Public/Private projects security specs

Dmitriy Zaporozhets
1 parent bcdc7b5d
Showing 3 changed files with 469 additions and 474 deletions Show diff stats
spec/features/security/project/private_access_spec.rb
spec/features/security/project/public_access_spec.rb
spec/features/security/project_access_spec.rb
@@ -0,0 +1,218 @@
+require 'spec_helper'
+
+describe "Private Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master)   { create(:user) }
+  let(:guest)    { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_denied_for guest }
+    it { @blob_path.should be_denied_for :user }
+    it { @blob_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
@@ -0,0 +1,251 @@
+require 'spec_helper'
+
+describe "Public Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master) { create(:user) }
+  let(:guest) { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # public project
+    project.public = true
+    project.save!
+
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+
+  end
+
+  describe "Project should be public" do
+    subject { project }
+
+    its(:public?) { should be_true }
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_allowed_for guest }
+    it { @blob_path.should be_allowed_for :user }
+    it { @blob_path.should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets/new" do
+    subject { new_project_snippet_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests/new" do
+    subject { new_project_merge_request_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
@@ -1,474 +0,0 @@
-require 'spec_helper'
-
-describe "Application access" do
-  describe "GET /" do
-    it { root_path.should be_allowed_for :admin }
-    it { root_path.should be_allowed_for :user }
-    it { root_path.should be_denied_for :visitor }
-  end
-
-  describe "GET /projects/new" do
-    it { new_project_path.should be_allowed_for :admin }
-    it { new_project_path.should be_allowed_for :user }
-    it { new_project_path.should be_denied_for :visitor }
-  end
-
-  describe "Project" do
-    let(:project) { create(:project_with_code) }
-
-    let(:master) { create(:user) }
-    let(:guest) { create(:user) }
-    let(:reporter) { create(:user) }
-
-    before do
-      # full access
-      project.team << [master, :master]
-
-      # readonly
-      project.team << [reporter, :reporter]
-    end
-
-    describe "GET /project_code" do
-      subject { project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tree/master" do
-      subject { project_tree_path(project, project.repository.root_ref) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits/master" do
-      subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit/:sha" do
-      subject { project_commit_path(project, project.repository.commit) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/compare" do
-      subject { project_compare_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      subject { project_team_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      subject { project_wall_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        commit = project.repository.commit
-        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
-        @blob_path = project_blob_path(project, File.join(commit.id, path))
-      end
-
-      it { @blob_path.should be_allowed_for master }
-      it { @blob_path.should be_allowed_for reporter }
-      it { @blob_path.should be_allowed_for :admin }
-      it { @blob_path.should be_denied_for guest }
-      it { @blob_path.should be_denied_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      subject { edit_project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      subject { project_issues_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      subject { project_snippets_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches/recent" do
-      subject { recent_project_branches_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches" do
-      subject { project_branches_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:branches).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tags" do
-      subject { project_tags_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:tags).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      subject { project_hooks_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-  end
-
-
-  describe "PublicProject" do
-    let(:project) { create(:project_with_code) }
-
-    let(:master) { create(:user) }
-    let(:guest) { create(:user) }
-    let(:reporter) { create(:user) }
-
-    let(:admin) { create(:user) }
-
-    before do
-      # public project
-      project.public = true
-      project.save!
-
-      # full access
-      project.team << [master, :master]
-
-      # readonly
-      project.team << [reporter, :reporter]
-
-    end
-
-    describe "Project should be public" do
-      subject { project }
-
-      its(:public?) { should be_true }
-    end
-
-    describe "GET /project_code" do
-      subject { project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tree/master" do
-      subject { project_tree_path(project, project.repository.root_ref) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits/master" do
-      subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit/:sha" do
-      subject { project_commit_path(project, project.repository.commit) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/compare" do
-      subject { project_compare_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      subject { project_team_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      subject { project_wall_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        commit = project.repository.commit
-        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
-        @blob_path = project_blob_path(project, File.join(commit.id, path))
-      end
-
-      it { @blob_path.should be_allowed_for master }
-      it { @blob_path.should be_allowed_for reporter }
-      it { @blob_path.should be_allowed_for :admin }
-      it { @blob_path.should be_allowed_for guest }
-      it { @blob_path.should be_allowed_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      subject { edit_project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      subject { project_issues_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      subject { project_snippets_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets/new" do
-      subject { new_project_snippet_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches/recent" do
-      subject { recent_project_branches_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches" do
-      subject { project_branches_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:branches).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tags" do
-      subject { project_tags_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:tags).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      subject { project_hooks_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-  end
-end
...	...	@@ -0,0 +1,218 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Private Project Access" do
	4	+ let(:project) { create(:project_with_code) }
	5	+
	6	+ let(:master) { create(:user) }
	7	+ let(:guest) { create(:user) }
	8	+ let(:reporter) { create(:user) }
	9	+
	10	+ before do
	11	+ # full access
	12	+ project.team << [master, :master]
	13	+
	14	+ # readonly
	15	+ project.team << [reporter, :reporter]
	16	+ end
	17	+
	18	+ describe "GET /:project_path" do
	19	+ subject { project_path(project) }
	20	+
	21	+ it { should be_allowed_for master }
	22	+ it { should be_allowed_for reporter }
	23	+ it { should be_allowed_for :admin }
	24	+ it { should be_denied_for guest }
	25	+ it { should be_denied_for :user }
	26	+ it { should be_denied_for :visitor }
	27	+ end
	28	+
	29	+ describe "GET /:project_path/tree/master" do
	30	+ subject { project_tree_path(project, project.repository.root_ref) }
	31	+
	32	+ it { should be_allowed_for master }
	33	+ it { should be_allowed_for reporter }
	34	+ it { should be_allowed_for :admin }
	35	+ it { should be_denied_for guest }
	36	+ it { should be_denied_for :user }
	37	+ it { should be_denied_for :visitor }
	38	+ end
	39	+
	40	+ describe "GET /:project_path/commits/master" do
	41	+ subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
	42	+
	43	+ it { should be_allowed_for master }
	44	+ it { should be_allowed_for reporter }
	45	+ it { should be_allowed_for :admin }
	46	+ it { should be_denied_for guest }
	47	+ it { should be_denied_for :user }
	48	+ it { should be_denied_for :visitor }
	49	+ end
	50	+
	51	+ describe "GET /:project_path/commit/:sha" do
	52	+ subject { project_commit_path(project, project.repository.commit) }
	53	+
	54	+ it { should be_allowed_for master }
	55	+ it { should be_allowed_for reporter }
	56	+ it { should be_allowed_for :admin }
	57	+ it { should be_denied_for guest }
	58	+ it { should be_denied_for :user }
	59	+ it { should be_denied_for :visitor }
	60	+ end
	61	+
	62	+ describe "GET /:project_path/compare" do
	63	+ subject { project_compare_index_path(project) }
	64	+
	65	+ it { should be_allowed_for master }
	66	+ it { should be_allowed_for reporter }
	67	+ it { should be_allowed_for :admin }
	68	+ it { should be_denied_for guest }
	69	+ it { should be_denied_for :user }
	70	+ it { should be_denied_for :visitor }
	71	+ end
	72	+
	73	+ describe "GET /:project_path/team" do
	74	+ subject { project_team_index_path(project) }
	75	+
	76	+ it { should be_allowed_for master }
	77	+ it { should be_denied_for reporter }
	78	+ it { should be_allowed_for :admin }
	79	+ it { should be_denied_for guest }
	80	+ it { should be_denied_for :user }
	81	+ it { should be_denied_for :visitor }
	82	+ end
	83	+
	84	+ describe "GET /:project_path/wall" do
	85	+ subject { project_wall_path(project) }
	86	+
	87	+ it { should be_allowed_for master }
	88	+ it { should be_allowed_for reporter }
	89	+ it { should be_allowed_for :admin }
	90	+ it { should be_denied_for guest }
	91	+ it { should be_denied_for :user }
	92	+ it { should be_denied_for :visitor }
	93	+ end
	94	+
	95	+ describe "GET /:project_path/blob" do
	96	+ before do
	97	+ commit = project.repository.commit
	98	+ path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
	99	+ @blob_path = project_blob_path(project, File.join(commit.id, path))
	100	+ end
	101	+
	102	+ it { @blob_path.should be_allowed_for master }
	103	+ it { @blob_path.should be_allowed_for reporter }
	104	+ it { @blob_path.should be_allowed_for :admin }
	105	+ it { @blob_path.should be_denied_for guest }
	106	+ it { @blob_path.should be_denied_for :user }
	107	+ it { @blob_path.should be_denied_for :visitor }
	108	+ end
	109	+
	110	+ describe "GET /:project_path/edit" do
	111	+ subject { edit_project_path(project) }
	112	+
	113	+ it { should be_allowed_for master }
	114	+ it { should be_denied_for reporter }
	115	+ it { should be_allowed_for :admin }
	116	+ it { should be_denied_for guest }
	117	+ it { should be_denied_for :user }
	118	+ it { should be_denied_for :visitor }
	119	+ end
	120	+
	121	+ describe "GET /:project_path/deploy_keys" do
	122	+ subject { project_deploy_keys_path(project) }
	123	+
	124	+ it { should be_allowed_for master }
	125	+ it { should be_denied_for reporter }
	126	+ it { should be_allowed_for :admin }
	127	+ it { should be_denied_for guest }
	128	+ it { should be_denied_for :user }
	129	+ it { should be_denied_for :visitor }
	130	+ end
	131	+
	132	+ describe "GET /:project_path/issues" do
	133	+ subject { project_issues_path(project) }
	134	+
	135	+ it { should be_allowed_for master }
	136	+ it { should be_allowed_for reporter }
	137	+ it { should be_allowed_for :admin }
	138	+ it { should be_denied_for guest }
	139	+ it { should be_denied_for :user }
	140	+ it { should be_denied_for :visitor }
	141	+ end
	142	+
	143	+ describe "GET /:project_path/snippets" do
	144	+ subject { project_snippets_path(project) }
	145	+
	146	+ it { should be_allowed_for master }
	147	+ it { should be_allowed_for reporter }
	148	+ it { should be_allowed_for :admin }
	149	+ it { should be_denied_for guest }
	150	+ it { should be_denied_for :user }
	151	+ it { should be_denied_for :visitor }
	152	+ end
	153	+
	154	+ describe "GET /:project_path/merge_requests" do
	155	+ subject { project_merge_requests_path(project) }
	156	+
	157	+ it { should be_allowed_for master }
	158	+ it { should be_allowed_for reporter }
	159	+ it { should be_allowed_for :admin }
	160	+ it { should be_denied_for guest }
	161	+ it { should be_denied_for :user }
	162	+ it { should be_denied_for :visitor }
	163	+ end
	164	+
	165	+ describe "GET /:project_path/branches/recent" do
	166	+ subject { recent_project_branches_path(project) }
	167	+
	168	+ it { should be_allowed_for master }
	169	+ it { should be_allowed_for reporter }
	170	+ it { should be_allowed_for :admin }
	171	+ it { should be_denied_for guest }
	172	+ it { should be_denied_for :user }
	173	+ it { should be_denied_for :visitor }
	174	+ end
	175	+
	176	+ describe "GET /:project_path/branches" do
	177	+ subject { project_branches_path(project) }
	178	+
	179	+ before do
	180	+ # Speed increase
	181	+ Project.any_instance.stub(:branches).and_return([])
	182	+ end
	183	+
	184	+ it { should be_allowed_for master }
	185	+ it { should be_allowed_for reporter }
	186	+ it { should be_allowed_for :admin }
	187	+ it { should be_denied_for guest }
	188	+ it { should be_denied_for :user }
	189	+ it { should be_denied_for :visitor }
	190	+ end
	191	+
	192	+ describe "GET /:project_path/tags" do
	193	+ subject { project_tags_path(project) }
	194	+
	195	+ before do
	196	+ # Speed increase
	197	+ Project.any_instance.stub(:tags).and_return([])
	198	+ end
	199	+
	200	+ it { should be_allowed_for master }
	201	+ it { should be_allowed_for reporter }
	202	+ it { should be_allowed_for :admin }
	203	+ it { should be_denied_for guest }
	204	+ it { should be_denied_for :user }
	205	+ it { should be_denied_for :visitor }
	206	+ end
	207	+
	208	+ describe "GET /:project_path/hooks" do
	209	+ subject { project_hooks_path(project) }
	210	+
	211	+ it { should be_allowed_for master }
	212	+ it { should be_denied_for reporter }
	213	+ it { should be_allowed_for :admin }
	214	+ it { should be_denied_for guest }
	215	+ it { should be_denied_for :user }
	216	+ it { should be_denied_for :visitor }
	217	+ end
	218	+end
...	...
...	...	@@ -0,0 +1,251 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Public Project Access" do
	4	+ let(:project) { create(:project_with_code) }
	5	+
	6	+ let(:master) { create(:user) }
	7	+ let(:guest) { create(:user) }
	8	+ let(:reporter) { create(:user) }
	9	+
	10	+ before do
	11	+ # public project
	12	+ project.public = true
	13	+ project.save!
	14	+
	15	+ # full access
	16	+ project.team << [master, :master]
	17	+
	18	+ # readonly
	19	+ project.team << [reporter, :reporter]
	20	+
	21	+ end
	22	+
	23	+ describe "Project should be public" do
	24	+ subject { project }
	25	+
	26	+ its(:public?) { should be_true }
	27	+ end
	28	+
	29	+ describe "GET /:project_path" do
	30	+ subject { project_path(project) }
	31	+
	32	+ it { should be_allowed_for master }
	33	+ it { should be_allowed_for reporter }
	34	+ it { should be_allowed_for :admin }
	35	+ it { should be_allowed_for guest }
	36	+ it { should be_allowed_for :user }
	37	+ it { should be_allowed_for :visitor }
	38	+ end
	39	+
	40	+ describe "GET /:project_path/tree/master" do
	41	+ subject { project_tree_path(project, project.repository.root_ref) }
	42	+
	43	+ it { should be_allowed_for master }
	44	+ it { should be_allowed_for reporter }
	45	+ it { should be_allowed_for :admin }
	46	+ it { should be_allowed_for guest }
	47	+ it { should be_allowed_for :user }
	48	+ it { should be_allowed_for :visitor }
	49	+ end
	50	+
	51	+ describe "GET /:project_path/commits/master" do
	52	+ subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
	53	+
	54	+ it { should be_allowed_for master }
	55	+ it { should be_allowed_for reporter }
	56	+ it { should be_allowed_for :admin }
	57	+ it { should be_allowed_for guest }
	58	+ it { should be_allowed_for :user }
	59	+ it { should be_allowed_for :visitor }
	60	+ end
	61	+
	62	+ describe "GET /:project_path/commit/:sha" do
	63	+ subject { project_commit_path(project, project.repository.commit) }
	64	+
	65	+ it { should be_allowed_for master }
	66	+ it { should be_allowed_for reporter }
	67	+ it { should be_allowed_for :admin }
	68	+ it { should be_allowed_for guest }
	69	+ it { should be_allowed_for :user }
	70	+ it { should be_allowed_for :visitor }
	71	+ end
	72	+
	73	+ describe "GET /:project_path/compare" do
	74	+ subject { project_compare_index_path(project) }
	75	+
	76	+ it { should be_allowed_for master }
	77	+ it { should be_allowed_for reporter }
	78	+ it { should be_allowed_for :admin }
	79	+ it { should be_allowed_for guest }
	80	+ it { should be_allowed_for :user }
	81	+ it { should be_allowed_for :visitor }
	82	+ end
	83	+
	84	+ describe "GET /:project_path/team" do
	85	+ subject { project_team_index_path(project) }
	86	+
	87	+ it { should be_allowed_for master }
	88	+ it { should be_denied_for reporter }
	89	+ it { should be_allowed_for :admin }
	90	+ it { should be_denied_for guest }
	91	+ it { should be_denied_for :user }
	92	+ it { should be_denied_for :visitor }
	93	+ end
	94	+
	95	+ describe "GET /:project_path/wall" do
	96	+ subject { project_wall_path(project) }
	97	+
	98	+ it { should be_allowed_for master }
	99	+ it { should be_allowed_for reporter }
	100	+ it { should be_allowed_for :admin }
	101	+ it { should be_allowed_for guest }
	102	+ it { should be_allowed_for :user }
	103	+ it { should be_allowed_for :visitor }
	104	+ end
	105	+
	106	+ describe "GET /:project_path/blob" do
	107	+ before do
	108	+ commit = project.repository.commit
	109	+ path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
	110	+ @blob_path = project_blob_path(project, File.join(commit.id, path))
	111	+ end
	112	+
	113	+ it { @blob_path.should be_allowed_for master }
	114	+ it { @blob_path.should be_allowed_for reporter }
	115	+ it { @blob_path.should be_allowed_for :admin }
	116	+ it { @blob_path.should be_allowed_for guest }
	117	+ it { @blob_path.should be_allowed_for :user }
	118	+ it { @blob_path.should be_allowed_for :visitor }
	119	+ end
	120	+
	121	+ describe "GET /:project_path/edit" do
	122	+ subject { edit_project_path(project) }
	123	+
	124	+ it { should be_allowed_for master }
	125	+ it { should be_denied_for reporter }
	126	+ it { should be_allowed_for :admin }
	127	+ it { should be_denied_for guest }
	128	+ it { should be_denied_for :user }
	129	+ it { should be_denied_for :visitor }
	130	+ end
	131	+
	132	+ describe "GET /:project_path/deploy_keys" do
	133	+ subject { project_deploy_keys_path(project) }
	134	+
	135	+ it { should be_allowed_for master }
	136	+ it { should be_denied_for reporter }
	137	+ it { should be_allowed_for :admin }
	138	+ it { should be_denied_for guest }
	139	+ it { should be_denied_for :user }
	140	+ it { should be_denied_for :visitor }
	141	+ end
	142	+
	143	+ describe "GET /:project_path/issues" do
	144	+ subject { project_issues_path(project) }
	145	+
	146	+ it { should be_allowed_for master }
	147	+ it { should be_allowed_for reporter }
	148	+ it { should be_allowed_for :admin }
	149	+ it { should be_allowed_for guest }
	150	+ it { should be_allowed_for :user }
	151	+ it { should be_allowed_for :visitor }
	152	+ end
	153	+
	154	+ describe "GET /:project_path/snippets" do
	155	+ subject { project_snippets_path(project) }
	156	+
	157	+ it { should be_allowed_for master }
	158	+ it { should be_allowed_for reporter }
	159	+ it { should be_allowed_for :admin }
	160	+ it { should be_allowed_for guest }
	161	+ it { should be_allowed_for :user }
	162	+ it { should be_allowed_for :visitor }
	163	+ end
	164	+
	165	+ describe "GET /:project_path/snippets/new" do
	166	+ subject { new_project_snippet_path(project) }
	167	+
	168	+ it { should be_allowed_for master }
	169	+ it { should be_allowed_for reporter }
	170	+ it { should be_allowed_for :admin }
	171	+ it { should be_denied_for guest }
	172	+ it { should be_denied_for :user }
	173	+ it { should be_denied_for :visitor }
	174	+ end
	175	+
	176	+ describe "GET /:project_path/merge_requests" do
	177	+ subject { project_merge_requests_path(project) }
	178	+
	179	+ it { should be_allowed_for master }
	180	+ it { should be_allowed_for reporter }
	181	+ it { should be_allowed_for :admin }
	182	+ it { should be_allowed_for guest }
	183	+ it { should be_allowed_for :user }
	184	+ it { should be_allowed_for :visitor }
	185	+ end
	186	+
	187	+ describe "GET /:project_path/merge_requests/new" do
	188	+ subject { new_project_merge_request_path(project) }
	189	+
	190	+ it { should be_allowed_for master }
	191	+ it { should be_denied_for reporter }
	192	+ it { should be_allowed_for :admin }
	193	+ it { should be_denied_for guest }
	194	+ it { should be_denied_for :user }
	195	+ it { should be_denied_for :visitor }
	196	+ end
	197	+
	198	+ describe "GET /:project_path/branches/recent" do
	199	+ subject { recent_project_branches_path(project) }
	200	+
	201	+ it { should be_allowed_for master }
	202	+ it { should be_allowed_for reporter }
	203	+ it { should be_allowed_for :admin }
	204	+ it { should be_allowed_for guest }
	205	+ it { should be_allowed_for :user }
	206	+ it { should be_allowed_for :visitor }
	207	+ end
	208	+
	209	+ describe "GET /:project_path/branches" do
	210	+ subject { project_branches_path(project) }
	211	+
	212	+ before do
	213	+ # Speed increase
	214	+ Project.any_instance.stub(:branches).and_return([])
	215	+ end
	216	+
	217	+ it { should be_allowed_for master }
	218	+ it { should be_allowed_for reporter }
	219	+ it { should be_allowed_for :admin }
	220	+ it { should be_allowed_for guest }
	221	+ it { should be_allowed_for :user }
	222	+ it { should be_allowed_for :visitor }
	223	+ end
	224	+
	225	+ describe "GET /:project_path/tags" do
	226	+ subject { project_tags_path(project) }
	227	+
	228	+ before do
	229	+ # Speed increase
	230	+ Project.any_instance.stub(:tags).and_return([])
	231	+ end
	232	+
	233	+ it { should be_allowed_for master }
	234	+ it { should be_allowed_for reporter }
	235	+ it { should be_allowed_for :admin }
	236	+ it { should be_allowed_for guest }
	237	+ it { should be_allowed_for :user }
	238	+ it { should be_allowed_for :visitor }
	239	+ end
	240	+
	241	+ describe "GET /:project_path/hooks" do
	242	+ subject { project_hooks_path(project) }
	243	+
	244	+ it { should be_allowed_for master }
	245	+ it { should be_denied_for reporter }
	246	+ it { should be_allowed_for :admin }
	247	+ it { should be_denied_for guest }
	248	+ it { should be_denied_for :user }
	249	+ it { should be_denied_for :visitor }
	250	+ end
	251	+end
...	...
...	...	@@ -1,474 +0,0 @@
1		-require 'spec_helper'
2		-
3		-describe "Application access" do
4		- describe "GET /" do
5		- it { root_path.should be_allowed_for :admin }
6		- it { root_path.should be_allowed_for :user }
7		- it { root_path.should be_denied_for :visitor }
8		- end
9		-
10		- describe "GET /projects/new" do
11		- it { new_project_path.should be_allowed_for :admin }
12		- it { new_project_path.should be_allowed_for :user }
13		- it { new_project_path.should be_denied_for :visitor }
14		- end
15		-
16		- describe "Project" do
17		- let(:project) { create(:project_with_code) }
18		-
19		- let(:master) { create(:user) }
20		- let(:guest) { create(:user) }
21		- let(:reporter) { create(:user) }
22		-
23		- before do
24		- # full access
25		- project.team << [master, :master]
26		-
27		- # readonly
28		- project.team << [reporter, :reporter]
29		- end
30		-
31		- describe "GET /project_code" do
32		- subject { project_path(project) }
33		-
34		- it { should be_allowed_for master }
35		- it { should be_allowed_for reporter }
36		- it { should be_allowed_for :admin }
37		- it { should be_denied_for guest }
38		- it { should be_denied_for :user }
39		- it { should be_denied_for :visitor }
40		- end
41		-
42		- describe "GET /project_code/tree/master" do
43		- subject { project_tree_path(project, project.repository.root_ref) }
44		-
45		- it { should be_allowed_for master }
46		- it { should be_allowed_for reporter }
47		- it { should be_allowed_for :admin }
48		- it { should be_denied_for guest }
49		- it { should be_denied_for :user }
50		- it { should be_denied_for :visitor }
51		- end
52		-
53		- describe "GET /project_code/commits/master" do
54		- subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
55		-
56		- it { should be_allowed_for master }
57		- it { should be_allowed_for reporter }
58		- it { should be_allowed_for :admin }
59		- it { should be_denied_for guest }
60		- it { should be_denied_for :user }
61		- it { should be_denied_for :visitor }
62		- end
63		-
64		- describe "GET /project_code/commit/:sha" do
65		- subject { project_commit_path(project, project.repository.commit) }
66		-
67		- it { should be_allowed_for master }
68		- it { should be_allowed_for reporter }
69		- it { should be_allowed_for :admin }
70		- it { should be_denied_for guest }
71		- it { should be_denied_for :user }
72		- it { should be_denied_for :visitor }
73		- end
74		-
75		- describe "GET /project_code/compare" do
76		- subject { project_compare_index_path(project) }
77		-
78		- it { should be_allowed_for master }
79		- it { should be_allowed_for reporter }
80		- it { should be_allowed_for :admin }
81		- it { should be_denied_for guest }
82		- it { should be_denied_for :user }
83		- it { should be_denied_for :visitor }
84		- end
85		-
86		- describe "GET /project_code/team" do
87		- subject { project_team_index_path(project) }
88		-
89		- it { should be_allowed_for master }
90		- it { should be_allowed_for reporter }
91		- it { should be_allowed_for :admin }
92		- it { should be_denied_for guest }
93		- it { should be_denied_for :user }
94		- it { should be_denied_for :visitor }
95		- end
96		-
97		- describe "GET /project_code/wall" do
98		- subject { project_wall_path(project) }
99		-
100		- it { should be_allowed_for master }
101		- it { should be_allowed_for reporter }
102		- it { should be_allowed_for :admin }
103		- it { should be_denied_for guest }
104		- it { should be_denied_for :user }
105		- it { should be_denied_for :visitor }
106		- end
107		-
108		- describe "GET /project_code/blob" do
109		- before do
110		- commit = project.repository.commit
111		- path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
112		- @blob_path = project_blob_path(project, File.join(commit.id, path))
113		- end
114		-
115		- it { @blob_path.should be_allowed_for master }
116		- it { @blob_path.should be_allowed_for reporter }
117		- it { @blob_path.should be_allowed_for :admin }
118		- it { @blob_path.should be_denied_for guest }
119		- it { @blob_path.should be_denied_for :user }
120		- it { @blob_path.should be_denied_for :visitor }
121		- end
122		-
123		- describe "GET /project_code/edit" do
124		- subject { edit_project_path(project) }
125		-
126		- it { should be_allowed_for master }
127		- it { should be_denied_for reporter }
128		- it { should be_allowed_for :admin }
129		- it { should be_denied_for guest }
130		- it { should be_denied_for :user }
131		- it { should be_denied_for :visitor }
132		- end
133		-
134		- describe "GET /project_code/deploy_keys" do
135		- subject { project_deploy_keys_path(project) }
136		-
137		- it { should be_allowed_for master }
138		- it { should be_denied_for reporter }
139		- it { should be_allowed_for :admin }
140		- it { should be_denied_for guest }
141		- it { should be_denied_for :user }
142		- it { should be_denied_for :visitor }
143		- end
144		-
145		- describe "GET /project_code/issues" do
146		- subject { project_issues_path(project) }
147		-
148		- it { should be_allowed_for master }
149		- it { should be_allowed_for reporter }
150		- it { should be_allowed_for :admin }
151		- it { should be_denied_for guest }
152		- it { should be_denied_for :user }
153		- it { should be_denied_for :visitor }
154		- end
155		-
156		- describe "GET /project_code/snippets" do
157		- subject { project_snippets_path(project) }
158		-
159		- it { should be_allowed_for master }
160		- it { should be_allowed_for reporter }
161		- it { should be_allowed_for :admin }
162		- it { should be_denied_for guest }
163		- it { should be_denied_for :user }
164		- it { should be_denied_for :visitor }
165		- end
166		-
167		- describe "GET /project_code/merge_requests" do
168		- subject { project_merge_requests_path(project) }
169		-
170		- it { should be_allowed_for master }
171		- it { should be_allowed_for reporter }
172		- it { should be_allowed_for :admin }
173		- it { should be_denied_for guest }
174		- it { should be_denied_for :user }
175		- it { should be_denied_for :visitor }
176		- end
177		-
178		- describe "GET /project_code/branches/recent" do
179		- subject { recent_project_branches_path(project) }
180		-
181		- it { should be_allowed_for master }
182		- it { should be_allowed_for reporter }
183		- it { should be_allowed_for :admin }
184		- it { should be_denied_for guest }
185		- it { should be_denied_for :user }
186		- it { should be_denied_for :visitor }
187		- end
188		-
189		- describe "GET /project_code/branches" do
190		- subject { project_branches_path(project) }
191		-
192		- before do
193		- # Speed increase
194		- Project.any_instance.stub(:branches).and_return([])
195		- end
196		-
197		- it { should be_allowed_for master }
198		- it { should be_allowed_for reporter }
199		- it { should be_allowed_for :admin }
200		- it { should be_denied_for guest }
201		- it { should be_denied_for :user }
202		- it { should be_denied_for :visitor }
203		- end
204		-
205		- describe "GET /project_code/tags" do
206		- subject { project_tags_path(project) }
207		-
208		- before do
209		- # Speed increase
210		- Project.any_instance.stub(:tags).and_return([])
211		- end
212		-
213		- it { should be_allowed_for master }
214		- it { should be_allowed_for reporter }
215		- it { should be_allowed_for :admin }
216		- it { should be_denied_for guest }
217		- it { should be_denied_for :user }
218		- it { should be_denied_for :visitor }
219		- end
220		-
221		- describe "GET /project_code/hooks" do
222		- subject { project_hooks_path(project) }
223		-
224		- it { should be_allowed_for master }
225		- it { should be_allowed_for reporter }
226		- it { should be_allowed_for :admin }
227		- it { should be_denied_for guest }
228		- it { should be_denied_for :user }
229		- it { should be_denied_for :visitor }
230		- end
231		- end
232		-
233		-
234		- describe "PublicProject" do
235		- let(:project) { create(:project_with_code) }
236		-
237		- let(:master) { create(:user) }
238		- let(:guest) { create(:user) }
239		- let(:reporter) { create(:user) }
240		-
241		- let(:admin) { create(:user) }
242		-
243		- before do
244		- # public project
245		- project.public = true
246		- project.save!
247		-
248		- # full access
249		- project.team << [master, :master]
250		-
251		- # readonly
252		- project.team << [reporter, :reporter]
253		-
254		- end
255		-
256		- describe "Project should be public" do
257		- subject { project }
258		-
259		- its(:public?) { should be_true }
260		- end
261		-
262		- describe "GET /project_code" do
263		- subject { project_path(project) }
264		-
265		- it { should be_allowed_for master }
266		- it { should be_allowed_for reporter }
267		- it { should be_allowed_for admin }
268		- it { should be_allowed_for guest }
269		- it { should be_allowed_for :user }
270		- it { should be_denied_for :visitor }
271		- end
272		-
273		- describe "GET /project_code/tree/master" do
274		- subject { project_tree_path(project, project.repository.root_ref) }
275		-
276		- it { should be_allowed_for master }
277		- it { should be_allowed_for reporter }
278		- it { should be_allowed_for :admin }
279		- it { should be_allowed_for guest }
280		- it { should be_allowed_for :user }
281		- it { should be_denied_for :visitor }
282		- end
283		-
284		- describe "GET /project_code/commits/master" do
285		- subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
286		-
287		- it { should be_allowed_for master }
288		- it { should be_allowed_for reporter }
289		- it { should be_allowed_for :admin }
290		- it { should be_allowed_for guest }
291		- it { should be_allowed_for :user }
292		- it { should be_denied_for :visitor }
293		- end
294		-
295		- describe "GET /project_code/commit/:sha" do
296		- subject { project_commit_path(project, project.repository.commit) }
297		-
298		- it { should be_allowed_for master }
299		- it { should be_allowed_for reporter }
300		- it { should be_allowed_for :admin }
301		- it { should be_allowed_for guest }
302		- it { should be_allowed_for :user }
303		- it { should be_denied_for :visitor }
304		- end
305		-
306		- describe "GET /project_code/compare" do
307		- subject { project_compare_index_path(project) }
308		-
309		- it { should be_allowed_for master }
310		- it { should be_allowed_for reporter }
311		- it { should be_allowed_for :admin }
312		- it { should be_allowed_for guest }
313		- it { should be_allowed_for :user }
314		- it { should be_denied_for :visitor }
315		- end
316		-
317		- describe "GET /project_code/team" do
318		- subject { project_team_index_path(project) }
319		-
320		- it { should be_allowed_for master }
321		- it { should be_allowed_for reporter }
322		- it { should be_allowed_for :admin }
323		- it { should be_allowed_for guest }
324		- it { should be_allowed_for :user }
325		- it { should be_denied_for :visitor }
326		- end
327		-
328		- describe "GET /project_code/wall" do
329		- subject { project_wall_path(project) }
330		-
331		- it { should be_allowed_for master }
332		- it { should be_allowed_for reporter }
333		- it { should be_allowed_for :admin }
334		- it { should be_allowed_for guest }
335		- it { should be_allowed_for :user }
336		- it { should be_denied_for :visitor }
337		- end
338		-
339		- describe "GET /project_code/blob" do
340		- before do
341		- commit = project.repository.commit
342		- path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
343		- @blob_path = project_blob_path(project, File.join(commit.id, path))
344		- end
345		-
346		- it { @blob_path.should be_allowed_for master }
347		- it { @blob_path.should be_allowed_for reporter }
348		- it { @blob_path.should be_allowed_for :admin }
349		- it { @blob_path.should be_allowed_for guest }
350		- it { @blob_path.should be_allowed_for :user }
351		- it { @blob_path.should be_denied_for :visitor }
352		- end
353		-
354		- describe "GET /project_code/edit" do
355		- subject { edit_project_path(project) }
356		-
357		- it { should be_allowed_for master }
358		- it { should be_denied_for reporter }
359		- it { should be_allowed_for :admin }
360		- it { should be_denied_for guest }
361		- it { should be_denied_for :user }
362		- it { should be_denied_for :visitor }
363		- end
364		-
365		- describe "GET /project_code/deploy_keys" do
366		- subject { project_deploy_keys_path(project) }
367		-
368		- it { should be_allowed_for master }
369		- it { should be_denied_for reporter }
370		- it { should be_allowed_for :admin }
371		- it { should be_denied_for guest }
372		- it { should be_denied_for :user }
373		- it { should be_denied_for :visitor }
374		- end
375		-
376		- describe "GET /project_code/issues" do
377		- subject { project_issues_path(project) }
378		-
379		- it { should be_allowed_for master }
380		- it { should be_allowed_for reporter }
381		- it { should be_allowed_for :admin }
382		- it { should be_allowed_for guest }
383		- it { should be_allowed_for :user }
384		- it { should be_denied_for :visitor }
385		- end
386		-
387		- describe "GET /project_code/snippets" do
388		- subject { project_snippets_path(project) }
389		-
390		- it { should be_allowed_for master }
391		- it { should be_allowed_for reporter }
392		- it { should be_allowed_for :admin }
393		- it { should be_allowed_for guest }
394		- it { should be_allowed_for :user }
395		- it { should be_denied_for :visitor }
396		- end
397		-
398		- describe "GET /project_code/snippets/new" do
399		- subject { new_project_snippet_path(project) }
400		-
401		- it { should be_allowed_for master }
402		- it { should be_allowed_for reporter }
403		- it { should be_allowed_for :admin }
404		- it { should be_denied_for guest }
405		- it { should be_denied_for :user }
406		- it { should be_denied_for :visitor }
407		- end
408		-
409		- describe "GET /project_code/merge_requests" do
410		- subject { project_merge_requests_path(project) }
411		-
412		- it { should be_allowed_for master }
413		- it { should be_allowed_for reporter }
414		- it { should be_allowed_for :admin }
415		- it { should be_allowed_for guest }
416		- it { should be_allowed_for :user }
417		- it { should be_denied_for :visitor }
418		- end
419		-
420		- describe "GET /project_code/branches/recent" do
421		- subject { recent_project_branches_path(project) }
422		-
423		- it { should be_allowed_for master }
424		- it { should be_allowed_for reporter }
425		- it { should be_allowed_for :admin }
426		- it { should be_allowed_for guest }
427		- it { should be_allowed_for :user }
428		- it { should be_denied_for :visitor }
429		- end
430		-
431		- describe "GET /project_code/branches" do
432		- subject { project_branches_path(project) }
433		-
434		- before do
435		- # Speed increase
436		- Project.any_instance.stub(:branches).and_return([])
437		- end
438		-
439		- it { should be_allowed_for master }
440		- it { should be_allowed_for reporter }
441		- it { should be_allowed_for :admin }
442		- it { should be_allowed_for guest }
443		- it { should be_allowed_for :user }
444		- it { should be_denied_for :visitor }
445		- end
446		-
447		- describe "GET /project_code/tags" do
448		- subject { project_tags_path(project) }
449		-
450		- before do
451		- # Speed increase
452		- Project.any_instance.stub(:tags).and_return([])
453		- end
454		-
455		- it { should be_allowed_for master }
456		- it { should be_allowed_for reporter }
457		- it { should be_allowed_for :admin }
458		- it { should be_allowed_for guest }
459		- it { should be_allowed_for :user }
460		- it { should be_denied_for :visitor }
461		- end
462		-
463		- describe "GET /project_code/hooks" do
464		- subject { project_hooks_path(project) }
465		-
466		- it { should be_allowed_for master }
467		- it { should be_allowed_for reporter }
468		- it { should be_allowed_for :admin }
469		- it { should be_allowed_for guest }
470		- it { should be_allowed_for :user }
471		- it { should be_denied_for :visitor }
472		- end
473		- end
474		-end