spec/lib/ssh_access_spec.rb

	ssh_access_spec.rb revision d60ddfb99765ab4fe956503f3f83d9c8f493eb99
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehaserequire 'spec_helper'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehasedescribe SshAccess do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase  let(:permission) { create :permission, role: 'reader' }
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase  let(:user) { permission.subject }
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase  let(:repository) { permission.item }
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase  context 'without a permission' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow read on public readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow write on public readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow read on public read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow write on public read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow read on private readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow write on private readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow read on private read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow write on private read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', nil, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase  end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase  context 'with permission' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase    context 'denoting owner rights' do
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      let(:permission) { create :permission, role: 'owner' }
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      it 'should allow write on public readable repository' do
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        repository.access = 'public_r'
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        access = described_class.determine_permission('write', permission, repository)
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        expect(access).to be_true
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      end
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      it 'should allow write on private readable repository' do
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        repository.access = 'private_r'
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        access = described_class.determine_permission('write', permission, repository)
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        expect(access).to be_true
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      end
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase    end
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase    context 'denoting editor rights' do
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      let(:permission) { create :permission, role: 'editor' }
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      it 'should allow write on public readable repository' do
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        repository.access = 'public_r'
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        access = described_class.determine_permission('write', permission, repository)
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        expect(access).to be_true
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      end
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      it 'should allow write on private readable repository' do
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        repository.access = 'private_r'
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        access = described_class.determine_permission('write', permission, repository)
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase        expect(access).to be_true
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase      end
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase    end
d60ddfb99765ab4fe956503f3f83d9c8f493eb99Tim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow read on public readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow write on public readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow read on public read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow write on public read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'public_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow read on private readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should disallow write on private readable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_r'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_false
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow read on private read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('read', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    it 'should allow write on private read-writeable repository' do
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      repository.access = 'private_rw'
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      access = described_class.determine_permission('write', permission, repository)
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase      expect(access).to be_true
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase    end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase  end
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehase
0dcf2700340141bc08344977e966e7ec095a8e8eTim Reddehaseend