diff --git a/ee/spec/models/protected_branch/merge_access_level_spec.rb b/ee/spec/models/protected_branch/merge_access_level_spec.rb
index cf42c10597d95be70ddc2de7e69b947d0aa396da..7a1b444276b1bb4ace188ab124cb76635a9050c1 100644
--- a/ee/spec/models/protected_branch/merge_access_level_spec.rb
+++ b/ee/spec/models/protected_branch/merge_access_level_spec.rb
@@ -3,5 +3,5 @@
require 'spec_helper'
RSpec.describe ProtectedBranch::MergeAccessLevel, feature_category: :source_code_management do
- it_behaves_like 'ee protected ref access', :protected_branch
+ it_behaves_like 'ee protected ref access'
end
diff --git a/ee/spec/models/protected_branch/push_access_level_spec.rb b/ee/spec/models/protected_branch/push_access_level_spec.rb
index d2fba491ec9f39fd41e4bf4d9cd51b62c182aea8..3be5fffeb5f83335af7e1d3022d6f8986ae5c13c 100644
--- a/ee/spec/models/protected_branch/push_access_level_spec.rb
+++ b/ee/spec/models/protected_branch/push_access_level_spec.rb
@@ -3,5 +3,5 @@
require 'spec_helper'
RSpec.describe ProtectedBranch::PushAccessLevel, feature_category: :source_code_management do
- it_behaves_like 'ee protected ref access', :protected_branch
+ it_behaves_like 'ee protected ref access'
end
diff --git a/ee/spec/models/protected_branch/unprotect_access_level_spec.rb b/ee/spec/models/protected_branch/unprotect_access_level_spec.rb
index c96dca787c147b9d03d431fc9f4d07056c0d270d..0b1e0d670d31f7e801b560c6af5451966f67ecf7 100644
--- a/ee/spec/models/protected_branch/unprotect_access_level_spec.rb
+++ b/ee/spec/models/protected_branch/unprotect_access_level_spec.rb
@@ -5,5 +5,5 @@
RSpec.describe ProtectedBranch::UnprotectAccessLevel, feature_category: :source_code_management do
it_behaves_like 'protected branch access'
it_behaves_like 'protected ref access allowed_access_levels', excludes: [Gitlab::Access::NO_ACCESS]
- it_behaves_like 'ee protected ref access', :protected_branch
+ it_behaves_like 'ee protected ref access'
end
diff --git a/ee/spec/models/protected_tag/create_access_level_spec.rb b/ee/spec/models/protected_tag/create_access_level_spec.rb
index a80eb86417cb301b145452e95bf1db5114331380..3700a597faff170ece0bbd09b535db5323aead6a 100644
--- a/ee/spec/models/protected_tag/create_access_level_spec.rb
+++ b/ee/spec/models/protected_tag/create_access_level_spec.rb
@@ -3,5 +3,5 @@
require 'spec_helper'
RSpec.describe ProtectedTag::CreateAccessLevel, feature_category: :source_code_management do
- it_behaves_like 'ee protected ref access', :protected_tag
+ it_behaves_like 'ee protected ref access'
end
diff --git a/ee/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb b/ee/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb
index db3ce232246360a7207ec5f0e59be04eaf643762..c54059fa42acb103b644c9cd6b50a9d9544cac24 100644
--- a/ee/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb
+++ b/ee/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb
@@ -1,19 +1,13 @@
# frozen_string_literal: true
-RSpec.shared_examples 'ee protected ref access' do |association|
- let_it_be(:described_instance) { described_class.model_name.singular }
- let_it_be(:project) { create(:project) }
- let_it_be(:group) { create(:group) }
+RSpec.shared_examples 'ee protected ref access' do
+ include_context 'for protected ref access'
+
+ let_it_be(:group) { project.group }
let_it_be(:user) { create(:user, developer_of: project) }
- let_it_be(:protected_ref) { create(association, project: project) }
- let_it_be(:protected_ref_fk) { "#{association}_id" }
let_it_be(:test_group) { create(:group) }
let_it_be(:test_user) { create(:user) }
- before_all do
- create(:project_group_link, group: group, project: project)
- end
-
describe 'Validations:' do
let(:access_user_id) { nil }
let(:access_group_id) { nil }
@@ -23,8 +17,8 @@
subject do
build(
- described_class.model_name.singular.to_sym,
- association => protected_ref,
+ described_factory,
+ protected_ref_name => protected_ref,
user_id: access_user_id,
group_id: access_group_id,
importing: importing
@@ -255,7 +249,7 @@
with_them do
let(:access_level) do
- build(described_instance, group_id: group_id, user_id: user_id).tap do |access_level|
+ build(described_factory, group_id: group_id, user_id: user_id).tap do |access_level|
access_level.group = group if group
access_level.user = user if user
end
@@ -281,7 +275,7 @@
with_them do
let(:access_level) do
- build(described_instance, group_id: group_id, user_id: user_id).tap do |access_level|
+ build(described_factory, group_id: group_id, user_id: user_id).tap do |access_level|
access_level.group = group if group
access_level.user = user if user
end
@@ -294,25 +288,16 @@
end
describe '#check_access(current_user, current_project)' do
- let_it_be(:current_user) { create(:user) }
+ let_it_be(:current_user) { create(:user, maintainer_of: project) }
let(:user) { nil }
let(:group) { nil }
let(:current_project) { project }
- let(:described_instance) do
- described_class.new(
- association => protected_ref,
- user: user,
- group: group
- )
- end
-
- before_all do
- project.add_maintainer(current_user)
- end
subject do
- described_instance.check_access(current_user, current_project)
+ described_class.new(
+ protected_ref_name => protected_ref, user: user, group: group
+ ).check_access(current_user, current_project)
end
context 'when user is assigned' do
diff --git a/spec/models/protected_branch/merge_access_level_spec.rb b/spec/models/protected_branch/merge_access_level_spec.rb
index 92aa5fa3eee3b9db559e77faa011131bd2032dae..ca31f00bf227bff9a0deb6b00f456b6b2aebf887 100644
--- a/spec/models/protected_branch/merge_access_level_spec.rb
+++ b/spec/models/protected_branch/merge_access_level_spec.rb
@@ -3,6 +3,6 @@
require 'spec_helper'
RSpec.describe ProtectedBranch::MergeAccessLevel, feature_category: :source_code_management do
- include_examples 'protected branch access'
- include_examples 'protected ref access allowed_access_levels'
+ it_behaves_like 'protected branch access'
+ it_behaves_like 'protected ref access allowed_access_levels'
end
diff --git a/spec/models/protected_branch/push_access_level_spec.rb b/spec/models/protected_branch/push_access_level_spec.rb
index 05e10fd6763d4514f6d2face36d52f1f024be512..a65d398b947771c4738cb54797394e12a6c39207 100644
--- a/spec/models/protected_branch/push_access_level_spec.rb
+++ b/spec/models/protected_branch/push_access_level_spec.rb
@@ -3,7 +3,7 @@
require 'spec_helper'
RSpec.describe ProtectedBranch::PushAccessLevel, feature_category: :source_code_management do
- include_examples 'protected branch access'
- include_examples 'protected ref deploy_key access'
- include_examples 'protected ref access allowed_access_levels'
+ it_behaves_like 'protected branch access'
+ it_behaves_like 'protected ref deploy_key access'
+ it_behaves_like 'protected ref access allowed_access_levels'
end
diff --git a/spec/support/shared_contexts/models/concerns/protected_ref_access_context.rb b/spec/support/shared_contexts/models/concerns/protected_ref_access_context.rb
new file mode 100644
index 0000000000000000000000000000000000000000..dfa00f92b16731d0586f6f11292e002ef036236a
--- /dev/null
+++ b/spec/support/shared_contexts/models/concerns/protected_ref_access_context.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+RSpec.shared_context 'for protected ref access' do
+ let_it_be(:project) { create(:project, :public, :in_group) }
+ let_it_be(:described_factory) { described_class.model_name.singular }
+ let_it_be(:protected_ref_name) { described_class.module_parent.model_name.singular }
+ let_it_be(:protected_ref_fk) { "#{protected_ref_name}_id" }
+ let_it_be(:protected_ref) { create(protected_ref_name, default_access_level: false, project: project) }
+end
diff --git a/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb b/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb
index 475814fc07d5b41205e17cafb31b1e24f993ebd6..6c6b4f8add6c4378a354a20ef21d3d9e1725d736 100644
--- a/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb
+++ b/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb
@@ -1,11 +1,13 @@
# frozen_string_literal: true
RSpec.shared_examples 'protected branch access' do
- include_examples 'protected ref access', :protected_branch
+ it_behaves_like 'protected ref access'
it { is_expected.to belong_to(:protected_branch) }
describe '#project' do
+ include_context 'for protected ref access'
+
it 'delegates project to protected_branch association' do
allow(protected_ref).to receive(:project)
@@ -20,6 +22,8 @@
end
describe '#protected_branch_group' do
+ include_context 'for protected ref access'
+
it 'looks for the group attached to protected_branch' do
allow(protected_ref).to receive(:group)
diff --git a/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb b/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb
index b11bd4a008b4dae996c96dda4b642443bf9dcd96..b87c59b4e39bdd9f38caa2212e18cbf0446b2e5c 100644
--- a/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb
+++ b/spec/support/shared_examples/models/concerns/protected_ref_access_shared_examples.rb
@@ -1,13 +1,12 @@
# frozen_string_literal: true
-RSpec.shared_examples 'protected ref access' do |association|
+RSpec.shared_examples 'protected ref access' do
include ExternalAuthorizationServiceHelpers
- let_it_be(:project) { create(:project) }
- let_it_be(:protected_ref) { create(association, project: project) } # rubocop:disable Rails/SaveBang -- False positive because factory name is dynamic
+ include_context 'for protected ref access'
describe 'validations' do
- subject { build(described_class.model_name.singular) }
+ subject { build(described_factory) }
context 'when role?' do
it { is_expected.to validate_inclusion_of(:access_level).in_array(described_class.allowed_access_levels) }
@@ -15,8 +14,7 @@
it { is_expected.to validate_presence_of(:access_level) }
it do
- is_expected.to validate_uniqueness_of(:access_level)
- .scoped_to("#{described_class.module_parent.model_name.singular}_id")
+ is_expected.to validate_uniqueness_of(:access_level).scoped_to(protected_ref_fk)
end
end
@@ -30,8 +28,7 @@
it { is_expected.not_to validate_inclusion_of(:access_level).in_array(described_class.allowed_access_levels) }
it do
- is_expected.not_to validate_uniqueness_of(:access_level)
- .scoped_to("#{described_class.module_parent.model_name.singular}_id")
+ is_expected.not_to validate_uniqueness_of(:access_level).scoped_to(protected_ref_fk)
end
end
end
@@ -52,27 +49,19 @@
end
describe '#check_access(user, current_project)' do
- let_it_be(:group) { create(:group) }
- # Making a project public to avoid false positives tests
- let_it_be(:project) { create(:project, :public, group: group) }
let_it_be(:current_user) { create(:user) }
- let_it_be(:protected_ref) { create(association, project: project) }
let(:access_level) { ::Gitlab::Access::DEVELOPER }
let(:current_project) { project }
- let(:described_instance) do
- described_class.new(
- association => protected_ref,
- access_level: access_level
- )
- end
before_all do
project.add_developer(current_user)
end
- subject do
- described_instance.check_access(current_user, current_project)
+ subject(:check_access) do
+ described_class
+ .new(protected_ref_name => protected_ref, access_level: access_level)
+ .check_access(current_user, current_project)
end
context 'when current_user is nil' do
diff --git a/spec/support/shared_examples/models/concerns/protected_ref_deploy_key_access_shared_examples.rb b/spec/support/shared_examples/models/concerns/protected_ref_deploy_key_access_shared_examples.rb
index 3b1de8de5a1468d765016e9501b9fbd83af68cb9..62ad83f56640940ec2eb0a0d25c782284902b672 100644
--- a/spec/support/shared_examples/models/concerns/protected_ref_deploy_key_access_shared_examples.rb
+++ b/spec/support/shared_examples/models/concerns/protected_ref_deploy_key_access_shared_examples.rb
@@ -1,10 +1,7 @@
# frozen_string_literal: true
RSpec.shared_examples 'protected ref deploy_key access' do
- let_it_be(:described_instance) { described_class.model_name.singular }
- let_it_be(:protected_ref_name) { described_class.module_parent.model_name.singular }
- let_it_be(:project) { create(:project, :in_group) }
- let_it_be(:protected_ref) { create(protected_ref_name, project: project) } # rubocop:disable Rails/SaveBang -- False positive because factory name is dynamic
+ include_context 'for protected ref access'
describe 'associations' do
it { is_expected.to belong_to(:deploy_key) }
@@ -18,7 +15,7 @@
end
it 'is valid' do
- level = build(described_instance, protected_ref_name => protected_ref, deploy_key: deploy_key)
+ level = build(described_factory, protected_ref_name => protected_ref, deploy_key: deploy_key)
expect(level).to be_valid
end
@@ -26,7 +23,7 @@
context 'when deploy_key_id is invalid' do
subject(:access_level) do
- build(described_instance, protected_ref_name => protected_ref, deploy_key_id: 0)
+ build(described_factory, protected_ref_name => protected_ref, deploy_key_id: 0)
end
it 'is not valid', :aggregate_failures do
@@ -39,11 +36,11 @@
let(:deploy_key) { create(:deploy_keys_project, :write_access, project: project).deploy_key }
before do
- create(described_instance, protected_ref_name => protected_ref, deploy_key: deploy_key)
+ create(described_factory, protected_ref_name => protected_ref, deploy_key: deploy_key)
end
subject(:access_level) do
- build(described_instance, protected_ref_name => protected_ref, deploy_key: deploy_key)
+ build(described_factory, protected_ref_name => protected_ref, deploy_key: deploy_key)
end
it 'is not valid', :aggregate_failures do
@@ -54,7 +51,7 @@
context 'when deploy key is not enabled for the project' do
subject(:access_level) do
- build(described_instance, protected_ref_name => protected_ref, deploy_key: create(:deploy_key))
+ build(described_factory, protected_ref_name => protected_ref, deploy_key: create(:deploy_key))
end
it 'is not valid', :aggregate_failures do
@@ -66,7 +63,7 @@
context 'when deploy key is not active for the project' do
subject(:access_level) do
deploy_key = create(:deploy_keys_project, :readonly_access, project: project).deploy_key
- build(described_instance, protected_ref_name => protected_ref, deploy_key: deploy_key)
+ build(described_factory, protected_ref_name => protected_ref, deploy_key: deploy_key)
end
it 'is not valid', :aggregate_failures do
@@ -88,7 +85,7 @@
context "when this #{described_class.model_name.singular} is tied to a deploy key" do
let!(:access_level) do
- create(described_instance, protected_ref_name => protected_ref, deploy_key: deploy_key)
+ create(described_factory, protected_ref_name => protected_ref, deploy_key: deploy_key)
end
context 'and user is not a project member' do
@@ -161,13 +158,13 @@
subject { access_level.type }
context 'when deploy_key is present and deploy_key_id is nil' do
- let(:access_level) { build(described_instance, deploy_key: build(:deploy_key)) }
+ let(:access_level) { build(described_factory, deploy_key: build(:deploy_key)) }
it { is_expected.to eq(:deploy_key) }
end
context 'when deploy_key_id is present and deploy_key is nil' do
- let(:access_level) { build(described_instance, deploy_key_id: 0) }
+ let(:access_level) { build(described_factory, deploy_key_id: 0) }
it { is_expected.to eq(:deploy_key) }
end
@@ -178,13 +175,13 @@
context 'when deploy_key is present' do
let(:deploy_key) { build(:deploy_key) }
- let(:access_level) { build(described_instance, deploy_key: deploy_key) }
+ let(:access_level) { build(described_factory, deploy_key: deploy_key) }
it { is_expected.to eq(deploy_key.title) }
end
context 'when deploy_key_id is present and deploy_key is nil' do
- let(:access_level) { build(described_instance, deploy_key_id: 0) }
+ let(:access_level) { build(described_factory, deploy_key_id: 0) }
it { is_expected.to eq('Deploy key') }
end
diff --git a/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb b/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb
index 47f3b82db623cb3be3c5fe9e451c005dbc394d89..3c6e6033470ed6eab75967f4c891635a691855cc 100644
--- a/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb
+++ b/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb
@@ -1,13 +1,13 @@
# frozen_string_literal: true
RSpec.shared_examples 'protected tag access' do
- include_examples 'protected ref access', :protected_tag
-
- let_it_be(:protected_tag) { create(:protected_tag) }
+ include_examples 'protected ref access'
it { is_expected.to belong_to(:protected_tag) }
describe '#project' do
+ let_it_be(:protected_tag) { create(:protected_tag) }
+
it 'delegates project to protected_tag association' do
allow(protected_tag).to receive(:project)