2025-08-16 15:57:22 +00:00 · 2022-01-08 00:14:32 +00:00
parent f0b862a982
commit c00e3e49ef
55 changed files with 886 additions and 435 deletions
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@ -6,7 +6,7 @@ RSpec.describe GroupPolicy do
  include_context 'GroupPolicy context'

  context 'public group with no user' do
-    let(:group) { create(:group, :public) }
+    let(:group) { create(:group, :public, :crm_enabled) }
    let(:current_user) { nil }

    it do
@ -975,7 +975,7 @@ RSpec.describe GroupPolicy do
    it { expect_disallowed(:read_label) }

    context 'when group hierarchy has a project with service desk enabled' do
-      let_it_be(:subgroup) { create(:group, :private, parent: group)}
+      let_it_be(:subgroup) { create(:group, :private, parent: group) }
      let_it_be(:project) { create(:project, group: subgroup, service_desk_enabled: true) }

      it { expect_allowed(:read_label) }
@ -983,6 +983,49 @@ RSpec.describe GroupPolicy do
    end
  end

+  context "project bots" do
+    let(:project_bot) { create(:user, :project_bot) }
+    let(:user) { create(:user) }
+
+    context "project_bot_access" do
+      context "when regular user and part of the group" do
+        let(:current_user) { user }
+
+        before do
+          group.add_developer(user)
+        end
+
+        it { is_expected.not_to be_allowed(:project_bot_access) }
+      end
+
+      context "when project bot and not part of the project" do
+        let(:current_user) { project_bot }
+
+        it { is_expected.not_to be_allowed(:project_bot_access) }
+      end
+
+      context "when project bot and part of the project" do
+        let(:current_user) { project_bot }
+
+        before do
+          group.add_developer(project_bot)
+        end
+
+        it { is_expected.to be_allowed(:project_bot_access) }
+      end
+    end
+
+    context 'with resource access tokens' do
+      let(:current_user) { project_bot }
+
+      before do
+        group.add_maintainer(project_bot)
+      end
+
+      it { is_expected.not_to be_allowed(:create_resource_access_tokens) }
+    end
+  end
+
  describe 'update_runners_registration_token' do
    context 'admin' do
      let(:current_user) { admin }
@ -1113,7 +1156,7 @@ RSpec.describe GroupPolicy do
    end
  end

-  context 'with customer_relations feature flag disabled' do
+  context 'with customer relations feature flag disabled' do
    let(:current_user) { owner }

    before do
@ -1125,4 +1168,14 @@ RSpec.describe GroupPolicy do
    it { is_expected.to be_disallowed(:admin_crm_contact) }
    it { is_expected.to be_disallowed(:admin_crm_organization) }
  end
+
+  context 'when crm_enabled is false' do
+    let(:group) { create(:group) }
+    let(:current_user) { owner }
+
+    it { is_expected.to be_disallowed(:read_crm_contact) }
+    it { is_expected.to be_disallowed(:read_crm_organization) }
+    it { is_expected.to be_disallowed(:admin_crm_contact) }
+    it { is_expected.to be_disallowed(:admin_crm_organization) }
+  end
 end