Public/Private projects security specs

Dmitriy Zaporozhets
1 parent bcdc7b5d
Showing 3 changed files with 469 additions and 474 deletions Show diff stats
spec/features/security/project/private_access_spec.rb
spec/features/security/project/public_access_spec.rb
spec/features/security/project_access_spec.rb
@@ -0,0 +1,218 @@
+require 'spec_helper'
+
+describe "Private Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master)   { create(:user) }
+  let(:guest)    { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_denied_for guest }
+    it { @blob_path.should be_denied_for :user }
+    it { @blob_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
@@ -0,0 +1,251 @@
+require 'spec_helper'
+
+describe "Public Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master) { create(:user) }
+  let(:guest) { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # public project
+    project.public = true
+    project.save!
+
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+
+  end
+
+  describe "Project should be public" do
+    subject { project }
+
+    its(:public?) { should be_true }
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_allowed_for guest }
+    it { @blob_path.should be_allowed_for :user }
+    it { @blob_path.should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets/new" do
+    subject { new_project_snippet_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests/new" do
+    subject { new_project_merge_request_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_allowed_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
@@ -1,474 +0,0 @@
-require 'spec_helper'
-
-describe "Application access" do
-  describe "GET /" do
-    it { root_path.should be_allowed_for :admin }
-    it { root_path.should be_allowed_for :user }
-    it { root_path.should be_denied_for :visitor }
-  end
-
-  describe "GET /projects/new" do
-    it { new_project_path.should be_allowed_for :admin }
-    it { new_project_path.should be_allowed_for :user }
-    it { new_project_path.should be_denied_for :visitor }
-  end
-
-  describe "Project" do
-    let(:project) { create(:project_with_code) }
-
-    let(:master) { create(:user) }
-    let(:guest) { create(:user) }
-    let(:reporter) { create(:user) }
-
-    before do
-      # full access
-      project.team << [master, :master]
-
-      # readonly
-      project.team << [reporter, :reporter]
-    end
-
-    describe "GET /project_code" do
-      subject { project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tree/master" do
-      subject { project_tree_path(project, project.repository.root_ref) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits/master" do
-      subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit/:sha" do
-      subject { project_commit_path(project, project.repository.commit) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/compare" do
-      subject { project_compare_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      subject { project_team_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      subject { project_wall_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        commit = project.repository.commit
-        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
-        @blob_path = project_blob_path(project, File.join(commit.id, path))
-      end
-
-      it { @blob_path.should be_allowed_for master }
-      it { @blob_path.should be_allowed_for reporter }
-      it { @blob_path.should be_allowed_for :admin }
-      it { @blob_path.should be_denied_for guest }
-      it { @blob_path.should be_denied_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      subject { edit_project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      subject { project_issues_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      subject { project_snippets_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches/recent" do
-      subject { recent_project_branches_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches" do
-      subject { project_branches_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:branches).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tags" do
-      subject { project_tags_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:tags).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      subject { project_hooks_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-  end
-
-
-  describe "PublicProject" do
-    let(:project) { create(:project_with_code) }
-
-    let(:master) { create(:user) }
-    let(:guest) { create(:user) }
-    let(:reporter) { create(:user) }
-
-    let(:admin) { create(:user) }
-
-    before do
-      # public project
-      project.public = true
-      project.save!
-
-      # full access
-      project.team << [master, :master]
-
-      # readonly
-      project.team << [reporter, :reporter]
-
-    end
-
-    describe "Project should be public" do
-      subject { project }
-
-      its(:public?) { should be_true }
-    end
-
-    describe "GET /project_code" do
-      subject { project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tree/master" do
-      subject { project_tree_path(project, project.repository.root_ref) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commits/master" do
-      subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/commit/:sha" do
-      subject { project_commit_path(project, project.repository.commit) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/compare" do
-      subject { project_compare_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/team" do
-      subject { project_team_index_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/wall" do
-      subject { project_wall_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/blob" do
-      before do
-        commit = project.repository.commit
-        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
-        @blob_path = project_blob_path(project, File.join(commit.id, path))
-      end
-
-      it { @blob_path.should be_allowed_for master }
-      it { @blob_path.should be_allowed_for reporter }
-      it { @blob_path.should be_allowed_for :admin }
-      it { @blob_path.should be_allowed_for guest }
-      it { @blob_path.should be_allowed_for :user }
-      it { @blob_path.should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/edit" do
-      subject { edit_project_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/deploy_keys" do
-      subject { project_deploy_keys_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_denied_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/issues" do
-      subject { project_issues_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets" do
-      subject { project_snippets_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/snippets/new" do
-      subject { new_project_snippet_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_denied_for guest }
-      it { should be_denied_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/merge_requests" do
-      subject { project_merge_requests_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches/recent" do
-      subject { recent_project_branches_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/branches" do
-      subject { project_branches_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:branches).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/tags" do
-      subject { project_tags_path(project) }
-
-      before do
-        # Speed increase
-        Project.any_instance.stub(:tags).and_return([])
-      end
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-
-    describe "GET /project_code/hooks" do
-      subject { project_hooks_path(project) }
-
-      it { should be_allowed_for master }
-      it { should be_allowed_for reporter }
-      it { should be_allowed_for :admin }
-      it { should be_allowed_for guest }
-      it { should be_allowed_for :user }
-      it { should be_denied_for :visitor }
-    end
-  end
-end
@@ -0,0 +1,218 @@		@@ -0,0 +1,218 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Private Project Access" do
	4	+ let(:project) { create(:project_with_code) }
	5	+
	6	+ let(:master) { create(:user) }
	7	+ let(:guest) { create(:user) }
	8	+ let(:reporter) { create(:user) }
	9	+
	10	+ before do
	11	+ # full access
	12	+ project.team << [master, :master]
	13	+
	14	+ # readonly
	15	+ project.team << [reporter, :reporter]
	16	+ end
	17	+
	18	+ describe "GET /:project_path" do
	19	+ subject { project_path(project) }
	20	+
	21	+ it { should be_allowed_for master }
	22	+ it { should be_allowed_for reporter }
	23	+ it { should be_allowed_for :admin }
	24	+ it { should be_denied_for guest }
	25	+ it { should be_denied_for :user }
	26	+ it { should be_denied_for :visitor }
	27	+ end
	28	+
	29	+ describe "GET /:project_path/tree/master" do
	30	+ subject { project_tree_path(project, project.repository.root_ref) }
	31	+
	32	+ it { should be_allowed_for master }
	33	+ it { should be_allowed_for reporter }
	34	+ it { should be_allowed_for :admin }
	35	+ it { should be_denied_for guest }
	36	+ it { should be_denied_for :user }
	37	+ it { should be_denied_for :visitor }
	38	+ end
	39	+
	40	+ describe "GET /:project_path/commits/master" do
	41	+ subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
	42	+
	43	+ it { should be_allowed_for master }
	44	+ it { should be_allowed_for reporter }
	45	+ it { should be_allowed_for :admin }
	46	+ it { should be_denied_for guest }
	47	+ it { should be_denied_for :user }
	48	+ it { should be_denied_for :visitor }
	49	+ end
	50	+
	51	+ describe "GET /:project_path/commit/:sha" do
	52	+ subject { project_commit_path(project, project.repository.commit) }
	53	+
	54	+ it { should be_allowed_for master }
	55	+ it { should be_allowed_for reporter }
	56	+ it { should be_allowed_for :admin }
	57	+ it { should be_denied_for guest }
	58	+ it { should be_denied_for :user }
	59	+ it { should be_denied_for :visitor }
	60	+ end
	61	+
	62	+ describe "GET /:project_path/compare" do
	63	+ subject { project_compare_index_path(project) }
	64	+
	65	+ it { should be_allowed_for master }
	66	+ it { should be_allowed_for reporter }
	67	+ it { should be_allowed_for :admin }
	68	+ it { should be_denied_for guest }
	69	+ it { should be_denied_for :user }
	70	+ it { should be_denied_for :visitor }
	71	+ end
	72	+
	73	+ describe "GET /:project_path/team" do
	74	+ subject { project_team_index_path(project) }
	75	+
	76	+ it { should be_allowed_for master }
	77	+ it { should be_denied_for reporter }
	78	+ it { should be_allowed_for :admin }
	79	+ it { should be_denied_for guest }
	80	+ it { should be_denied_for :user }
	81	+ it { should be_denied_for :visitor }
	82	+ end
	83	+
	84	+ describe "GET /:project_path/wall" do
	85	+ subject { project_wall_path(project) }
	86	+
	87	+ it { should be_allowed_for master }
	88	+ it { should be_allowed_for reporter }
	89	+ it { should be_allowed_for :admin }
	90	+ it { should be_denied_for guest }
	91	+ it { should be_denied_for :user }
	92	+ it { should be_denied_for :visitor }
	93	+ end
	94	+
	95	+ describe "GET /:project_path/blob" do
	96	+ before do
	97	+ commit = project.repository.commit
	98	+ path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
	99	+ @blob_path = project_blob_path(project, File.join(commit.id, path))
	100	+ end
	101	+
	102	+ it { @blob_path.should be_allowed_for master }
	103	+ it { @blob_path.should be_allowed_for reporter }
	104	+ it { @blob_path.should be_allowed_for :admin }
	105	+ it { @blob_path.should be_denied_for guest }
	106	+ it { @blob_path.should be_denied_for :user }
	107	+ it { @blob_path.should be_denied_for :visitor }
	108	+ end
	109	+
	110	+ describe "GET /:project_path/edit" do
	111	+ subject { edit_project_path(project) }
	112	+
	113	+ it { should be_allowed_for master }
	114	+ it { should be_denied_for reporter }
	115	+ it { should be_allowed_for :admin }
	116	+ it { should be_denied_for guest }
	117	+ it { should be_denied_for :user }
	118	+ it { should be_denied_for :visitor }
	119	+ end
	120	+
	121	+ describe "GET /:project_path/deploy_keys" do
	122	+ subject { project_deploy_keys_path(project) }
	123	+
	124	+ it { should be_allowed_for master }
	125	+ it { should be_denied_for reporter }
	126	+ it { should be_allowed_for :admin }
	127	+ it { should be_denied_for guest }
	128	+ it { should be_denied_for :user }
	129	+ it { should be_denied_for :visitor }
	130	+ end
	131	+
	132	+ describe "GET /:project_path/issues" do
	133	+ subject { project_issues_path(project) }
	134	+
	135	+ it { should be_allowed_for master }
	136	+ it { should be_allowed_for reporter }
	137	+ it { should be_allowed_for :admin }
	138	+ it { should be_denied_for guest }
	139	+ it { should be_denied_for :user }
	140	+ it { should be_denied_for :visitor }
	141	+ end
	142	+
	143	+ describe "GET /:project_path/snippets" do
	144	+ subject { project_snippets_path(project) }
	145	+
	146	+ it { should be_allowed_for master }
	147	+ it { should be_allowed_for reporter }
	148	+ it { should be_allowed_for :admin }
	149	+ it { should be_denied_for guest }
	150	+ it { should be_denied_for :user }
	151	+ it { should be_denied_for :visitor }
	152	+ end
	153	+
	154	+ describe "GET /:project_path/merge_requests" do
	155	+ subject { project_merge_requests_path(project) }
	156	+
	157	+ it { should be_allowed_for master }
	158	+ it { should be_allowed_for reporter }
	159	+ it { should be_allowed_for :admin }
	160	+ it { should be_denied_for guest }
	161	+ it { should be_denied_for :user }
	162	+ it { should be_denied_for :visitor }
	163	+ end
	164	+
	165	+ describe "GET /:project_path/branches/recent" do
	166	+ subject { recent_project_branches_path(project) }
	167	+
	168	+ it { should be_allowed_for master }
	169	+ it { should be_allowed_for reporter }
	170	+ it { should be_allowed_for :admin }
	171	+ it { should be_denied_for guest }
	172	+ it { should be_denied_for :user }
	173	+ it { should be_denied_for :visitor }
	174	+ end
	175	+
	176	+ describe "GET /:project_path/branches" do
	177	+ subject { project_branches_path(project) }
	178	+
	179	+ before do
	180	+ # Speed increase
	181	+ Project.any_instance.stub(:branches).and_return([])
	182	+ end
	183	+
	184	+ it { should be_allowed_for master }
	185	+ it { should be_allowed_for reporter }
	186	+ it { should be_allowed_for :admin }
	187	+ it { should be_denied_for guest }
	188	+ it { should be_denied_for :user }
	189	+ it { should be_denied_for :visitor }
	190	+ end
	191	+
	192	+ describe "GET /:project_path/tags" do
	193	+ subject { project_tags_path(project) }
	194	+
	195	+ before do
	196	+ # Speed increase
	197	+ Project.any_instance.stub(:tags).and_return([])
	198	+ end
	199	+
	200	+ it { should be_allowed_for master }
	201	+ it { should be_allowed_for reporter }
	202	+ it { should be_allowed_for :admin }
	203	+ it { should be_denied_for guest }
	204	+ it { should be_denied_for :user }
	205	+ it { should be_denied_for :visitor }
	206	+ end
	207	+
	208	+ describe "GET /:project_path/hooks" do
	209	+ subject { project_hooks_path(project) }
	210	+
	211	+ it { should be_allowed_for master }
	212	+ it { should be_denied_for reporter }
	213	+ it { should be_allowed_for :admin }
	214	+ it { should be_denied_for guest }
	215	+ it { should be_denied_for :user }
	216	+ it { should be_denied_for :visitor }
	217	+ end
	218	+end
@@ -0,0 +1,251 @@		@@ -0,0 +1,251 @@
	1	+require 'spec_helper'
	2	+
	3	+describe "Public Project Access" do
	4	+ let(:project) { create(:project_with_code) }
	5	+
	6	+ let(:master) { create(:user) }
	7	+ let(:guest) { create(:user) }
	8	+ let(:reporter) { create(:user) }
	9	+
	10	+ before do
	11	+ # public project
	12	+ project.public = true
	13	+ project.save!
	14	+
	15	+ # full access
	16	+ project.team << [master, :master]
	17	+
	18	+ # readonly
	19	+ project.team << [reporter, :reporter]
	20	+
	21	+ end
	22	+
	23	+ describe "Project should be public" do
	24	+ subject { project }
	25	+
	26	+ its(:public?) { should be_true }
	27	+ end
	28	+
	29	+ describe "GET /:project_path" do
	30	+ subject { project_path(project) }
	31	+
	32	+ it { should be_allowed_for master }
	33	+ it { should be_allowed_for reporter }
	34	+ it { should be_allowed_for :admin }
	35	+ it { should be_allowed_for guest }
	36	+ it { should be_allowed_for :user }
	37	+ it { should be_allowed_for :visitor }
	38	+ end
	39	+
	40	+ describe "GET /:project_path/tree/master" do
	41	+ subject { project_tree_path(project, project.repository.root_ref) }
	42	+
	43	+ it { should be_allowed_for master }
	44	+ it { should be_allowed_for reporter }
	45	+ it { should be_allowed_for :admin }
	46	+ it { should be_allowed_for guest }
	47	+ it { should be_allowed_for :user }
	48	+ it { should be_allowed_for :visitor }
	49	+ end
	50	+
	51	+ describe "GET /:project_path/commits/master" do
	52	+ subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
	53	+
	54	+ it { should be_allowed_for master }
	55	+ it { should be_allowed_for reporter }
	56	+ it { should be_allowed_for :admin }
	57	+ it { should be_allowed_for guest }
	58	+ it { should be_allowed_for :user }
	59	+ it { should be_allowed_for :visitor }
	60	+ end
	61	+
	62	+ describe "GET /:project_path/commit/:sha" do
	63	+ subject { project_commit_path(project, project.repository.commit) }
	64	+
	65	+ it { should be_allowed_for master }
	66	+ it { should be_allowed_for reporter }
	67	+ it { should be_allowed_for :admin }
	68	+ it { should be_allowed_for guest }
	69	+ it { should be_allowed_for :user }
	70	+ it { should be_allowed_for :visitor }
	71	+ end
	72	+
	73	+ describe "GET /:project_path/compare" do
	74	+ subject { project_compare_index_path(project) }
	75	+
	76	+ it { should be_allowed_for master }
	77	+ it { should be_allowed_for reporter }
	78	+ it { should be_allowed_for :admin }
	79	+ it { should be_allowed_for guest }
	80	+ it { should be_allowed_for :user }
	81	+ it { should be_allowed_for :visitor }
	82	+ end
	83	+
	84	+ describe "GET /:project_path/team" do
	85	+ subject { project_team_index_path(project) }
	86	+
	87	+ it { should be_allowed_for master }
	88	+ it { should be_denied_for reporter }
	89	+ it { should be_allowed_for :admin }
	90	+ it { should be_denied_for guest }
	91	+ it { should be_denied_for :user }
	92	+ it { should be_denied_for :visitor }
	93	+ end
	94	+
	95	+ describe "GET /:project_path/wall" do
	96	+ subject { project_wall_path(project) }
	97	+
	98	+ it { should be_allowed_for master }
	99	+ it { should be_allowed_for reporter }
	100	+ it { should be_allowed_for :admin }
	101	+ it { should be_allowed_for guest }
	102	+ it { should be_allowed_for :user }
	103	+ it { should be_allowed_for :visitor }
	104	+ end
	105	+
	106	+ describe "GET /:project_path/blob" do
	107	+ before do
	108	+ commit = project.repository.commit
	109	+ path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
	110	+ @blob_path = project_blob_path(project, File.join(commit.id, path))
	111	+ end
	112	+
	113	+ it { @blob_path.should be_allowed_for master }
	114	+ it { @blob_path.should be_allowed_for reporter }
	115	+ it { @blob_path.should be_allowed_for :admin }
	116	+ it { @blob_path.should be_allowed_for guest }
	117	+ it { @blob_path.should be_allowed_for :user }
	118	+ it { @blob_path.should be_allowed_for :visitor }
	119	+ end
	120	+
	121	+ describe "GET /:project_path/edit" do
	122	+ subject { edit_project_path(project) }
	123	+
	124	+ it { should be_allowed_for master }
	125	+ it { should be_denied_for reporter }
	126	+ it { should be_allowed_for :admin }
	127	+ it { should be_denied_for guest }
	128	+ it { should be_denied_for :user }
	129	+ it { should be_denied_for :visitor }
	130	+ end
	131	+
	132	+ describe "GET /:project_path/deploy_keys" do
	133	+ subject { project_deploy_keys_path(project) }
	134	+
	135	+ it { should be_allowed_for master }
	136	+ it { should be_denied_for reporter }
	137	+ it { should be_allowed_for :admin }
	138	+ it { should be_denied_for guest }
	139	+ it { should be_denied_for :user }
	140	+ it { should be_denied_for :visitor }
	141	+ end
	142	+
	143	+ describe "GET /:project_path/issues" do
	144	+ subject { project_issues_path(project) }
	145	+
	146	+ it { should be_allowed_for master }
	147	+ it { should be_allowed_for reporter }
	148	+ it { should be_allowed_for :admin }
	149	+ it { should be_allowed_for guest }
	150	+ it { should be_allowed_for :user }
	151	+ it { should be_allowed_for :visitor }
	152	+ end
	153	+
	154	+ describe "GET /:project_path/snippets" do
	155	+ subject { project_snippets_path(project) }
	156	+
	157	+ it { should be_allowed_for master }
	158	+ it { should be_allowed_for reporter }
	159	+ it { should be_allowed_for :admin }
	160	+ it { should be_allowed_for guest }
	161	+ it { should be_allowed_for :user }
	162	+ it { should be_allowed_for :visitor }
	163	+ end
	164	+
	165	+ describe "GET /:project_path/snippets/new" do
	166	+ subject { new_project_snippet_path(project) }
	167	+
	168	+ it { should be_allowed_for master }
	169	+ it { should be_allowed_for reporter }
	170	+ it { should be_allowed_for :admin }
	171	+ it { should be_denied_for guest }
	172	+ it { should be_denied_for :user }
	173	+ it { should be_denied_for :visitor }
	174	+ end
	175	+
	176	+ describe "GET /:project_path/merge_requests" do
	177	+ subject { project_merge_requests_path(project) }
	178	+
	179	+ it { should be_allowed_for master }
	180	+ it { should be_allowed_for reporter }
	181	+ it { should be_allowed_for :admin }
	182	+ it { should be_allowed_for guest }
	183	+ it { should be_allowed_for :user }
	184	+ it { should be_allowed_for :visitor }
	185	+ end
	186	+
	187	+ describe "GET /:project_path/merge_requests/new" do
	188	+ subject { new_project_merge_request_path(project) }
	189	+
	190	+ it { should be_allowed_for master }
	191	+ it { should be_denied_for reporter }
	192	+ it { should be_allowed_for :admin }
	193	+ it { should be_denied_for guest }
	194	+ it { should be_denied_for :user }
	195	+ it { should be_denied_for :visitor }
	196	+ end
	197	+
	198	+ describe "GET /:project_path/branches/recent" do
	199	+ subject { recent_project_branches_path(project) }
	200	+
	201	+ it { should be_allowed_for master }
	202	+ it { should be_allowed_for reporter }
	203	+ it { should be_allowed_for :admin }
	204	+ it { should be_allowed_for guest }
	205	+ it { should be_allowed_for :user }
	206	+ it { should be_allowed_for :visitor }
	207	+ end
	208	+
	209	+ describe "GET /:project_path/branches" do
	210	+ subject { project_branches_path(project) }
	211	+
	212	+ before do
	213	+ # Speed increase
	214	+ Project.any_instance.stub(:branches).and_return([])
	215	+ end
	216	+
	217	+ it { should be_allowed_for master }
	218	+ it { should be_allowed_for reporter }
	219	+ it { should be_allowed_for :admin }
	220	+ it { should be_allowed_for guest }
	221	+ it { should be_allowed_for :user }
	222	+ it { should be_allowed_for :visitor }
	223	+ end
	224	+
	225	+ describe "GET /:project_path/tags" do
	226	+ subject { project_tags_path(project) }
	227	+
	228	+ before do
	229	+ # Speed increase
	230	+ Project.any_instance.stub(:tags).and_return([])
	231	+ end
	232	+
	233	+ it { should be_allowed_for master }
	234	+ it { should be_allowed_for reporter }
	235	+ it { should be_allowed_for :admin }
	236	+ it { should be_allowed_for guest }
	237	+ it { should be_allowed_for :user }
	238	+ it { should be_allowed_for :visitor }
	239	+ end
	240	+
	241	+ describe "GET /:project_path/hooks" do
	242	+ subject { project_hooks_path(project) }
	243	+
	244	+ it { should be_allowed_for master }
	245	+ it { should be_denied_for reporter }
	246	+ it { should be_allowed_for :admin }
	247	+ it { should be_denied_for guest }
	248	+ it { should be_denied_for :user }
	249	+ it { should be_denied_for :visitor }
	250	+ end
	251	+end
	@@ -1,474 +0,0 @@	@@ -1,474 +0,0 @@
1	-require 'spec_helper'
2	-
3	-describe "Application access" do
4	- describe "GET /" do
5	- it { root_path.should be_allowed_for :admin }
6	- it { root_path.should be_allowed_for :user }
7	- it { root_path.should be_denied_for :visitor }
8	- end
9	-
10	- describe "GET /projects/new" do
11	- it { new_project_path.should be_allowed_for :admin }
12	- it { new_project_path.should be_allowed_for :user }
13	- it { new_project_path.should be_denied_for :visitor }
14	- end
15	-
16	- describe "Project" do
17	- let(:project) { create(:project_with_code) }
18	-
19	- let(:master) { create(:user) }
20	- let(:guest) { create(:user) }
21	- let(:reporter) { create(:user) }
22	-
23	- before do
24	- # full access
25	- project.team << [master, :master]
26	-
27	- # readonly
28	- project.team << [reporter, :reporter]
29	- end
30	-
31	- describe "GET /project_code" do
32	- subject { project_path(project) }
33	-
34	- it { should be_allowed_for master }
35	- it { should be_allowed_for reporter }
36	- it { should be_allowed_for :admin }
37	- it { should be_denied_for guest }
38	- it { should be_denied_for :user }
39	- it { should be_denied_for :visitor }
40	- end
41	-
42	- describe "GET /project_code/tree/master" do
43	- subject { project_tree_path(project, project.repository.root_ref) }
44	-
45	- it { should be_allowed_for master }
46	- it { should be_allowed_for reporter }
47	- it { should be_allowed_for :admin }
48	- it { should be_denied_for guest }
49	- it { should be_denied_for :user }
50	- it { should be_denied_for :visitor }
51	- end
52	-
53	- describe "GET /project_code/commits/master" do
54	- subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
55	-
56	- it { should be_allowed_for master }
57	- it { should be_allowed_for reporter }
58	- it { should be_allowed_for :admin }
59	- it { should be_denied_for guest }
60	- it { should be_denied_for :user }
61	- it { should be_denied_for :visitor }
62	- end
63	-
64	- describe "GET /project_code/commit/:sha" do
65	- subject { project_commit_path(project, project.repository.commit) }
66	-
67	- it { should be_allowed_for master }
68	- it { should be_allowed_for reporter }
69	- it { should be_allowed_for :admin }
70	- it { should be_denied_for guest }
71	- it { should be_denied_for :user }
72	- it { should be_denied_for :visitor }
73	- end
74	-
75	- describe "GET /project_code/compare" do
76	- subject { project_compare_index_path(project) }
77	-
78	- it { should be_allowed_for master }
79	- it { should be_allowed_for reporter }
80	- it { should be_allowed_for :admin }
81	- it { should be_denied_for guest }
82	- it { should be_denied_for :user }
83	- it { should be_denied_for :visitor }
84	- end
85	-
86	- describe "GET /project_code/team" do
87	- subject { project_team_index_path(project) }
88	-
89	- it { should be_allowed_for master }
90	- it { should be_allowed_for reporter }
91	- it { should be_allowed_for :admin }
92	- it { should be_denied_for guest }
93	- it { should be_denied_for :user }
94	- it { should be_denied_for :visitor }
95	- end
96	-
97	- describe "GET /project_code/wall" do
98	- subject { project_wall_path(project) }
99	-
100	- it { should be_allowed_for master }
101	- it { should be_allowed_for reporter }
102	- it { should be_allowed_for :admin }
103	- it { should be_denied_for guest }
104	- it { should be_denied_for :user }
105	- it { should be_denied_for :visitor }
106	- end
107	-
108	- describe "GET /project_code/blob" do
109	- before do
110	- commit = project.repository.commit
111	- path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
112	- @blob_path = project_blob_path(project, File.join(commit.id, path))
113	- end
114	-
115	- it { @blob_path.should be_allowed_for master }
116	- it { @blob_path.should be_allowed_for reporter }
117	- it { @blob_path.should be_allowed_for :admin }
118	- it { @blob_path.should be_denied_for guest }
119	- it { @blob_path.should be_denied_for :user }
120	- it { @blob_path.should be_denied_for :visitor }
121	- end
122	-
123	- describe "GET /project_code/edit" do
124	- subject { edit_project_path(project) }
125	-
126	- it { should be_allowed_for master }
127	- it { should be_denied_for reporter }
128	- it { should be_allowed_for :admin }
129	- it { should be_denied_for guest }
130	- it { should be_denied_for :user }
131	- it { should be_denied_for :visitor }
132	- end
133	-
134	- describe "GET /project_code/deploy_keys" do
135	- subject { project_deploy_keys_path(project) }
136	-
137	- it { should be_allowed_for master }
138	- it { should be_denied_for reporter }
139	- it { should be_allowed_for :admin }
140	- it { should be_denied_for guest }
141	- it { should be_denied_for :user }
142	- it { should be_denied_for :visitor }
143	- end
144	-
145	- describe "GET /project_code/issues" do
146	- subject { project_issues_path(project) }
147	-
148	- it { should be_allowed_for master }
149	- it { should be_allowed_for reporter }
150	- it { should be_allowed_for :admin }
151	- it { should be_denied_for guest }
152	- it { should be_denied_for :user }
153	- it { should be_denied_for :visitor }
154	- end
155	-
156	- describe "GET /project_code/snippets" do
157	- subject { project_snippets_path(project) }
158	-
159	- it { should be_allowed_for master }
160	- it { should be_allowed_for reporter }
161	- it { should be_allowed_for :admin }
162	- it { should be_denied_for guest }
163	- it { should be_denied_for :user }
164	- it { should be_denied_for :visitor }
165	- end
166	-
167	- describe "GET /project_code/merge_requests" do
168	- subject { project_merge_requests_path(project) }
169	-
170	- it { should be_allowed_for master }
171	- it { should be_allowed_for reporter }
172	- it { should be_allowed_for :admin }
173	- it { should be_denied_for guest }
174	- it { should be_denied_for :user }
175	- it { should be_denied_for :visitor }
176	- end
177	-
178	- describe "GET /project_code/branches/recent" do
179	- subject { recent_project_branches_path(project) }
180	-
181	- it { should be_allowed_for master }
182	- it { should be_allowed_for reporter }
183	- it { should be_allowed_for :admin }
184	- it { should be_denied_for guest }
185	- it { should be_denied_for :user }
186	- it { should be_denied_for :visitor }
187	- end
188	-
189	- describe "GET /project_code/branches" do
190	- subject { project_branches_path(project) }
191	-
192	- before do
193	- # Speed increase
194	- Project.any_instance.stub(:branches).and_return([])
195	- end
196	-
197	- it { should be_allowed_for master }
198	- it { should be_allowed_for reporter }
199	- it { should be_allowed_for :admin }
200	- it { should be_denied_for guest }
201	- it { should be_denied_for :user }
202	- it { should be_denied_for :visitor }
203	- end
204	-
205	- describe "GET /project_code/tags" do
206	- subject { project_tags_path(project) }
207	-
208	- before do
209	- # Speed increase
210	- Project.any_instance.stub(:tags).and_return([])
211	- end
212	-
213	- it { should be_allowed_for master }
214	- it { should be_allowed_for reporter }
215	- it { should be_allowed_for :admin }
216	- it { should be_denied_for guest }
217	- it { should be_denied_for :user }
218	- it { should be_denied_for :visitor }
219	- end
220	-
221	- describe "GET /project_code/hooks" do
222	- subject { project_hooks_path(project) }
223	-
224	- it { should be_allowed_for master }
225	- it { should be_allowed_for reporter }
226	- it { should be_allowed_for :admin }
227	- it { should be_denied_for guest }
228	- it { should be_denied_for :user }
229	- it { should be_denied_for :visitor }
230	- end
231	- end
232	-
233	-
234	- describe "PublicProject" do
235	- let(:project) { create(:project_with_code) }
236	-
237	- let(:master) { create(:user) }
238	- let(:guest) { create(:user) }
239	- let(:reporter) { create(:user) }
240	-
241	- let(:admin) { create(:user) }
242	-
243	- before do
244	- # public project
245	- project.public = true
246	- project.save!
247	-
248	- # full access
249	- project.team << [master, :master]
250	-
251	- # readonly
252	- project.team << [reporter, :reporter]
253	-
254	- end
255	-
256	- describe "Project should be public" do
257	- subject { project }
258	-
259	- its(:public?) { should be_true }
260	- end
261	-
262	- describe "GET /project_code" do
263	- subject { project_path(project) }
264	-
265	- it { should be_allowed_for master }
266	- it { should be_allowed_for reporter }
267	- it { should be_allowed_for admin }
268	- it { should be_allowed_for guest }
269	- it { should be_allowed_for :user }
270	- it { should be_denied_for :visitor }
271	- end
272	-
273	- describe "GET /project_code/tree/master" do
274	- subject { project_tree_path(project, project.repository.root_ref) }
275	-
276	- it { should be_allowed_for master }
277	- it { should be_allowed_for reporter }
278	- it { should be_allowed_for :admin }
279	- it { should be_allowed_for guest }
280	- it { should be_allowed_for :user }
281	- it { should be_denied_for :visitor }
282	- end
283	-
284	- describe "GET /project_code/commits/master" do
285	- subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
286	-
287	- it { should be_allowed_for master }
288	- it { should be_allowed_for reporter }
289	- it { should be_allowed_for :admin }
290	- it { should be_allowed_for guest }
291	- it { should be_allowed_for :user }
292	- it { should be_denied_for :visitor }
293	- end
294	-
295	- describe "GET /project_code/commit/:sha" do
296	- subject { project_commit_path(project, project.repository.commit) }
297	-
298	- it { should be_allowed_for master }
299	- it { should be_allowed_for reporter }
300	- it { should be_allowed_for :admin }
301	- it { should be_allowed_for guest }
302	- it { should be_allowed_for :user }
303	- it { should be_denied_for :visitor }
304	- end
305	-
306	- describe "GET /project_code/compare" do
307	- subject { project_compare_index_path(project) }
308	-
309	- it { should be_allowed_for master }
310	- it { should be_allowed_for reporter }
311	- it { should be_allowed_for :admin }
312	- it { should be_allowed_for guest }
313	- it { should be_allowed_for :user }
314	- it { should be_denied_for :visitor }
315	- end
316	-
317	- describe "GET /project_code/team" do
318	- subject { project_team_index_path(project) }
319	-
320	- it { should be_allowed_for master }
321	- it { should be_allowed_for reporter }
322	- it { should be_allowed_for :admin }
323	- it { should be_allowed_for guest }
324	- it { should be_allowed_for :user }
325	- it { should be_denied_for :visitor }
326	- end
327	-
328	- describe "GET /project_code/wall" do
329	- subject { project_wall_path(project) }
330	-
331	- it { should be_allowed_for master }
332	- it { should be_allowed_for reporter }
333	- it { should be_allowed_for :admin }
334	- it { should be_allowed_for guest }
335	- it { should be_allowed_for :user }
336	- it { should be_denied_for :visitor }
337	- end
338	-
339	- describe "GET /project_code/blob" do
340	- before do
341	- commit = project.repository.commit
342	- path = commit.tree.contents.select { \|i\| i.is_a?(Grit::Blob) }.first.name
343	- @blob_path = project_blob_path(project, File.join(commit.id, path))
344	- end
345	-
346	- it { @blob_path.should be_allowed_for master }
347	- it { @blob_path.should be_allowed_for reporter }
348	- it { @blob_path.should be_allowed_for :admin }
349	- it { @blob_path.should be_allowed_for guest }
350	- it { @blob_path.should be_allowed_for :user }
351	- it { @blob_path.should be_denied_for :visitor }
352	- end
353	-
354	- describe "GET /project_code/edit" do
355	- subject { edit_project_path(project) }
356	-
357	- it { should be_allowed_for master }
358	- it { should be_denied_for reporter }
359	- it { should be_allowed_for :admin }
360	- it { should be_denied_for guest }
361	- it { should be_denied_for :user }
362	- it { should be_denied_for :visitor }
363	- end
364	-
365	- describe "GET /project_code/deploy_keys" do
366	- subject { project_deploy_keys_path(project) }
367	-
368	- it { should be_allowed_for master }
369	- it { should be_denied_for reporter }
370	- it { should be_allowed_for :admin }
371	- it { should be_denied_for guest }
372	- it { should be_denied_for :user }
373	- it { should be_denied_for :visitor }
374	- end
375	-
376	- describe "GET /project_code/issues" do
377	- subject { project_issues_path(project) }
378	-
379	- it { should be_allowed_for master }
380	- it { should be_allowed_for reporter }
381	- it { should be_allowed_for :admin }
382	- it { should be_allowed_for guest }
383	- it { should be_allowed_for :user }
384	- it { should be_denied_for :visitor }
385	- end
386	-
387	- describe "GET /project_code/snippets" do
388	- subject { project_snippets_path(project) }
389	-
390	- it { should be_allowed_for master }
391	- it { should be_allowed_for reporter }
392	- it { should be_allowed_for :admin }
393	- it { should be_allowed_for guest }
394	- it { should be_allowed_for :user }
395	- it { should be_denied_for :visitor }
396	- end
397	-
398	- describe "GET /project_code/snippets/new" do
399	- subject { new_project_snippet_path(project) }
400	-
401	- it { should be_allowed_for master }
402	- it { should be_allowed_for reporter }
403	- it { should be_allowed_for :admin }
404	- it { should be_denied_for guest }
405	- it { should be_denied_for :user }
406	- it { should be_denied_for :visitor }
407	- end
408	-
409	- describe "GET /project_code/merge_requests" do
410	- subject { project_merge_requests_path(project) }
411	-
412	- it { should be_allowed_for master }
413	- it { should be_allowed_for reporter }
414	- it { should be_allowed_for :admin }
415	- it { should be_allowed_for guest }
416	- it { should be_allowed_for :user }
417	- it { should be_denied_for :visitor }
418	- end
419	-
420	- describe "GET /project_code/branches/recent" do
421	- subject { recent_project_branches_path(project) }
422	-
423	- it { should be_allowed_for master }
424	- it { should be_allowed_for reporter }
425	- it { should be_allowed_for :admin }
426	- it { should be_allowed_for guest }
427	- it { should be_allowed_for :user }
428	- it { should be_denied_for :visitor }
429	- end
430	-
431	- describe "GET /project_code/branches" do
432	- subject { project_branches_path(project) }
433	-
434	- before do
435	- # Speed increase
436	- Project.any_instance.stub(:branches).and_return([])
437	- end
438	-
439	- it { should be_allowed_for master }
440	- it { should be_allowed_for reporter }
441	- it { should be_allowed_for :admin }
442	- it { should be_allowed_for guest }
443	- it { should be_allowed_for :user }
444	- it { should be_denied_for :visitor }
445	- end
446	-
447	- describe "GET /project_code/tags" do
448	- subject { project_tags_path(project) }
449	-
450	- before do
451	- # Speed increase
452	- Project.any_instance.stub(:tags).and_return([])
453	- end
454	-
455	- it { should be_allowed_for master }
456	- it { should be_allowed_for reporter }
457	- it { should be_allowed_for :admin }
458	- it { should be_allowed_for guest }
459	- it { should be_allowed_for :user }
460	- it { should be_denied_for :visitor }
461	- end
462	-
463	- describe "GET /project_code/hooks" do
464	- subject { project_hooks_path(project) }
465	-
466	- it { should be_allowed_for master }
467	- it { should be_allowed_for reporter }
468	- it { should be_allowed_for :admin }
469	- it { should be_allowed_for guest }
470	- it { should be_allowed_for :user }
471	- it { should be_denied_for :visitor }
472	- end
473	- end
474	-end