Clean up request specs

spec/requests/admin/security_spec.rb

@@ -2,20 +2,26 @@ require 'spec_helper'
 describe "Admin::Projects" do
   describe "GET /admin/projects" do
-    it { admin_projects_path.should be_allowed_for :admin }
-    it { admin_projects_path.should be_denied_for :user }
-    it { admin_projects_path.should be_denied_for :visitor }
+    subject { admin_projects_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
   end
   describe "GET /admin/users" do
-    it { admin_users_path.should be_allowed_for :admin }
-    it { admin_users_path.should be_denied_for :user }
-    it { admin_users_path.should be_denied_for :visitor }
+    subject { admin_users_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
   end
   describe "GET /admin/hooks" do
-    it { admin_hooks_path.should be_allowed_for :admin }
-    it { admin_hooks_path.should be_denied_for :user }
-    it { admin_hooks_path.should be_denied_for :visitor }
+    subject { admin_hooks_path }
+
+    it { should be_allowed_for :admin }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
   end
 end

spec/requests/api/issues_spec.rb

@@ -10,13 +10,13 @@ describe Gitlab::API do
   describe "GET /issues" do
     it "should return authentication error" do
-      get "#{api_prefix}/issues"
+      get api("/issues")
       response.status.should == 401
     end
     describe "authenticated GET /issues" do
       it "should return an array of issues" do
-        get "#{api_prefix}/issues?private_token=#{user.private_token}"
+        get api("/issues", user)
         response.status.should == 200
         json_response.should be_an Array
         json_response.first['title'].should == issue.title
@@ -26,7 +26,7 @@ describe Gitlab::API do
   describe "GET /projects/:id/issues" do
     it "should return project issues" do
-      get "#{api_prefix}/projects/#{project.code}/issues?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/issues", user)
       response.status.should == 200
       json_response.should be_an Array
       json_response.first['title'].should == issue.title
@@ -35,7 +35,7 @@ describe Gitlab::API do
   describe "GET /projects/:id/issues/:issue_id" do
     it "should return a project issue by id" do
-      get "#{api_prefix}/projects/#{project.code}/issues/#{issue.id}?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/issues/#{issue.id}", user)
       response.status.should == 200
       json_response['title'].should == issue.title
     end
@@ -43,7 +43,7 @@ describe Gitlab::API do
   describe "POST /projects/:id/issues" do
     it "should create a new project issue" do
-      post "#{api_prefix}/projects/#{project.code}/issues?private_token=#{user.private_token}",
+      post api("/projects/#{project.code}/issues", user),
         title: 'new issue', labels: 'label, label2'
       response.status.should == 201
       json_response['title'].should == 'new issue'
@@ -54,7 +54,7 @@ describe Gitlab::API do
   describe "PUT /projects/:id/issues/:issue_id" do
     it "should update a project issue" do
-      put "#{api_prefix}/projects/#{project.code}/issues/#{issue.id}?private_token=#{user.private_token}",
+      put api("/projects/#{project.code}/issues/#{issue.id}", user),
         title: 'updated title', labels: 'label2', closed: 1
       response.status.should == 200
       json_response['title'].should == 'updated title'
@@ -66,7 +66,7 @@ describe Gitlab::API do
   describe "DELETE /projects/:id/issues/:issue_id" do
     it "should delete a project issue" do
       expect {
-        delete "#{api_prefix}/projects/#{project.code}/issues/#{issue.id}?private_token=#{user.private_token}"
+        delete api("/projects/#{project.code}/issues/#{issue.id}", user)
       }.to change { Issue.count }.by(-1)
     end
   end

spec/requests/api/projects_spec.rb

@@ -10,13 +10,13 @@ describe Gitlab::API do
   describe "GET /projects" do
     it "should return authentication error" do
-      get "#{api_prefix}/projects"
+      get api("/projects")
       response.status.should == 401
     end
     describe "authenticated GET /projects" do
       it "should return an array of projects" do
-        get "#{api_prefix}/projects?private_token=#{user.private_token}"
+        get api("/projects", user)
         response.status.should == 200
         json_response.should be_an Array
         json_response.first['name'].should == project.name
@@ -27,20 +27,20 @@ describe Gitlab::API do
   describe "GET /projects/:id" do
     it "should return a project by id" do
-      get "#{api_prefix}/projects/#{project.id}?private_token=#{user.private_token}"
+      get api("/projects/#{project.id}", user)
       response.status.should == 200
       json_response['name'].should == project.name
       json_response['owner']['email'].should == user.email
     end
     it "should return a project by code name" do
-      get "#{api_prefix}/projects/#{project.code}?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}", user)
       response.status.should == 200
       json_response['name'].should == project.name
     end
     it "should return a 404 error if not found" do
-      get "#{api_prefix}/projects/42?private_token=#{user.private_token}"
+      get api("/projects/42", user)
       response.status.should == 404
       json_response['message'].should == '404 Not found'
     end
@@ -48,7 +48,7 @@ describe Gitlab::API do
   describe "GET /projects/:id/repository/branches" do
     it "should return an array of project branches" do
-      get "#{api_prefix}/projects/#{project.code}/repository/branches?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/repository/branches", user)
       response.status.should == 200
       json_response.should be_an Array
       json_response.first['name'].should == project.repo.heads.sort_by(&:name).first.name
@@ -57,7 +57,7 @@ describe Gitlab::API do
   describe "GET /projects/:id/repository/branches/:branch" do
     it "should return the branch information for a single branch" do
-      get "#{api_prefix}/projects/#{project.code}/repository/branches/new_design?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/repository/branches/new_design", user)
       response.status.should == 200
       json_response['name'].should == 'new_design'
@@ -67,7 +67,7 @@ describe Gitlab::API do
   describe "GET /projects/:id/repository/tags" do
     it "should return an array of project tags" do
-      get "#{api_prefix}/projects/#{project.code}/repository/tags?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/repository/tags", user)
       response.status.should == 200
       json_response.should be_an Array
       json_response.first['name'].should == project.repo.tags.sort_by(&:name).reverse.first.name
@@ -76,7 +76,7 @@ describe Gitlab::API do
   describe "GET /projects/:id/snippets/:snippet_id" do
     it "should return a project snippet" do
-      get "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/snippets/#{snippet.id}", user)
       response.status.should == 200
       json_response['title'].should == snippet.title
     end
@@ -84,7 +84,7 @@ describe Gitlab::API do
   describe "POST /projects/:id/snippets" do
     it "should create a new project snippet" do
-      post "#{api_prefix}/projects/#{project.code}/snippets?private_token=#{user.private_token}",
+      post api("/projects/#{project.code}/snippets", user),
         title: 'api test', file_name: 'sample.rb', code: 'test'
       response.status.should == 201
       json_response['title'].should == 'api test'
@@ -93,7 +93,7 @@ describe Gitlab::API do
   describe "PUT /projects/:id/snippets" do
     it "should update an existing project snippet" do
-      put "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}?private_token=#{user.private_token}",
+      put api("/projects/#{project.code}/snippets/#{snippet.id}", user),
         code: 'updated code'
       response.status.should == 200
       json_response['title'].should == 'example'
@@ -104,34 +104,31 @@ describe Gitlab::API do
   describe "DELETE /projects/:id/snippets/:snippet_id" do
     it "should delete existing project snippet" do
       expect {
-        delete "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}?private_token=#{user.private_token}"
+        delete api("/projects/#{project.code}/snippets/#{snippet.id}", user)
       }.to change { Snippet.count }.by(-1)
     end
   end
   describe "GET /projects/:id/snippets/:snippet_id/raw" do
     it "should get a raw project snippet" do
-      get "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}/raw?private_token=#{user.private_token}"
+      get api("/projects/#{project.code}/snippets/#{snippet.id}/raw", user)
       response.status.should == 200
     end
   end
   describe "GET /projects/:id/:sha/blob" do
     it "should get the raw file contents" do
-      get "#{api_prefix}/projects/#{project.code}/repository/commits/master/blob?filepath=README.md&private_token=#{user.private_token}"
-      
+      get api("/projects/#{project.code}/repository/commits/master/blob?filepath=README.md", user)
       response.status.should == 200
     end
     it "should return 404 for invalid branch_name" do
-      get "#{api_prefix}/projects/#{project.code}/repository/commits/invalid_branch_name/blob?filepath=README.md&private_token=#{user.private_token}"
-      
+      get api("/projects/#{project.code}/repository/commits/invalid_branch_name/blob?filepath=README.md", user)
       response.status.should == 404
     end
     it "should return 404 for invalid file" do
-      get "#{api_prefix}/projects/#{project.code}/repository/commits/master/blob?filepath=README.invalid&private_token=#{user.private_token}"
-      
+      get api("/projects/#{project.code}/repository/commits/master/blob?filepath=README.invalid", user)
       response.status.should == 404
     end
   end

spec/requests/api/users_spec.rb

@@ -7,13 +7,13 @@ describe Gitlab::API do
   describe "GET /users" do
     it "should return authentication error" do
-      get "#{api_prefix}/users"
+      get api("/users")
       response.status.should == 401
     end
     describe "authenticated GET /users" do
       it "should return an array of users" do
-        get "#{api_prefix}/users?private_token=#{user.private_token}"
+        get api("/users", user)
         response.status.should == 200
         json_response.should be_an Array
         json_response.first['email'].should == user.email
@@ -23,7 +23,7 @@ describe Gitlab::API do
   describe "GET /users/:id" do
     it "should return a user by id" do
-      get "#{api_prefix}/users/#{user.id}?private_token=#{user.private_token}"
+      get api("/users/#{user.id}", user)
       response.status.should == 200
       json_response['email'].should == user.email
     end
@@ -31,7 +31,7 @@ describe Gitlab::API do
   describe "GET /user" do
     it "should return current user" do
-      get "#{api_prefix}/user?private_token=#{user.private_token}"
+      get api("/user", user)
       response.status.should == 200
       json_response['email'].should == user.email
     end

spec/requests/security/profile_access_spec.rb

@@ -11,24 +11,30 @@ describe "Users Security" do
     end
     describe "GET /keys" do
-      it { keys_path.should be_allowed_for @u1 }
-      it { keys_path.should be_allowed_for :admin }
-      it { keys_path.should be_allowed_for :user }
-      it { keys_path.should be_denied_for :visitor }
+      subject { keys_path }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /profile" do
-      it { profile_path.should be_allowed_for @u1 }
-      it { profile_path.should be_allowed_for :admin }
-      it { profile_path.should be_allowed_for :user }
-      it { profile_path.should be_denied_for :visitor }
+      subject { profile_path }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /profile/password" do
-      it { profile_password_path.should be_allowed_for @u1 }
-      it { profile_password_path.should be_allowed_for :admin }
-      it { profile_password_path.should be_allowed_for :user }
-      it { profile_password_path.should be_denied_for :visitor }
+      subject { profile_password_path }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for :admin }
+      it { should be_allowed_for :user }
+      it { should be_denied_for :visitor }
     end
   end
 end

spec/requests/security/project_access_spec.rb

@@ -26,64 +26,76 @@ describe "Application access" do
     end
     describe "GET /project_code" do
-      it { project_path(@project).should be_allowed_for @u1 }
-      it { project_path(@project).should be_allowed_for @u3 }
-      it { project_path(@project).should be_denied_for :admin }
-      it { project_path(@project).should be_denied_for @u2 }
-      it { project_path(@project).should be_denied_for :user }
-      it { project_path(@project).should be_denied_for :visitor }
+      subject { project_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/master/tree" do
-      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user }
-      it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor }
+      subject { tree_project_ref_path(@project, @project.root_ref) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/commits" do
-      it { project_commits_path(@project).should be_allowed_for @u1 }
-      it { project_commits_path(@project).should be_allowed_for @u3 }
-      it { project_commits_path(@project).should be_denied_for :admin }
-      it { project_commits_path(@project).should be_denied_for @u2 }
-      it { project_commits_path(@project).should be_denied_for :user }
-      it { project_commits_path(@project).should be_denied_for :visitor }
+      subject { project_commits_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/commit" do
-      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 }
-      it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :user }
-      it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor }
+      subject { project_commit_path(@project, @project.commit.id) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/team" do
-      it { team_project_path(@project).should be_allowed_for @u1 }
-      it { team_project_path(@project).should be_allowed_for @u3 }
-      it { team_project_path(@project).should be_denied_for :admin }
-      it { team_project_path(@project).should be_denied_for @u2 }
-      it { team_project_path(@project).should be_denied_for :user }
-      it { team_project_path(@project).should be_denied_for :visitor }
+      subject { team_project_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/wall" do
-      it { wall_project_path(@project).should be_allowed_for @u1 }
-      it { wall_project_path(@project).should be_allowed_for @u3 }
-      it { wall_project_path(@project).should be_denied_for :admin }
-      it { wall_project_path(@project).should be_denied_for @u2 }
-      it { wall_project_path(@project).should be_denied_for :user }
-      it { wall_project_path(@project).should be_denied_for :visitor }
+      subject { wall_project_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/blob" do
       before do
-        @commit = @project.commit
-        @path = @commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
-        @blob_path = blob_project_ref_path(@project, @commit.id, path: @path)
+        commit = @project.commit
+        path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name
+        @blob_path = blob_project_ref_path(@project, commit.id, path: path)
       end
       it { @blob_path.should be_allowed_for @u1 }
@@ -95,93 +107,113 @@ describe "Application access" do
     end
     describe "GET /project_code/edit" do
-      it { edit_project_path(@project).should be_allowed_for @u1 }
-      it { edit_project_path(@project).should be_denied_for @u3 }
-      it { edit_project_path(@project).should be_denied_for :admin }
-      it { edit_project_path(@project).should be_denied_for @u2 }
-      it { edit_project_path(@project).should be_denied_for :user }
-      it { edit_project_path(@project).should be_denied_for :visitor }
+      subject { edit_project_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_denied_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/deploy_keys" do
-      it { project_deploy_keys_path(@project).should be_allowed_for @u1 }
-      it { project_deploy_keys_path(@project).should be_denied_for @u3 }
-      it { project_deploy_keys_path(@project).should be_denied_for :admin }
-      it { project_deploy_keys_path(@project).should be_denied_for @u2 }
-      it { project_deploy_keys_path(@project).should be_denied_for :user }
-      it { project_deploy_keys_path(@project).should be_denied_for :visitor }
+      subject { project_deploy_keys_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_denied_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/issues" do
-      it { project_issues_path(@project).should be_allowed_for @u1 }
-      it { project_issues_path(@project).should be_allowed_for @u3 }
-      it { project_issues_path(@project).should be_denied_for :admin }
-      it { project_issues_path(@project).should be_denied_for @u2 }
-      it { project_issues_path(@project).should be_denied_for :user }
-      it { project_issues_path(@project).should be_denied_for :visitor }
+      subject { project_issues_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/snippets" do
-      it { project_snippets_path(@project).should be_allowed_for @u1 }
-      it { project_snippets_path(@project).should be_allowed_for @u3 }
-      it { project_snippets_path(@project).should be_denied_for :admin }
-      it { project_snippets_path(@project).should be_denied_for @u2 }
-      it { project_snippets_path(@project).should be_denied_for :user }
-      it { project_snippets_path(@project).should be_denied_for :visitor }
+      subject { project_snippets_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/merge_requests" do
-      it { project_merge_requests_path(@project).should be_allowed_for @u1 }
-      it { project_merge_requests_path(@project).should be_allowed_for @u3 }
-      it { project_merge_requests_path(@project).should be_denied_for :admin }
-      it { project_merge_requests_path(@project).should be_denied_for @u2 }
-      it { project_merge_requests_path(@project).should be_denied_for :user }
-      it { project_merge_requests_path(@project).should be_denied_for :visitor }
+      subject { project_merge_requests_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/repository" do
-      it { project_repository_path(@project).should be_allowed_for @u1 }
-      it { project_repository_path(@project).should be_allowed_for @u3 }
-      it { project_repository_path(@project).should be_denied_for :admin }
-      it { project_repository_path(@project).should be_denied_for @u2 }
-      it { project_repository_path(@project).should be_denied_for :user }
-      it { project_repository_path(@project).should be_denied_for :visitor }
+      subject { project_repository_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/repository/branches" do
-      it { branches_project_repository_path(@project).should be_allowed_for @u1 }
-      it { branches_project_repository_path(@project).should be_allowed_for @u3 }
-      it { branches_project_repository_path(@project).should be_denied_for :admin }
-      it { branches_project_repository_path(@project).should be_denied_for @u2 }
-      it { branches_project_repository_path(@project).should be_denied_for :user }
-      it { branches_project_repository_path(@project).should be_denied_for :visitor }
+      subject { branches_project_repository_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/repository/tags" do
-      it { tags_project_repository_path(@project).should be_allowed_for @u1 }
-      it { tags_project_repository_path(@project).should be_allowed_for @u3 }
-      it { tags_project_repository_path(@project).should be_denied_for :admin }
-      it { tags_project_repository_path(@project).should be_denied_for @u2 }
-      it { tags_project_repository_path(@project).should be_denied_for :user }
-      it { tags_project_repository_path(@project).should be_denied_for :visitor }
+      subject { tags_project_repository_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/hooks" do
-      it { project_hooks_path(@project).should be_allowed_for @u1 }
-      it { project_hooks_path(@project).should be_allowed_for @u3 }
-      it { project_hooks_path(@project).should be_denied_for :admin }
-      it { project_hooks_path(@project).should be_denied_for @u2 }
-      it { project_hooks_path(@project).should be_denied_for :user }
-      it { project_hooks_path(@project).should be_denied_for :visitor }
+      subject { project_hooks_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
     describe "GET /project_code/files" do
-      it { files_project_path(@project).should be_allowed_for @u1 }
-      it { files_project_path(@project).should be_allowed_for @u3 }
-      it { files_project_path(@project).should be_denied_for :admin }
-      it { files_project_path(@project).should be_denied_for @u2 }
-      it { files_project_path(@project).should be_denied_for :user }
-      it { files_project_path(@project).should be_denied_for :visitor }
+      subject { files_project_path(@project) }
+
+      it { should be_allowed_for @u1 }
+      it { should be_allowed_for @u3 }
+      it { should be_denied_for :admin }
+      it { should be_denied_for @u2 }
+      it { should be_denied_for :user }
+      it { should be_denied_for :visitor }
     end
   end
 end