { project_merge_requests_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/repository" do
+      it { project_repository_path(@project).should be_allowed_for @u1 }
+      it { project_repository_path(@project).should be_allowed_for @u3 }
+      it { project_repository_path(@project).should be_denied_for :admin }
+      it { project_repository_path(@project).should be_denied_for @u2 }
+      it { project_repository_path(@project).should be_denied_for :user }
+      it { project_repository_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/repository/branches" do
+      it { branches_project_repository_path(@project).should be_allowed_for @u1 }
+      it { branches_project_repository_path(@project).should be_allowed_for @u3 }
+      it { branches_project_repository_path(@project).should be_denied_for :admin }
+      it { branches_project_repository_path(@project).should be_denied_for @u2 }
+      it { branches_project_repository_path(@project).should be_denied_for :user }
+      it { branches_project_repository_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/repository/tags" do
+      it { tags_project_repository_path(@project).should be_allowed_for @u1 }
+      it { tags_project_repository_path(@project).should be_allowed_for @u3 }
+      it { tags_project_repository_path(@project).should be_denied_for :admin }
+      it { tags_project_repository_path(@project).should be_denied_for @u2 }
+      it { tags_project_repository_path(@project).should be_denied_for :user }
+      it { tags_project_repository_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/hooks" do
+      it { project_hooks_path(@project).should be_allowed_for @u1 }
+      it { project_hooks_path(@project).should be_allowed_for @u3 }
+      it { project_hooks_path(@project).should be_denied_for :admin }
+      it { project_hooks_path(@project).should be_denied_for @u2 }
+      it { project_hooks_path(@project).should be_denied_for :user }
+      it { project_hooks_path(@project).should be_denied_for :visitor }
+    end
+
+    describe "GET /project_code/files" do
+      it { files_project_path(@project).should be_allowed_for @u1 }
+      it { files_project_path(@project).should be_allowed_for @u3 }
+      it { files_project_path(@project).should be_denied_for :admin }
+      it { files_project_path(@project).should be_denied_for @u2 }
+      it { files_project_path(@project).should be_denied_for :user }
+      it { files_project_path(@project).should be_denied_for :visitor }
+    end
+  end
+end
@@ -1,51 +0,0 @@
-require 'spec_helper'
-
-describe "Milestones" do
-  let(:project) { Factory :project }
-
-  before do
-    login_as :user
-    project.add_access(@user, :admin)
-
-    @milestone = Factory :milestone, :project => project
-    @issue = Factory :issue, :project => project
-    
-    @milestone.issues << @issue
-  end
-
-  describe "GET /milestones" do
-    before do 
-      visit project_milestones_path(project)
-    end
-
-    subject { page }
-
-    it { should have_content(@milestone.title[0..10]) }
-    it { should have_content(@milestone.expires_at) }
-    it { should have_content("Browse Issues") }
-  end
-
-  describe "GET /milestone/:id" do 
-    before do 
-      visit project_milestone_path(project, @milestone)
-    end
-
-    subject { page }
-
-    it { should have_content(@milestone.title[0..10]) }
-    it { should have_content(@milestone.expires_at) }
-    it { should have_content("Browse Issues") }
-  end
-
-  describe "GET /milestones/new" do 
-    before do
-      visit new_project_milestone_path(project)
-      fill_in "milestone_title", :with => "v2.3" 
-      click_button "Create milestone"
-    end
-
-    it { current_path.should == project_milestone_path(project, project.milestones.last) }
-    it { page.should have_content(project.milestones.last.title[0..10]) }
-    it { page.should have_content(project.milestones.last.expires_at) }
-  end
-end
@@ -1,187 +0,0 @@
-require 'spec_helper'
-
-describe "Projects Security" do
-  describe "GET /" do
-    it { root_path.should be_allowed_for :admin }
-    it { root_path.should be_allowed_for :user }
-    it { root_path.should be_denied_for :visitor }
-  end
-
-  describe "GET /projects/new" do
-    it { new_project_path.should be_allowed_for :admin }
-    it { new_project_path.should be_allowed_for :user }
-    it { new_project_path.should be_denied_for :visitor }
-  end
-
-  describe "Project" do
-    before do
-      @project = Factory :project
-      @u1 = Factory :user
-      @u2 = Factory :user
-      @u3 = Factory :user
-      # full access
-      @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
-      # readonly
-      @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
-    end
-
-    describe "GET /project_code" do
-      it { project_path(@project).should be_allowed_for @u1 }
-      it { project_path(@project).should be_allowed_for @u3 }
-      it { project_path(@project).should be_denied_for :admin }
-      it { project_path(@project).should be_denied_for @u2 }
-      it { project_path(@project).should be_denied_for :user }
-      it { project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/master/tree" do
-      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits" do
-      it { project_commits_path(@project).should be_allowed_for @u1 }
-      it { project_commits_path(@project).should be_allowed_for @u3 }
-      it { project_commits_path(@project).should be_denied_for :admin }
-      it { project_commits_path(@project).should be_denied_for @u2 }
-      it { project_commits_path(@project).should be_denied_for :user }
-      it { project_commits_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit" do
-      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
-      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      it { team_project_path(@project).should be_allowed_for @u1 }
-      it { team_project_path(@project).should be_allowed_for @u3 }
-      it { team_project_path(@project).should be_denied_for :admin }
-      it { team_project_path(@project).should be_denied_for @u2 }
-      it { team_project_path(@project).should be_denied_for :user }
-      it { team_project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      it { wall_project_path(@project).should be_allowed_for @u1 }
-      it { wall_project_path(@project).should be_allowed_for @u3 }
-      it { wall_project_path(@project).should be_denied_for :admin }
-      it { wall_project_path(@project).should be_denied_for @u2 }
-      it { wall_project_path(@project).should be_denied_for :user }
-      it { wall_project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        @commit = @project.commit
-        @path = @commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
-        @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
-      end
-
-      it { @blob_path.should be_allowed_for @u1 }
-      it { @blob_path.should be_allowed_for @u3 }
-      it { @blob_path.should be_denied_for :admin }
-      it { @blob_path.should be_denied_for @u2 }
-      it { @blob_path.should be_denied_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      it { edit_project_path(@project).should be_allowed_for @u1 }
-      it { edit_project_path(@project).should be_denied_for @u3 }
-      it { edit_project_path(@project).should be_denied_for :admin }
-      it { edit_project_path(@project).should be_denied_for @u2 }
-      it { edit_project_path(@project).should be_denied_for :user }
-      it { edit_project_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
-      it { project_deploy_keys_path(@project).should be_denied_for @u3 }
-      it { project_deploy_keys_path(@project).should be_denied_for :admin }
-      it { project_deploy_keys_path(@project).should be_denied_for @u2 }
-      it { project_deploy_keys_path(@project).should be_denied_for :user }
-      it { project_deploy_keys_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      it { project_issues_path(@project).should be_allowed_for @u1 }
-      it { project_issues_path(@project).should be_allowed_for @u3 }
-      it { project_issues_path(@project).should be_denied_for :admin }
-      it { project_issues_path(@project).should be_denied_for @u2 }
-      it { project_issues_path(@project).should be_denied_for :user }
-      it { project_issues_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      it { project_snippets_path(@project).should be_allowed_for @u1 }
-      it { project_snippets_path(@project).should be_allowed_for @u3 }
-      it { project_snippets_path(@project).should be_denied_for :admin }
-      it { project_snippets_path(@project).should be_denied_for @u2 }
-      it { project_snippets_path(@project).should be_denied_for :user }
-      it { project_snippets_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      it { project_merge_requests_path(@project).should be_allowed_for @u1 }
-      it { project_merge_requests_path(@project).should be_allowed_for @u3 }
-      it { project_merge_requests_path(@project).should be_denied_for :admin }
-      it { project_merge_requests_path(@project).should be_denied_for @u2 }
-      it { project_merge_requests_path(@project).should be_denied_for :user }
-      it { project_merge_requests_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/repository" do
-      it { project_repository_path(@project).should be_allowed_for @u1 }
-      it { project_repository_path(@project).should be_allowed_for @u3 }
-      it { project_repository_path(@project).should be_denied_for :admin }
-      it { project_repository_path(@project).should be_denied_for @u2 }
-      it { project_repository_path(@project).should be_denied_for :user }
-      it { project_repository_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/repository/branches" do
-      it { branches_project_repository_path(@project).should be_allowed_for @u1 }
-      it { branches_project_repository_path(@project).should be_allowed_for @u3 }
-      it { branches_project_repository_path(@project).should be_denied_for :admin }
-      it { branches_project_repository_path(@project).should be_denied_for @u2 }
-      it { branches_project_repository_path(@project).should be_denied_for :user }
-      it { branches_project_repository_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/repository/tags" do
-      it { tags_project_repository_path(@project).should be_allowed_for @u1 }
-      it { tags_project_repository_path(@project).should be_allowed_for @u3 }
-      it { tags_project_repository_path(@project).should be_denied_for :admin }
-      it { tags_project_repository_path(@project).should be_denied_for @u2 }
-      it { tags_project_repository_path(@project).should be_denied_for :user }
-      it { tags_project_repository_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      it { project_hooks_path(@project).should be_allowed_for @u1 }
-      it { project_hooks_path(@project).should be_allowed_for @u3 }
-      it { project_hooks_path(@project).should be_denied_for :admin }
-      it { project_hooks_path(@project).should be_denied_for @u2 }
-      it { project_hooks_path(@project).should be_denied_for :user }
-      it { project_hooks_path(@project).should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/files" do
-      it { files_project_path(@project).should be_allowed_for @u1 }
-      it { files_project_path(@project).should be_allowed_for @u3 }
-      it { files_project_path(@project).should be_denied_for :admin }
-      it { files_project_path(@project).should be_denied_for @u2 }
-      it { files_project_path(@project).should be_denied_for :user }
-      it { files_project_path(@project).should be_denied_for :visitor }
-    end
-  end
-end
@@ -0,0 +1,18 @@		@@ -0,0 +1,18 @@
	1	+Feature: Milestones
	2	+ Background:
	3	+ Given I signin as a user
	4	+ And I own project "Shop"
	5	+ And project "Shop" has milestone "v2.2"
	6	+ Given I visit project "Shop" milestones page
	7	+
	8	+ Scenario: I should see active milestones
	9	+ Then I should see milestone "v2.2"
	10	+
	11	+ Scenario: I should see milestone
	12	+ Given I click link "v2.2"
	13	+ Then I should see milestone "v2.2"
	14	+
	15	+ Scenario: I create new milestone
	16	+ Given I click link "New Milestone"
	17	+ And I submit new milestone "v2.3"
	18	+ Then I should see milestone "v2.3"
@@ -0,0 +1,38 @@		@@ -0,0 +1,38 @@
	1	+Given /^project "(.?)" has milestone "(.?)"$/ do \|arg1, arg2\|
	2	+ project = Project.find_by_name(arg1)
	3	+
	4	+ milestone = Factory :milestone,
	5	+ :title => arg2,
	6	+ :project => project
	7	+
	8	+ 3.times do \|i\|
	9	+ issue = Factory :issue,
	10	+ :project => project,
	11	+ :milestone => milestone
	12	+ end
	13	+end
	14	+
	15	+Given /^I visit project "(.*?)" milestones page$/ do \|arg1\|
	16	+ @project = Project.find_by_name(arg1)
	17	+ visit project_milestones_path(@project)
	18	+end
	19	+
	20	+Then /^I should see active milestones$/ do
	21	+ milestone = @project.milestones.first
	22	+ page.should have_content(milestone.title[0..10])
	23	+ page.should have_content(milestone.expires_at)
	24	+ page.should have_content("Browse Issues")
	25	+end
	26	+
	27	+Then /^I should see milestone "(.*?)"$/ do \|arg1\|
	28	+ milestone = @project.milestones.find_by_title(arg1)
	29	+ page.should have_content(milestone.title[0..10])
	30	+ page.should have_content(milestone.expires_at)
	31	+ page.should have_content("Browse Issues")
	32	+end
	33	+
	34	+Given /^I submit new milestone "(.*?)"$/ do \|arg1\|
	35	+ fill_in "milestone_title", :with => arg1
	36	+ click_button "Create milestone"
	37	+end
	38	+
@@ -0,0 +1,187 @@		@@ -0,0 +1,187 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Application access" do
	4	+ describe "GET /" do
	5	+ it { root_path.should be_allowed_for :admin }
	6	+ it { root_path.should be_allowed_for :user }
	7	+ it { root_path.should be_denied_for :visitor }
	8	+ end
	9	+
	10	+ describe "GET /projects/new" do
	11	+ it { new_project_path.should be_allowed_for :admin }
	12	+ it { new_project_path.should be_allowed_for :user }
	13	+ it { new_project_path.should be_denied_for :visitor }
	14	+ end
	15	+
	16	+ describe "Project" do
	17	+ before do
	18	+ @project = Factory :project
	19	+ @u1 = Factory :user
	20	+ @u2 = Factory :user
	21	+ @u3 = Factory :user
	22	+ # full access
	23	+ @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
	24	+ # readonly
	25	+ @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
	26	+ end
	27	+
	28	+ describe "GET /project_code" do
	29	+ it { project_path(@project).should be_allowed_for @u1 }
	30	+ it { project_path(@project).should be_allowed_for @u3 }
	31	+ it { project_path(@project).should be_denied_for :admin }
	32	+ it { project_path(@project).should be_denied_for @u2 }
	33	+ it { project_path(@project).should be_denied_for :user }
	34	+ it { project_path(@project).should be_denied_for :visitor }
	35	+ end
	36	+
	37	+ describe "GET /project_code/master/tree" do
	38	+ it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
	39	+ it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
	40	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
	41	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
	42	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
	43	+ it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
	44	+ end
	45	+
	46	+ describe "GET /project_code/commits" do
	47	+ it { project_commits_path(@project).should be_allowed_for @u1 }
	48	+ it { project_commits_path(@project).should be_allowed_for @u3 }
	49	+ it { project_commits_path(@project).should be_denied_for :admin }
	50	+ it { project_commits_path(@project).should be_denied_for @u2 }
	51	+ it { project_commits_path(@project).should be_denied_for :user }
	52	+ it { project_commits_path(@project).should be_denied_for :visitor }
	53	+ end
	54	+
	55	+ describe "GET /project_code/commit" do
	56	+ it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
	57	+ it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
	58	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
	59	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
	60	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
	61	+ it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
	62	+ end
	63	+
	64	+ describe "GET /project_code/team" do
	65	+ it { team_project_path(@project).should be_allowed_for @u1 }
	66	+ it { team_project_path(@project).should be_allowed_for @u3 }
	67	+ it { team_project_path(@project).should be_denied_for :admin }
	68	+ it { team_project_path(@project).should be_denied_for @u2 }
	69	+ it { team_project_path(@project).should be_denied_for :user }
	70	+ it { team_project_path(@project).should be_denied_for :visitor }
	71	+ end
	72	+
	73	+ describe "GET /project_code/wall" do
	74	+ it { wall_project_path(@project).should be_allowed_for @u1 }
	75	+ it { wall_project_path(@project).should be_allowed_for @u3 }
	76	+ it { wall_project_path(@project).should be_denied_for :admin }
	77	+ it { wall_project_path(@project).should be_denied_for @u2 }
	78	+ it { wall_project_path(@project).should be_denied_for :user }
	79	+ it { wall_project_path(@project).should be_denied_for :visitor }
	80	+ end
	81	+
	82	+ describe "GET /project_code/blob" do
	83	+ before do
	84	+ @commit = @project.commit
	85	+ @path = @commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob)}.first.name
	86	+ @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
	87	+ end
	88	+
	89	+ it { @blob_path.should be_allowed_for @u1 }
	90	+ it { @blob_path.should be_allowed_for @u3 }
	91	+ it { @blob_path.should be_denied_for :admin }
	92	+ it { @blob_path.should be_denied_for @u2 }
	93	+ it { @blob_path.should be_denied_for :user }
	94	+ it { @blob_path.should be_denied_for :visitor }
	95	+ end
	96	+
	97	+ describe "GET /project_code/edit" do
	98	+ it { edit_project_path(@project).should be_allowed_for @u1 }
	99	+ it { edit_project_path(@project).should be_denied_for @u3 }
	100	+ it { edit_project_path(@project).should be_denied_for :admin }
	101	+ it { edit_project_path(@project).should be_denied_for @u2 }
	102	+ it { edit_project_path(@project).should be_denied_for :user }
	103	+ it { edit_project_path(@project).should be_denied_for :visitor }
	104	+ end
	105	+
	106	+ describe "GET /project_code/deploy_keys" do
	107	+ it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
	108	+ it { project_deploy_keys_path(@project).should be_denied_for @u3 }
	109	+ it { project_deploy_keys_path(@project).should be_denied_for :admin }
	110	+ it { project_deploy_keys_path(@project).should be_denied_for @u2 }
	111	+ it { project_deploy_keys_path(@project).should be_denied_for :user }
	112	+ it { project_deploy_keys_path(@project).should be_denied_for :visitor }
	113	+ end
	114	+
	115	+ describe "GET /project_code/issues" do
	116	+ it { project_issues_path(@project).should be_allowed_for @u1 }
	117	+ it { project_issues_path(@project).should be_allowed_for @u3 }
	118	+ it { project_issues_path(@project).should be_denied_for :admin }
	119	+ it { project_issues_path(@project).should be_denied_for @u2 }
	120	+ it { project_issues_path(@project).should be_denied_for :user }
	121	+ it { project_issues_path(@project).should be_denied_for :visitor }
	122	+ end
	123	+
	124	+ describe "GET /project_code/snippets" do
	125	+ it { project_snippets_path(@project).should be_allowed_for @u1 }
	126	+ it { project_snippets_path(@project).should be_allowed_for @u3 }
	127	+ it { project_snippets_path(@project).should be_denied_for :admin }
	128	+ it { project_snippets_path(@project).should be_denied_for @u2 }
	129	+ it { project_snippets_path(@project).should be_denied_for :user }
	130	+ it { project_snippets_path(@project).should be_denied_for :visitor }
	131	+ end
	132	+
	133	+ describe "GET /project_code/merge_requests" do
	134	+ it { project_merge_requests_path(@project).should be_allowed_for @u1 }
	135	+ it { project_merge_requests_path(@project).should be_allowed_for @u3 }
	136	+ it { project_merge_requests_path(@project).should be_denied_for :admin }
	137	+ it { project_merge_requests_path(@project).should be_denied_for @u2 }
	138	+ it { project_merge_requests_path(@project).should be_denied_for :user }
	139	+ it { project_merge_requests_path(@project).should be_denied_for :visitor }
	140	+ end
	141	+
	142	+ describe "GET /project_code/repository" do
	143	+ it { project_repository_path(@project).should be_allowed_for @u1 }
	144	+ it { project_repository_path(@project).should be_allowed_for @u3 }
	145	+ it { project_repository_path(@project).should be_denied_for :admin }
	146	+ it { project_repository_path(@project).should be_denied_for @u2 }
	147	+ it { project_repository_path(@project).should be_denied_for :user }
	148	+ it { project_repository_path(@project).should be_denied_for :visitor }
	149	+ end
	150	+
	151	+ describe "GET /project_code/repository/branches" do
	152	+ it { branches_project_repository_path(@project).should be_allowed_for @u1 }
	153	+ it { branches_project_repository_path(@project).should be_allowed_for @u3 }
	154	+ it { branches_project_repository_path(@project).should be_denied_for :admin }
	155	+ it { branches_project_repository_path(@project).should be_denied_for @u2 }
	156	+ it { branches_project_repository_path(@project).should be_denied_for :user }
	157	+ it { branches_project_repository_path(@project).should be_denied_for :visitor }
	158	+ end
	159	+
	160	+ describe "GET /project_code/repository/tags" do
	161	+ it { tags_project_repository_path(@project).should be_allowed_for @u1 }
	162	+ it { tags_project_repository_path(@project).should be_allowed_for @u3 }
	163	+ it { tags_project_repository_path(@project).should be_denied_for :admin }
	164	+ it { tags_project_repository_path(@project).should be_denied_for @u2 }
	165	+ it { tags_project_repository_path(@project).should be_denied_for :user }
	166	+ it { tags_project_repository_path(@project).should be_denied_for :visitor }
	167	+ end
	168	+
	169	+ describe "GET /project_code/hooks" do
	170	+ it { project_hooks_path(@project).should be_allowed_for @u1 }
	171	+ it { project_hooks_path(@project).should be_allowed_for @u3 }
	172	+ it { project_hooks_path(@project).should be_denied_for :admin }
	173	+ it { project_hooks_path(@project).should be_denied_for @u2 }
	174	+ it { project_hooks_path(@project).should be_denied_for :user }
	175	+ it { project_hooks_path(@project).should be_denied_for :visitor }
	176	+ end
	177	+
	178	+ describe "GET /project_code/files" do
	179	+ it { files_project_path(@project).should be_allowed_for @u1 }
	180	+ it { files_project_path(@project).should be_allowed_for @u3 }
	181	+ it { files_project_path(@project).should be_denied_for :admin }
	182	+ it { files_project_path(@project).should be_denied_for @u2 }
	183	+ it { files_project_path(@project).should be_denied_for :user }
	184	+ it { files_project_path(@project).should be_denied_for :visitor }
	185	+ end
	186	+ end
	187	+end
	@@ -1,51 +0,0 @@	@@ -1,51 +0,0 @@
1	-require 'spec_helper'
2	-
3	-describe "Milestones" do
4	- let(:project) { Factory :project }
5	-
6	- before do
7	- login_as :user
8	- project.add_access(@user, :admin)
9	-
10	- @milestone = Factory :milestone, :project => project
11	- @issue = Factory :issue, :project => project
12	-
13	- @milestone.issues << @issue
14	- end
15	-
16	- describe "GET /milestones" do
17	- before do
18	- visit project_milestones_path(project)
19	- end
20	-
21	- subject { page }
22	-
23	- it { should have_content(@milestone.title[0..10]) }
24	- it { should have_content(@milestone.expires_at) }
25	- it { should have_content("Browse Issues") }
26	- end
27	-
28	- describe "GET /milestone/:id" do
29	- before do
30	- visit project_milestone_path(project, @milestone)
31	- end
32	-
33	- subject { page }
34	-
35	- it { should have_content(@milestone.title[0..10]) }
36	- it { should have_content(@milestone.expires_at) }
37	- it { should have_content("Browse Issues") }
38	- end
39	-
40	- describe "GET /milestones/new" do
41	- before do
42	- visit new_project_milestone_path(project)
43	- fill_in "milestone_title", :with => "v2.3"
44	- click_button "Create milestone"
45	- end
46	-
47	- it { current_path.should == project_milestone_path(project, project.milestones.last) }
48	- it { page.should have_content(project.milestones.last.title[0..10]) }
49	- it { page.should have_content(project.milestones.last.expires_at) }
50	- end
51	-end
	@@ -1,187 +0,0 @@	@@ -1,187 +0,0 @@
1	-require 'spec_helper'
2	-
3	-describe "Projects Security" do
4	- describe "GET /" do
5	- it { root_path.should be_allowed_for :admin }
6	- it { root_path.should be_allowed_for :user }
7	- it { root_path.should be_denied_for :visitor }
8	- end
9	-
10	- describe "GET /projects/new" do
11	- it { new_project_path.should be_allowed_for :admin }
12	- it { new_project_path.should be_allowed_for :user }
13	- it { new_project_path.should be_denied_for :visitor }
14	- end
15	-
16	- describe "Project" do
17	- before do
18	- @project = Factory :project
19	- @u1 = Factory :user
20	- @u2 = Factory :user
21	- @u3 = Factory :user
22	- # full access
23	- @project.users_projects.create(:user => @u1, :project_access => UsersProject::MASTER)
24	- # readonly
25	- @project.users_projects.create(:user => @u3, :project_access => UsersProject::REPORTER)
26	- end
27	-
28	- describe "GET /project_code" do
29	- it { project_path(@project).should be_allowed_for @u1 }
30	- it { project_path(@project).should be_allowed_for @u3 }
31	- it { project_path(@project).should be_denied_for :admin }
32	- it { project_path(@project).should be_denied_for @u2 }
33	- it { project_path(@project).should be_denied_for :user }
34	- it { project_path(@project).should be_denied_for :visitor }
35	- end
36	-
37	- describe "GET /project_code/master/tree" do
38	- it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
39	- it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
40	- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
41	- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
42	- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
43	- it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
44	- end
45	-
46	- describe "GET /project_code/commits" do
47	- it { project_commits_path(@project).should be_allowed_for @u1 }
48	- it { project_commits_path(@project).should be_allowed_for @u3 }
49	- it { project_commits_path(@project).should be_denied_for :admin }
50	- it { project_commits_path(@project).should be_denied_for @u2 }
51	- it { project_commits_path(@project).should be_denied_for :user }
52	- it { project_commits_path(@project).should be_denied_for :visitor }
53	- end
54	-
55	- describe "GET /project_code/commit" do
56	- it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
57	- it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
58	- it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
59	- it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
60	- it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
61	- it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
62	- end
63	-
64	- describe "GET /project_code/team" do
65	- it { team_project_path(@project).should be_allowed_for @u1 }
66	- it { team_project_path(@project).should be_allowed_for @u3 }
67	- it { team_project_path(@project).should be_denied_for :admin }
68	- it { team_project_path(@project).should be_denied_for @u2 }
69	- it { team_project_path(@project).should be_denied_for :user }
70	- it { team_project_path(@project).should be_denied_for :visitor }
71	- end
72	-
73	- describe "GET /project_code/wall" do
74	- it { wall_project_path(@project).should be_allowed_for @u1 }
75	- it { wall_project_path(@project).should be_allowed_for @u3 }
76	- it { wall_project_path(@project).should be_denied_for :admin }
77	- it { wall_project_path(@project).should be_denied_for @u2 }
78	- it { wall_project_path(@project).should be_denied_for :user }
79	- it { wall_project_path(@project).should be_denied_for :visitor }
80	- end
81	-
82	- describe "GET /project_code/blob" do
83	- before do
84	- @commit = @project.commit
85	- @path = @commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob)}.first.name
86	- @blob_path = blob_project_ref_path(@project, @commit.id, :path => @path)
87	- end
88	-
89	- it { @blob_path.should be_allowed_for @u1 }
90	- it { @blob_path.should be_allowed_for @u3 }
91	- it { @blob_path.should be_denied_for :admin }
92	- it { @blob_path.should be_denied_for @u2 }
93	- it { @blob_path.should be_denied_for :user }
94	- it { @blob_path.should be_denied_for :visitor }
95	- end
96	-
97	- describe "GET /project_code/edit" do
98	- it { edit_project_path(@project).should be_allowed_for @u1 }
99	- it { edit_project_path(@project).should be_denied_for @u3 }
100	- it { edit_project_path(@project).should be_denied_for :admin }
101	- it { edit_project_path(@project).should be_denied_for @u2 }
102	- it { edit_project_path(@project).should be_denied_for :user }
103	- it { edit_project_path(@project).should be_denied_for :visitor }
104	- end
105	-
106	- describe "GET /project_code/deploy_keys" do
107	- it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
108	- it { project_deploy_keys_path(@project).should be_denied_for @u3 }
109	- it { project_deploy_keys_path(@project).should be_denied_for :admin }
110	- it { project_deploy_keys_path(@project).should be_denied_for @u2 }
111	- it { project_deploy_keys_path(@project).should be_denied_for :user }
112	- it { project_deploy_keys_path(@project).should be_denied_for :visitor }
113	- end
114	-
115	- describe "GET /project_code/issues" do
116	- it { project_issues_path(@project).should be_allowed_for @u1 }
117	- it { project_issues_path(@project).should be_allowed_for @u3 }
118	- it { project_issues_path(@project).should be_denied_for :admin }
119	- it { project_issues_path(@project).should be_denied_for @u2 }
120	- it { project_issues_path(@project).should be_denied_for :user }
121	- it { project_issues_path(@project).should be_denied_for :visitor }
122	- end
123	-
124	- describe "GET /project_code/snippets" do
125	- it { project_snippets_path(@project).should be_allowed_for @u1 }
126	- it { project_snippets_path(@project).should be_allowed_for @u3 }
127	- it { project_snippets_path(@project).should be_denied_for :admin }
128	- it { project_snippets_path(@project).should be_denied_for @u2 }
129	- it { project_snippets_path(@project).should be_denied_for :user }
130	- it { project_snippets_path(@project).should be_denied_for :visitor }
131	- end
132	-
133	- describe "GET /project_code/merge_requests" do
134	- it { project_merge_requests_path(@project).should be_allowed_for @u1 }
135	- it { project_merge_requests_path(@project).should be_allowed_for @u3 }
136	- it { project_merge_requests_path(@project).should be_denied_for :admin }
137	- it { project_merge_requests_path(@project).should be_denied_for @u2 }
138	- it { project_merge_requests_path(@project).should be_denied_for :user }
139	- it { project_merge_requests_path(@project).should be_denied_for :visitor }
140	- end
141	-
142	- describe "GET /project_code/repository" do
143	- it { project_repository_path(@project).should be_allowed_for @u1 }
144	- it { project_repository_path(@project).should be_allowed_for @u3 }
145	- it { project_repository_path(@project).should be_denied_for :admin }
146	- it { project_repository_path(@project).should be_denied_for @u2 }
147	- it { project_repository_path(@project).should be_denied_for :user }
148	- it { project_repository_path(@project).should be_denied_for :visitor }
149	- end
150	-
151	- describe "GET /project_code/repository/branches" do
152	- it { branches_project_repository_path(@project).should be_allowed_for @u1 }
153	- it { branches_project_repository_path(@project).should be_allowed_for @u3 }
154	- it { branches_project_repository_path(@project).should be_denied_for :admin }
155	- it { branches_project_repository_path(@project).should be_denied_for @u2 }
156	- it { branches_project_repository_path(@project).should be_denied_for :user }
157	- it { branches_project_repository_path(@project).should be_denied_for :visitor }
158	- end
159	-
160	- describe "GET /project_code/repository/tags" do
161	- it { tags_project_repository_path(@project).should be_allowed_for @u1 }
162	- it { tags_project_repository_path(@project).should be_allowed_for @u3 }
163	- it { tags_project_repository_path(@project).should be_denied_for :admin }
164	- it { tags_project_repository_path(@project).should be_denied_for @u2 }
165	- it { tags_project_repository_path(@project).should be_denied_for :user }
166	- it { tags_project_repository_path(@project).should be_denied_for :visitor }
167	- end
168	-
169	- describe "GET /project_code/hooks" do
170	- it { project_hooks_path(@project).should be_allowed_for @u1 }
171	- it { project_hooks_path(@project).should be_allowed_for @u3 }
172	- it { project_hooks_path(@project).should be_denied_for :admin }
173	- it { project_hooks_path(@project).should be_denied_for @u2 }
174	- it { project_hooks_path(@project).should be_denied_for :user }
175	- it { project_hooks_path(@project).should be_denied_for :visitor }
176	- end
177	-
178	- describe "GET /project_code/files" do
179	- it { files_project_path(@project).should be_allowed_for @u1 }
180	- it { files_project_path(@project).should be_allowed_for @u3 }
181	- it { files_project_path(@project).should be_denied_for :admin }
182	- it { files_project_path(@project).should be_denied_for @u2 }
183	- it { files_project_path(@project).should be_denied_for :user }
184	- it { files_project_path(@project).should be_denied_for :visitor }
185	- end
186	- end
187	-end