1# frozen_string_literal: true 2 3require 'spec_helper' 4 5RSpec.describe BoardPolicy do 6 let(:user) { create(:user) } 7 let(:project) { create(:project, :private) } 8 let(:group) { create(:group, :private) } 9 let(:group_board) { create(:board, group: group) } 10 let(:project_board) { create(:board, project: project) } 11 12 let(:board_permissions) do 13 [ 14 :read_parent, 15 :read_milestone, 16 :read_issue 17 ] 18 end 19 20 context 'group board' do 21 subject { described_class.new(user, group_board) } 22 23 context 'user has access' do 24 before do 25 group.add_developer(user) 26 end 27 28 it do 29 expect_allowed(*board_permissions) 30 end 31 end 32 33 context 'user does not have access' do 34 it do 35 expect_disallowed(*board_permissions) 36 end 37 end 38 end 39 40 context 'project board' do 41 subject { described_class.new(user, project_board) } 42 43 context 'user has access' do 44 before do 45 project.add_developer(user) 46 end 47 48 it do 49 expect_allowed(*board_permissions) 50 end 51 end 52 53 context 'user does not have access' do 54 it do 55 expect_disallowed(*board_permissions) 56 end 57 end 58 end 59 60 context 'create_non_backlog_issues' do 61 context 'for project boards' do 62 let!(:current_user) { create(:user) } 63 64 subject { described_class.new(current_user, project_board) } 65 66 context 'when user can admin project issues' do 67 it 'allows to add non backlog issues from issue board' do 68 project.add_reporter(current_user) 69 70 expect_allowed(:create_non_backlog_issues) 71 end 72 end 73 74 context 'when user cannot admin project issues' do 75 it 'does not allow to add non backlog issues from issue board' do 76 project.add_guest(current_user) 77 78 expect_disallowed(:create_non_backlog_issues) 79 end 80 end 81 end 82 83 context 'for group boards' do 84 let!(:current_user) { create(:user) } 85 let!(:project_1) { create(:project, namespace: group) } 86 let!(:project_2) { create(:project, namespace: group) } 87 let!(:group_board) { create(:board, group: group) } 88 89 subject { described_class.new(current_user, group_board) } 90 91 before do 92 project_1.add_guest(current_user) 93 end 94 95 context 'when user is at least reporter in one of the child projects' do 96 it 'allows to add non backlog issues from issue board' do 97 project_2.add_reporter(current_user) 98 99 expect_allowed(:create_non_backlog_issues) 100 end 101 end 102 103 context 'when user is not a reporter from any child projects' do 104 it 'does not allow to add non backlog issues from issue board' do 105 project_2.add_guest(current_user) 106 107 expect_disallowed(:create_non_backlog_issues) 108 end 109 end 110 end 111 end 112end 113