1# frozen_string_literal: true 2 3require 'spec_helper' 4 5RSpec.describe GroupMemberPolicy do 6 include DesignManagementTestHelpers 7 8 let(:guest) { create(:user) } 9 let(:owner) { create(:user) } 10 let(:group) { create(:group, :private) } 11 12 before do 13 group.add_guest(guest) 14 group.add_owner(owner) 15 end 16 17 let(:member_related_permissions) do 18 [:update_group_member, :destroy_group_member] 19 end 20 21 let(:membership) { current_user.members.first } 22 23 subject { described_class.new(current_user, membership) } 24 25 def expect_allowed(*permissions) 26 permissions.each { |p| is_expected.to be_allowed(p) } 27 end 28 29 def expect_disallowed(*permissions) 30 permissions.each { |p| is_expected.not_to be_allowed(p) } 31 end 32 33 context 'with anonymous user' do 34 let(:group) { create(:group, :public) } 35 let(:current_user) { nil } 36 let(:membership) { guest.members.first } 37 38 it do 39 expect_disallowed(:read_design_activity, *member_related_permissions) 40 expect_allowed(:read_group) 41 end 42 43 context 'design management is enabled' do 44 before do 45 create(:project, :public, group: group) # Necessary to enable design management 46 enable_design_management 47 end 48 49 specify do 50 expect_allowed(:read_design_activity) 51 end 52 end 53 54 context 'for a private group' do 55 let(:group) { create(:group, :private) } 56 57 specify do 58 expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) 59 end 60 end 61 62 context 'for an internal group' do 63 let(:group) { create(:group, :internal) } 64 65 specify do 66 expect_disallowed(:read_group, :read_design_activity, *member_related_permissions) 67 end 68 end 69 end 70 71 context 'with guest user, for own membership' do 72 let(:current_user) { guest } 73 74 specify { expect_disallowed(:update_group_member) } 75 specify { expect_allowed(:read_group, :destroy_group_member) } 76 end 77 78 context 'with guest user, for other membership' do 79 let(:current_user) { guest } 80 let(:membership) { owner.members.first } 81 82 specify { expect_disallowed(:destroy_group_member, :update_group_member) } 83 specify { expect_allowed(:read_group) } 84 end 85 86 context 'with one owner' do 87 let(:current_user) { owner } 88 89 specify { expect_disallowed(*member_related_permissions) } 90 specify { expect_allowed(:read_group) } 91 end 92 93 context 'with one blocked owner' do 94 let(:owner) { create(:user, :blocked) } 95 let(:current_user) { owner } 96 97 specify { expect_disallowed(*member_related_permissions) } 98 specify { expect_disallowed(:read_group) } 99 end 100 101 context 'with more than one owner' do 102 let(:current_user) { owner } 103 104 before do 105 group.add_owner(create(:user)) 106 end 107 108 specify { expect_allowed(*member_related_permissions) } 109 end 110 111 context 'with the group parent' do 112 let(:current_user) { create :user } 113 let(:subgroup) { create(:group, :private, parent: group)} 114 115 before do 116 group.add_owner(owner) 117 subgroup.add_owner(current_user) 118 end 119 120 it do 121 expect_allowed(:destroy_group_member) 122 expect_allowed(:update_group_member) 123 end 124 end 125 126 context 'without group parent' do 127 let(:current_user) { create :user } 128 let(:subgroup) { create(:group, :private)} 129 130 before do 131 subgroup.add_owner(current_user) 132 end 133 134 it do 135 expect_disallowed(:destroy_group_member) 136 expect_disallowed(:update_group_member) 137 end 138 end 139 140 context 'without group parent with two owners' do 141 let(:current_user) { create :user } 142 let(:other_user) { create :user } 143 let(:subgroup) { create(:group, :private)} 144 145 before do 146 subgroup.add_owner(current_user) 147 subgroup.add_owner(other_user) 148 end 149 150 it do 151 expect_allowed(:destroy_group_member) 152 expect_allowed(:update_group_member) 153 end 154 end 155end 156