1# frozen_string_literal: true
2
3require 'spec_helper'
4
5RSpec.describe BoardPolicy do
6  let(:user) { create(:user) }
7  let(:project) { create(:project, :private) }
8  let(:group) { create(:group, :private) }
9  let(:group_board) { create(:board, group: group) }
10  let(:project_board) { create(:board, project: project) }
11
12  let(:board_permissions) do
13    [
14      :read_parent,
15      :read_milestone,
16      :read_issue
17    ]
18  end
19
20  context 'group board' do
21    subject { described_class.new(user, group_board) }
22
23    context 'user has access' do
24      before do
25        group.add_developer(user)
26      end
27
28      it do
29        expect_allowed(*board_permissions)
30      end
31    end
32
33    context 'user does not have access' do
34      it do
35        expect_disallowed(*board_permissions)
36      end
37    end
38  end
39
40  context 'project board' do
41    subject { described_class.new(user, project_board) }
42
43    context 'user has access' do
44      before do
45        project.add_developer(user)
46      end
47
48      it do
49        expect_allowed(*board_permissions)
50      end
51    end
52
53    context 'user does not have access' do
54      it do
55        expect_disallowed(*board_permissions)
56      end
57    end
58  end
59
60  context 'create_non_backlog_issues' do
61    context 'for project boards' do
62      let!(:current_user) { create(:user) }
63
64      subject { described_class.new(current_user, project_board) }
65
66      context 'when user can admin project issues' do
67        it 'allows to add non backlog issues from issue board' do
68          project.add_reporter(current_user)
69
70          expect_allowed(:create_non_backlog_issues)
71        end
72      end
73
74      context 'when user cannot admin project issues' do
75        it 'does not allow to add non backlog issues from issue board' do
76          project.add_guest(current_user)
77
78          expect_disallowed(:create_non_backlog_issues)
79        end
80      end
81    end
82
83    context 'for group boards' do
84      let!(:current_user) { create(:user) }
85      let!(:project_1) { create(:project, namespace: group) }
86      let!(:project_2) { create(:project, namespace: group) }
87      let!(:group_board) { create(:board, group: group) }
88
89      subject { described_class.new(current_user, group_board) }
90
91      before do
92        project_1.add_guest(current_user)
93      end
94
95      context 'when user is at least reporter in one of the child projects' do
96        it 'allows to add non backlog issues from issue board' do
97          project_2.add_reporter(current_user)
98
99          expect_allowed(:create_non_backlog_issues)
100        end
101      end
102
103      context 'when user is not a reporter from any child projects' do
104        it 'does not allow to add non backlog issues from issue board' do
105          project_2.add_guest(current_user)
106
107          expect_disallowed(:create_non_backlog_issues)
108        end
109      end
110    end
111  end
112end
113