rosa-build/spec/policies/repository_policy_spec.rb

206 lines
6.7 KiB
Ruby
Raw Permalink Normal View History

2015-04-13 22:06:29 +01:00
require 'spec_helper'
RSpec.describe RepositoryPolicy, type: :policy do
let(:repository) { FactoryGirl.build(:repository) }
subject { described_class }
%i(show? projects? projects_list? read?).each do |perm|
permissions perm do
it "denies access if user can not show a platform" do
allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false)
expect(subject).to_not permit(User.new, repository)
end
it "grants access if user can show a platform" do
allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
end
end
permissions :reader? do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for reader of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_reader?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
end
permissions :write? do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for writer of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_writer?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
end
%i(update? manage_members? regenerate_metadata? signatures?).each do |perm|
permissions perm do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for admin of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
end
end
%i(create? destroy?).each do |perm|
permissions perm do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for admin of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
it "denies access for personal platform and repository with 'main' name" do
repository.platform = FactoryGirl.build(:personal_platform)
repository.name = 'main'
expect(subject).to_not permit(FactoryGirl.build(:admin), repository)
end
end
end
%i(packages? remove_member? remove_members? add_member? sync_lock_file?).each do |perm|
permissions perm do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for admin of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
it "denies access for personal platform" do
repository.platform = FactoryGirl.build(:personal_platform)
expect(subject).to_not permit(FactoryGirl.build(:admin), repository)
end
end
end
%i(add_project? remove_project?).each do |perm|
permissions perm do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for admin of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for member of repository" do
user = FactoryGirl.build(:user, id: 123)
allow_any_instance_of(RepositoryPolicy).to receive(:repository_user_ids).and_return([123])
expect(subject).to permit(user, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
end
end
permissions :settings? do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for admin of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
end
permissions :key_pair? do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "denies access for to global admin" do
expect(subject).to_not permit(FactoryGirl.build(:admin), repository)
end
it "grants access to system user" do
expect(subject).to permit(FactoryGirl.build(:user, role: 'system'), repository)
end
end
%i(add_repo_lock_file? remove_repo_lock_file?).each do |perm|
permissions perm do
it "denies access to user" do
expect(subject).to_not permit(User.new, repository)
end
it "grants access for admin of platform" do
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to permit(User.new, repository)
end
it "denies access for admin of personal platform" do
allow(repository.platform).to receive(:main?).and_return(false)
allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
with(repository.platform).and_return(true)
expect(subject).to_not permit(User.new, repository)
end
it "grants access for to global admin" do
expect(subject).to permit(FactoryGirl.build(:admin), repository)
end
it "grants access to system user" do
expect(subject).to permit(FactoryGirl.build(:user, role: 'system'), repository)
end
end
end
end