#465: Added specs for RepositoryPolicy

app/policies/repository_policy.rb

@@ -1,7 +1,7 @@
 class RepositoryPolicy < ApplicationPolicy
 
   def show?
-    PlatformPolicy.new(user, record.platform).show?
+    is_admin? || PlatformPolicy.new(user, record.platform).show?
   end
   alias_method :projects?,      :show?
   alias_method :projects_list?, :show?
@@ -41,11 +41,6 @@ class RepositoryPolicy < ApplicationPolicy
   end
   alias_method :remove_project?, :add_project?
 
-  def destroy?
-    return false if record.platform.personal? && record.name == 'main'
-    is_admin? || owner?(record.platform) || local_admin?(record.platform)
-  end
-
   def settings?
     is_admin? || owner?(record.platform) || local_admin?(record.platform)
   end

spec/policies/repository_policy_spec.rb

@@ -0,0 +1,205 @@
+require 'spec_helper'
+
+RSpec.describe RepositoryPolicy, type: :policy do
+  let(:repository) { FactoryGirl.build(:repository) }
+  subject { described_class }
+
+  %i(show? projects? projects_list? read?).each do |perm|
+    permissions perm do
+      it "denies access if user can not show a platform" do
+        allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false)
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access if user can show a platform" do
+        allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true)
+        expect(subject).to permit(User.new, repository)
+      end
+
+      it "grants access for to global admin" do
+        expect(subject).to permit(FactoryGirl.build(:admin), repository)
+      end
+    end
+  end
+
+  permissions :reader? do
+    it "denies access to user" do
+      expect(subject).to_not permit(User.new, repository)
+    end
+
+    it "grants access for reader of platform" do
+      allow_any_instance_of(RepositoryPolicy).to receive(:local_reader?).
+        with(repository.platform).and_return(true)
+      expect(subject).to permit(User.new, repository)
+    end
+
+    it "grants access for to global admin" do
+      expect(subject).to permit(FactoryGirl.build(:admin), repository)
+    end
+  end
+
+  permissions :write? do
+    it "denies access to user" do
+      expect(subject).to_not permit(User.new, repository)
+    end
+
+    it "grants access for writer of platform" do
+      allow_any_instance_of(RepositoryPolicy).to receive(:local_writer?).
+        with(repository.platform).and_return(true)
+      expect(subject).to permit(User.new, repository)
+    end
+
+    it "grants access for to global admin" do
+      expect(subject).to permit(FactoryGirl.build(:admin), repository)
+    end
+  end
+
+  %i(update? manage_members? regenerate_metadata? signatures?).each do |perm|
+    permissions perm do
+      it "denies access to user" do
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access for admin of platform" do
+        allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+          with(repository.platform).and_return(true)
+        expect(subject).to permit(User.new, repository)
+      end
+
+      it "grants access for to global admin" do
+        expect(subject).to permit(FactoryGirl.build(:admin), repository)
+      end
+    end
+  end
+
+  %i(create? destroy?).each do |perm|
+    permissions perm do
+      it "denies access to user" do
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access for admin of platform" do
+        allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+          with(repository.platform).and_return(true)
+        expect(subject).to permit(User.new, repository)
+      end
+
+      it "grants access for to global admin" do
+        expect(subject).to permit(FactoryGirl.build(:admin), repository)
+      end
+
+      it "denies access for personal platform and repository with 'main' name" do
+        repository.platform = FactoryGirl.build(:personal_platform)
+        repository.name = 'main'
+        expect(subject).to_not permit(FactoryGirl.build(:admin), repository)
+      end
+    end
+  end
+
+  %i(packages? remove_member? remove_members? add_member? sync_lock_file?).each do |perm|
+    permissions perm do
+      it "denies access to user" do
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access for admin of platform" do
+        allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+          with(repository.platform).and_return(true)
+        expect(subject).to permit(User.new, repository)
+      end
+
+      it "grants access for to global admin" do
+        expect(subject).to permit(FactoryGirl.build(:admin), repository)
+      end
+
+      it "denies access for personal platform" do
+        repository.platform = FactoryGirl.build(:personal_platform)
+        expect(subject).to_not permit(FactoryGirl.build(:admin), repository)
+      end
+    end
+  end
+
+  %i(add_project? remove_project?).each do |perm|
+    permissions perm do
+      it "denies access to user" do
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access for admin of platform" do
+        allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+          with(repository.platform).and_return(true)
+        expect(subject).to permit(User.new, repository)
+      end
+
+      it "grants access for member of repository" do
+        user = FactoryGirl.build(:user, id: 123)
+        allow_any_instance_of(RepositoryPolicy).to receive(:repository_user_ids).and_return([123])
+        expect(subject).to permit(user, repository)
+      end
+
+      it "grants access for to global admin" do
+        expect(subject).to permit(FactoryGirl.build(:admin), repository)
+      end
+    end
+  end
+
+  permissions :settings? do
+    it "denies access to user" do
+      expect(subject).to_not permit(User.new, repository)
+    end
+
+    it "grants access for admin of platform" do
+      allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+        with(repository.platform).and_return(true)
+      expect(subject).to permit(User.new, repository)
+    end
+
+    it "grants access for to global admin" do
+      expect(subject).to permit(FactoryGirl.build(:admin), repository)
+    end
+  end
+
+  permissions :key_pair? do
+    it "denies access to user" do
+      expect(subject).to_not permit(User.new, repository)
+    end
+
+    it "denies access for to global admin" do
+      expect(subject).to_not permit(FactoryGirl.build(:admin), repository)
+    end
+
+    it "grants access to system user" do
+      expect(subject).to permit(FactoryGirl.build(:user, role: 'system'), repository)
+    end
+  end
+
+  %i(add_repo_lock_file? remove_repo_lock_file?).each do |perm|
+    permissions perm do
+      it "denies access to user" do
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access for admin of platform" do
+        allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+          with(repository.platform).and_return(true)
+        expect(subject).to permit(User.new, repository)
+      end
+
+      it "denies access for admin of personal platform" do
+        allow(repository.platform).to receive(:main?).and_return(false)
+        allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?).
+          with(repository.platform).and_return(true)
+        expect(subject).to_not permit(User.new, repository)
+      end
+
+      it "grants access for to global admin" do
+        expect(subject).to permit(FactoryGirl.build(:admin), repository)
+      end
+
+      it "grants access to system user" do
+        expect(subject).to permit(FactoryGirl.build(:user, role: 'system'), repository)
+      end
+    end
+  end
+
+end