1# frozen_string_literal: true 2 3require 'spec_helper' 4 5RSpec.describe ReleasePolicy, :request_store do 6 let_it_be(:developer) { create(:user) } 7 let_it_be(:maintainer) { create(:user) } 8 let_it_be(:project) { create(:project, :repository) } 9 let_it_be(:release, reload: true) { create(:release, project: project) } 10 11 let(:user) { developer } 12 13 before_all do 14 project.add_developer(developer) 15 project.add_maintainer(maintainer) 16 end 17 18 subject { described_class.new(user, release) } 19 20 context 'when the user has access to the protected tag' do 21 let_it_be(:protected_tag) { create(:protected_tag, :developers_can_create, name: release.tag, project: project) } 22 23 it 'allows the user to create, update and destroy a release' do 24 is_expected.to be_allowed(:create_release) 25 is_expected.to be_allowed(:update_release) 26 is_expected.to be_allowed(:destroy_release) 27 end 28 end 29 30 context 'when the user does not have access to the protected tag' do 31 let_it_be(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: release.tag, project: project) } 32 33 it 'prevents the user from creating, updating and destroying a release' do 34 is_expected.to be_disallowed(:create_release) 35 is_expected.to be_disallowed(:update_release) 36 is_expected.to be_disallowed(:destroy_release) 37 end 38 end 39end 40