Skip to content

Refactor spec/policies/project_policy_spec.rb to minimize the diff with CE

username-removed-128633 requested to merge rc/refactor-project_policy_spec into master

What does this MR do?

I discovered the discrepancy while reviewing https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14257/diffs#d458b7cdebc6dde2dcb0e3a6c2b68503219b28d9.

The diff was as follows:

diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 4dbaf7fb025..4e7bbaf83ca 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -6,13 +6,14 @@ describe ProjectPolicy do
   let(:dev) { create(:user) }
   let(:master) { create(:user) }
   let(:owner) { create(:user) }
+  let(:auditor) { create(:user, :auditor) }
   let(:admin) { create(:admin) }
   let(:project) { create(:project, :public, namespace: owner.namespace) }
 
   let(:guest_permissions) do
     %i[
       read_project read_board read_list read_wiki read_issue read_label
-      read_milestone read_project_snippet read_project_member
+      read_issue_link read_milestone read_project_snippet read_project_member
       read_note create_project create_issue create_note
       upload_file
     ]
@@ -21,7 +22,7 @@ describe ProjectPolicy do
   let(:reporter_permissions) do
     %i[
       download_code fork_project create_project_snippet update_issue
-      admin_issue admin_label admin_list read_commit_status read_build
+      admin_issue admin_label admin_issue_link admin_list read_commit_status read_build
       read_container_image read_pipeline read_environment read_deployment
       read_merge_request download_wiki_code
     ]
@@ -43,7 +44,8 @@ describe ProjectPolicy do
 
   let(:master_permissions) do
     %i[
-      delete_protected_branch update_project_snippet update_environment
+      push_code_to_protected_branches delete_protected_branch
+      update_project_snippet update_environment
       update_deployment admin_milestone admin_project_snippet
       admin_project_member admin_note admin_wiki admin_project
       admin_commit_status admin_build admin_container_image
@@ -66,6 +68,16 @@ describe ProjectPolicy do
     ]
   end
 
+  let(:auditor_permissions) do
+    %i[
+      download_code download_wiki_code read_project read_board read_list
+      read_wiki read_issue read_label read_issue_link read_milestone read_project_snippet
+      read_project_member read_note read_cycle_analytics read_pipeline
+      read_build read_commit_status read_container_image read_environment
+      read_deployment read_merge_request read_pages
+    ]
+  end
+
   before do
     project.team << [guest, :guest]
     project.team << [master, :master]
@@ -268,5 +280,33 @@ describe ProjectPolicy do
         expect_allowed(*owner_permissions)
       end
     end
+
+    context 'auditor' do
+      let(:current_user) { auditor }
+
+      context 'not a team member' do
+        it do
+          is_expected.to be_disallowed(*developer_permissions)
+          is_expected.to be_disallowed(*master_permissions)
+          is_expected.to be_disallowed(*owner_permissions)
+          is_expected.to be_disallowed(*(guest_permissions - auditor_permissions))
+          is_expected.to be_allowed(*auditor_permissions)
+        end
+      end
+
+      context 'team member' do
+        before do
+          project.team << [auditor, :guest]
+        end
+
+        it do
+          is_expected.to be_disallowed(*developer_permissions)
+          is_expected.to be_disallowed(*master_permissions)
+          is_expected.to be_disallowed(*owner_permissions)
+          is_expected.to be_allowed(*(guest_permissions - auditor_permissions))
+          is_expected.to be_allowed(*auditor_permissions)
+        end
+      end
+    end
   end
 end

Merge request reports

Loading