rosa-build/spec/policies/build_list_policy_spec.rb

264 lines
8.5 KiB
Ruby
Raw Normal View History

require 'spec_helper'
RSpec.describe BuildListPolicy, type: :policy do
let(:build_list) { FactoryGirl.build(:build_list) }
subject { described_class }
permissions :index? do
it "grants access to anonymous user" do
expect(subject).to permit(User.new, build_list)
end
it "grants access to user" do
expect(subject).to permit(FactoryGirl.create(:user), build_list)
end
end
%i(show? read? log? everything? owned? everything? list?).each do |perm|
permissions perm do
it "grants access for creator" do
expect(subject).to permit(build_list.user, build_list)
end
it "grants access if user can read project" do
allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(true)
expect(subject).to permit(User.new, build_list)
end
it "denies access if user can not read project" do
allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
end
end
%i(create? rerun_tests?).each do |perm|
permissions perm do
before do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true)
end
it "grants access to user" do
expect(subject).to permit(FactoryGirl.build(:user), build_list)
end
it "denies access if project is not a package" do
build_list.project.is_package = false
expect(subject).to_not permit(User.new, build_list)
end
it "denies access if user can not write to project" do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
it "denies access if user can not read platform" do
allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
end
end
permissions :dependent_projects? do
before do
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true)
end
it "grants access to user" do
expect(subject).to permit(User.new, build_list)
end
it "denies access if user can not to create build list" do
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
it "denies access if save_to_platform is not main" do
allow(build_list.save_to_platform).to receive(:main?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
end
permissions :publish_into_testing? do
before do
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true)
allow_any_instance_of(BuildListPolicy).to receive(:publish?).and_return(true)
allow(build_list).to receive(:can_publish_into_testing?).and_return(true)
end
it "grants access to user" do
expect(subject).to permit(User.new, build_list)
end
it "grants access if user can not to create but can publish build list" do
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false)
expect(subject).to permit(User.new, build_list)
end
it "denies access if build is from old core" do
build_list.new_core = false
expect(subject).to_not permit(User.new, build_list)
end
it "denies access if build can not be published" do
allow(build_list).to receive(:can_publish_into_testing?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
it "denies access if user can not to create and publish build list" do
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false)
allow_any_instance_of(BuildListPolicy).to receive(:publish?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
context 'for personal platform' do
before do
allow(build_list.save_to_platform).to receive(:main?).and_return(false)
end
it "grants access to user" do
expect(subject).to permit(User.new, build_list)
end
it "denies access if user can not to create but can publish build list" do
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false)
expect(subject).to_not permit(User.new, build_list)
end
end
end
permissions :publish? do
before do
allow(build_list).to receive(:can_publish?).and_return(true)
end
context 'build published' do
before do
allow(build_list).to receive(:build_published?).and_return(true)
end
it "denies access to user" do
expect(subject).to_not permit(User.new, build_list)
end
it "grants access to admin of platform" do
allow_any_instance_of(BuildListPolicy).to receive(:local_admin?).
with(build_list.save_to_platform).and_return(true)
expect(subject).to permit(User.new, build_list)
end
it "grants access to member of repository" do
allow(build_list.save_to_repository).to receive_message_chain(:members, :exists?).and_return(true)
expect(subject).to permit(User.new, build_list)
end
end
context 'build not published' do
it "denies access to user" do
expect(subject).to_not permit(User.new, build_list)
end
it "grants access to admin of platform if publish_without_qa is disabled" do
build_list.save_to_repository.publish_without_qa = false
allow_any_instance_of(BuildListPolicy).to receive(:local_admin?).
with(build_list.save_to_platform).and_return(true)
expect(subject).to permit(User.new, build_list)
end
it "grants access if user can write to project" do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
expect(subject).to permit(User.new, build_list)
end
end
end
permissions :create_container? do
it "denies access to user" do
expect(subject).to_not permit(User.new, build_list)
end
context 'user can write to project' do
before do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
end
it "grants access to user" do
expect(subject).to permit(User.new, build_list)
end
it "denies access if build is from old core" do
build_list.new_core = false
expect(subject).to_not permit(User.new, build_list)
end
end
context 'user admin of platform' do
before do
allow_any_instance_of(BuildListPolicy).to receive(:local_admin?).
with(build_list.save_to_platform).and_return(true)
end
it "grants access to user" do
expect(subject).to permit(User.new, build_list)
end
it "denies access if build is from old core" do
build_list.new_core = false
expect(subject).to_not permit(User.new, build_list)
end
end
end
permissions :reject_publish? do
it "denies access to user" do
expect(subject).to_not permit(User.new, build_list)
end
it "grants access if user can write to project" do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
expect(subject).to permit(User.new, build_list)
end
it "denies access to admin of platform" do
allow_any_instance_of(BuildListPolicy).to receive(:local_admin?).
with(build_list.save_to_platform).and_return(true)
expect(subject).to_not permit(User.new, build_list)
end
context 'publish_without_qa is disabled' do
before do
build_list.save_to_repository.publish_without_qa = false
end
it "denies access to user" do
expect(subject).to_not permit(User.new, build_list)
end
it "denies access if user can write to project" do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
expect(subject).to_not permit(User.new, build_list)
end
it "grants access to admin of platform" do
allow_any_instance_of(BuildListPolicy).to receive(:local_admin?).
with(build_list.save_to_platform).and_return(true)
expect(subject).to permit(User.new, build_list)
end
end
end
permissions :cancel? do
it "denies access to user" do
expect(subject).to_not permit(User.new, build_list)
end
it "grants access if user can write to project" do
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
expect(subject).to permit(User.new, build_list)
end
end
end