Group security tests

Dmitriy Zaporozhets
1 parent 2f634297
Showing 1 changed file with 83 additions and 0 deletions Show diff stats
spec/features/security/group_access_spec.rb
@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe "Group access" do
+  describe "GET /projects/new" do
+    it { new_group_path.should be_allowed_for :admin }
+    it { new_group_path.should be_allowed_for :user }
+    it { new_group_path.should be_denied_for :visitor }
+  end
+
+  describe "Group" do
+    let(:group) { create(:group) }
+
+    let(:master)   { create(:user) }
+    let(:reporter) { create(:user) }
+    let(:guest)    { create(:user) }
+
+    before do
+      group.add_user(master, Gitlab::Access::MASTER)
+      group.add_user(reporter, Gitlab::Access::REPORTER)
+      group.add_user(guest, Gitlab::Access::GUEST)
+    end
+
+    describe "GET /groups/:path" do
+      subject { group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/issues" do
+      subject { issues_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/merge_requests" do
+      subject { merge_requests_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/members" do
+      subject { members_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_allowed_for master }
+      it { should be_allowed_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+
+    describe "GET /groups/:path/edit" do
+      subject { edit_group_path(group) }
+
+      it { should be_allowed_for group.owner }
+      it { should be_denied_for master }
+      it { should be_denied_for reporter }
+      it { should be_allowed_for :admin }
+      it { should be_denied_for guest }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
+    end
+  end
+end
@@ -0,0 +1,83 @@		@@ -0,0 +1,83 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Group access" do
	4	+ describe "GET /projects/new" do
	5	+ it { new_group_path.should be_allowed_for :admin }
	6	+ it { new_group_path.should be_allowed_for :user }
	7	+ it { new_group_path.should be_denied_for :visitor }
	8	+ end
	9	+
	10	+ describe "Group" do
	11	+ let(:group) { create(:group) }
	12	+
	13	+ let(:master) { create(:user) }
	14	+ let(:reporter) { create(:user) }
	15	+ let(:guest) { create(:user) }
	16	+
	17	+ before do
	18	+ group.add_user(master, Gitlab::Access::MASTER)
	19	+ group.add_user(reporter, Gitlab::Access::REPORTER)
	20	+ group.add_user(guest, Gitlab::Access::GUEST)
	21	+ end
	22	+
	23	+ describe "GET /groups/:path" do
	24	+ subject { group_path(group) }
	25	+
	26	+ it { should be_allowed_for group.owner }
	27	+ it { should be_allowed_for master }
	28	+ it { should be_allowed_for reporter }
	29	+ it { should be_allowed_for :admin }
	30	+ it { should be_allowed_for guest }
	31	+ it { should be_denied_for :user }
	32	+ it { should be_denied_for :visitor }
	33	+ end
	34	+
	35	+ describe "GET /groups/:path/issues" do
	36	+ subject { issues_group_path(group) }
	37	+
	38	+ it { should be_allowed_for group.owner }
	39	+ it { should be_allowed_for master }
	40	+ it { should be_allowed_for reporter }
	41	+ it { should be_allowed_for :admin }
	42	+ it { should be_allowed_for guest }
	43	+ it { should be_denied_for :user }
	44	+ it { should be_denied_for :visitor }
	45	+ end
	46	+
	47	+ describe "GET /groups/:path/merge_requests" do
	48	+ subject { merge_requests_group_path(group) }
	49	+
	50	+ it { should be_allowed_for group.owner }
	51	+ it { should be_allowed_for master }
	52	+ it { should be_allowed_for reporter }
	53	+ it { should be_allowed_for :admin }
	54	+ it { should be_allowed_for guest }
	55	+ it { should be_denied_for :user }
	56	+ it { should be_denied_for :visitor }
	57	+ end
	58	+
	59	+ describe "GET /groups/:path/members" do
	60	+ subject { members_group_path(group) }
	61	+
	62	+ it { should be_allowed_for group.owner }
	63	+ it { should be_allowed_for master }
	64	+ it { should be_allowed_for reporter }
	65	+ it { should be_allowed_for :admin }
	66	+ it { should be_allowed_for guest }
	67	+ it { should be_denied_for :user }
	68	+ it { should be_denied_for :visitor }
	69	+ end
	70	+
	71	+ describe "GET /groups/:path/edit" do
	72	+ subject { edit_group_path(group) }
	73	+
	74	+ it { should be_allowed_for group.owner }
	75	+ it { should be_denied_for master }
	76	+ it { should be_denied_for reporter }
	77	+ it { should be_allowed_for :admin }
	78	+ it { should be_denied_for guest }
	79	+ it { should be_denied_for :user }
	80	+ it { should be_denied_for :visitor }
	81	+ end
	82	+ end
	83	+end