diff --git a/app/helpers/visibility_level_helper.rb b/app/helpers/visibility_level_helper.rb
index 80c651f99ff2d76c60d010f8d1ba87fd63e515b0..9795b367c5356a522751ef344b5063dfec2d45a0 100644
--- a/app/helpers/visibility_level_helper.rb
+++ b/app/helpers/visibility_level_helper.rb
@@ -53,6 +53,24 @@ def disallowed_visibility_level?(form_model, level)
!form_model.visibility_level_allowed?(level)
end
+ def disallowed_visibility_level_by_parent?(form_model, level)
+ return false unless form_model.respond_to?(:visibility_level_allowed_by_parent?)
+
+ !form_model.visibility_level_allowed_by_parent?(level)
+ end
+
+ def disallowed_visibility_level_by_projects?(form_model, level)
+ return false unless form_model.respond_to?(:visibility_level_allowed_by_projects?)
+
+ !form_model.visibility_level_allowed_by_projects?(level)
+ end
+
+ def disallowed_visibility_level_by_sub_groups?(form_model, level)
+ return false unless form_model.respond_to?(:visibility_level_allowed_by_sub_groups?)
+
+ !form_model.visibility_level_allowed_by_sub_groups?(level)
+ end
+
# Visibility level can be restricted in two ways:
#
# 1. The group permissions (e.g. a subgroup is private, which requires
@@ -69,6 +87,10 @@ def selected_visibility_level(form_model, requested_level)
[requested_level, max_allowed_visibility_level(form_model)].min
end
+ def all_visibility_levels
+ Gitlab::VisibilityLevel.values
+ end
+
def available_visibility_levels(form_model)
Gitlab::VisibilityLevel.values.reject do |level|
disallowed_visibility_level?(form_model, level) ||
@@ -76,6 +98,15 @@ def available_visibility_levels(form_model)
end
end
+ def disabled_visibility_level?(form_model, level)
+ disallowed_visibility_level?(form_model, level) ||
+ restricted_visibility_level?(level)
+ end
+
+ def restricted_visibility_level?(level)
+ restricted_visibility_levels.include?(level)
+ end
+
def snippets_selected_visibility_level(visibility_levels, selected)
visibility_levels.find { |level| level == selected } || visibility_levels.min
end
diff --git a/app/views/shared/_visibility_radios.html.haml b/app/views/shared/_visibility_radios.html.haml
index b4013cb5b80981bbe928ba48ea20d02dc4b33109..5f1352f63723a328e5b8be22ec1f627c13bfa84c 100644
--- a/app/views/shared/_visibility_radios.html.haml
+++ b/app/views/shared/_visibility_radios.html.haml
@@ -1,17 +1,30 @@
-- available_visibility_levels = available_visibility_levels(form_model)
-- selected_level = snippets_selected_visibility_level(available_visibility_levels, selected_level)
+- all_visibility_levels.each do |level|
+ - disabled_visibility_level_icon_with_popover = capture do
+ - if disabled_visibility_level?(form_model, level)
+ - popover_content = capture do
+ - if restricted_visibility_level?(level)
+ = s_('VisibilityLevel|This visibility level has been restricted by your administrator.')
+ - elsif disallowed_visibility_level_by_parent?(form_model, level)
+ = s_('VisibilityLevel|This visibility level is not allowed because the parent group has a more restrictive visibility level.')
+ - elsif disallowed_visibility_level_by_projects?(form_model, level) || disallowed_visibility_level_by_sub_groups?(form_model, level)
+ - learn_more_link_start = ''.html_safe # rubocop:disable Gitlab/DocUrl -- Not referencing this rails application; it is referencing another doc
+ - learn_more_link_end = ''.html_safe
+ = s_('VisibilityLevel|This visibility level is not allowed because a child of %{group_name} has a less restrictive visibility level. %{learn_more_link_start}Learn more%{learn_more_link_end}.').html_safe % { group_name: form_model.name, learn_more_link_start: learn_more_link_start, learn_more_link_end: learn_more_link_end }
-- available_visibility_levels.each do |level|
+ %span{
+ data: {
+ testid: 'visibility-level-not-allowed-popover',
+ container: 'body',
+ content: popover_content,
+ html: 'true',
+ title: _('Visibility level not allowed'),
+ toggle: 'popover',
+ triggers: 'hover' }
+ }
+ = sprite_icon('lock')
= form.gitlab_ui_radio_component model_method, level,
- "#{visibility_level_icon(level)} #{visibility_level_label(level)}".html_safe,
- help_text: '%{visibility_level_description}'.html_safe % { visibility_level_description: visibility_level_description(level, form_model)},
- radio_options: { checked: (selected_level == level), data: { track_label: "blank_project", track_action: "activate_form_input", track_property: "#{model_method}_#{level}", track_value: "" } },
+ "#{visibility_level_icon(level)} #{visibility_level_label(level)} #{disabled_visibility_level_icon_with_popover}".html_safe,
+ help_text: '%{visibility_level_description}%{option_disabled_reason}'.html_safe % { visibility_level_description: visibility_level_description(level, form_model), option_disabled_reason: 'Not allowed by administrators' },
+ radio_options: { checked: (selected_level == level), disabled: disabled_visibility_level?(form_model, level), data: { track_label: "blank_project", track_action: "activate_form_input", track_property: "#{model_method}_#{level}", track_value: "" } },
label_options: { class: 'js-visibility-level-radio' }
-
-
-.text-muted
- - if all_visibility_levels_restricted?
- = _('Visibility settings have been disabled by the administrator.')
- - elsif multiple_visibility_levels_restricted?
- = _('Other visibility settings have been disabled by the administrator.')
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index a6a10b3b1eaeb3bea092751064dc35bf4cd88735..91f59b521f8fe891fc9014ccef77cc3a2e2ce4bc 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -57618,6 +57618,9 @@ msgstr ""
msgid "Visibility level"
msgstr ""
+msgid "Visibility level not allowed"
+msgstr ""
+
msgid "Visibility level:"
msgstr ""
@@ -57660,6 +57663,15 @@ msgstr ""
msgid "VisibilityLevel|The project can be accessed without any authentication."
msgstr ""
+msgid "VisibilityLevel|This visibility level has been restricted by your administrator."
+msgstr ""
+
+msgid "VisibilityLevel|This visibility level is not allowed because a child of %{group_name} has a less restrictive visibility level. %{learn_more_link_start}Learn more%{learn_more_link_end}."
+msgstr ""
+
+msgid "VisibilityLevel|This visibility level is not allowed because the parent group has a more restrictive visibility level."
+msgstr ""
+
msgid "VisibilityLevel|Unknown"
msgstr ""
diff --git a/spec/features/groups/settings/general_visibility_levels_spec.rb b/spec/features/groups/settings/general_visibility_levels_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..b3eead86ffcca167168290ae6381b667f3749111
--- /dev/null
+++ b/spec/features/groups/settings/general_visibility_levels_spec.rb
@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'General settings visibility levels', :js, :aggregate_failures, feature_category: :groups_and_projects do
+ let_it_be(:group) { create(:group, :public) }
+ let_it_be(:user) { create(:user).tap { |user| group.add_owner(user) } }
+
+ before do
+ sign_in(user)
+ end
+
+ context 'with parent group internal' do
+ let_it_be(:parent_group) { create(:group, :internal) }
+ let_it_be(:group) { create(:group, :internal, parent: parent_group) }
+ let_it_be(:user) { create(:user).tap { |user| group.add_owner(user) } }
+
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_content('Visibility level')
+
+ expect(page).to have_field("Private", checked: false, disabled: false)
+ expect(page).to have_field("Internal", checked: true, disabled: false)
+ expect(page).to have_field("Public", checked: false, disabled: true)
+
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Private')
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Internal')
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Public',
+ popover_content: 'This visibility level is not allowed ' \
+ 'because the parent group has a more restrictive visibility level.'
+ )
+ end
+ end
+
+ context 'with internal child project in group' do
+ let_it_be(:project) { create(:project, :internal, group: group) }
+
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_field("Private", checked: false, disabled: true)
+ expect(page).to have_field("Internal", checked: false, disabled: false)
+ expect(page).to have_field("Public", checked: true, disabled: false)
+
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Private',
+ popover_content: "This visibility level is not allowed " \
+ "because a child of #{group.name} has a less restrictive visibility level. Learn more."
+ )
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Internal')
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Public')
+ end
+ end
+
+ context 'without restricted visibility levels' do
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_content('Visibility level')
+
+ expect(page).to have_field("Private", checked: false, disabled: false)
+ expect(page).to have_field("Internal", checked: false, disabled: false)
+ expect(page).to have_field("Public", checked: true, disabled: false)
+
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Private')
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Internal')
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Public')
+ end
+ end
+
+ context 'with restricted visibility level public' do
+ before do
+ stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+ end
+
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_field("Private", checked: false, disabled: false)
+ expect(page).to have_field("Internal", checked: false, disabled: false)
+ expect(page).to have_field("Public", checked: true, disabled: true)
+
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Private')
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Internal')
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Public',
+ popover_content: 'This visibility level has been restricted by your administrator.'
+ )
+ end
+
+ context 'with private project in group' do
+ let_it_be(:project) { create(:project, :private, group: group) }
+
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_field("Private", checked: false, disabled: false)
+ expect(page).to have_field("Internal", checked: false, disabled: false)
+ expect(page).to have_field("Public", checked: true, disabled: true)
+
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Private')
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Internal')
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Public',
+ popover_content: 'This visibility level has been restricted by your administrator.'
+ )
+ end
+ end
+
+ context 'with public project in group' do
+ let_it_be(:project) { create(:project, :public, group: group) }
+
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_field("Private", checked: false, disabled: true)
+ expect(page).to have_field("Internal", checked: false, disabled: true)
+ expect(page).to have_field("Public", checked: true, disabled: true)
+
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Private',
+ popover_content: "This visibility level is not allowed " \
+ "because a child of #{group.name} has a less restrictive visibility level. Learn more."
+ )
+
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Internal',
+ popover_content: "This visibility level is not allowed " \
+ "because a child of #{group.name} has a less restrictive visibility level. Learn more."
+ )
+
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Public',
+ popover_content: 'This visibility level has been restricted by your administrator.'
+ )
+ end
+ end
+ end
+
+ context 'with multiple restricted visibility levels "Public" and "Private"' do
+ let_it_be(:project) { create(:project, :internal, group: group) }
+
+ before do
+ stub_application_setting(
+ restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE]
+ )
+ end
+
+ it 'shows each visibility level in correct field state' do
+ visit edit_group_path(group)
+
+ expect(page).to have_field("Private", checked: false, disabled: true)
+ expect(page).to have_field("Internal", checked: false, disabled: false)
+ expect(page).to have_field("Public", checked: true, disabled: true)
+
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Private',
+ popover_content: 'This visibility level has been restricted by your administrator.'
+ )
+
+ expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text: 'Internal')
+
+ expect_popover_for_disallowed_visibility_level(
+ visibility_level_label_text: 'Public',
+ popover_content: 'This visibility level has been restricted by your administrator.'
+ )
+ end
+ end
+
+ def expect_popover_for_disallowed_visibility_level(visibility_level_label_text:, popover_content:)
+ # Checking that a popover content is not visible before hovering
+ expect(page).not_to have_content(popover_content)
+
+ within('label', text: visibility_level_label_text) do
+ find('[data-testid=visibility-level-not-allowed-popover]').hover
+ end
+
+ page.within('.gl-popover') do
+ expect(page).to have_content('Visibility level not allowed')
+ expect(page).to have_content(popover_content)
+ end
+
+ # Move cursor to another element to hide the popover
+ find('label', text: visibility_level_label_text).hover
+ end
+
+ def expect_no_popover_for_disallowed_visibility_level(visibility_level_label_text:)
+ within('label', text: visibility_level_label_text) do
+ expect(page).not_to have_selector('[data-testid=visibility-level-not-allowed-popover]')
+ end
+
+ expect(page).not_to have_selector('.gl-popover')
+ end
+end
diff --git a/spec/features/projects/new_project_spec.rb b/spec/features/projects/new_project_spec.rb
index d6b27d8c618fafd80c7ce9b162266df6c2c30ee5..e78b2469601762aac5f6f57f34e77e5a3807ed84 100644
--- a/spec/features/projects/new_project_spec.rb
+++ b/spec/features/projects/new_project_spec.rb
@@ -69,7 +69,7 @@
end
end
- it 'shows a message if multiple levels are restricted' do
+ it 'disables the radio button for visibility levels "Private" and "Internal"' do
stub_application_setting(default_project_visibility: Gitlab::VisibilityLevel::PUBLIC)
stub_application_setting(
restricted_visibility_levels: [Gitlab::VisibilityLevel::PRIVATE, Gitlab::VisibilityLevel::INTERNAL]
@@ -78,16 +78,20 @@
visit new_project_path
click_link 'Create blank project'
- expect(page).to have_content 'Other visibility settings have been disabled by the administrator.'
+ expect(page).to have_field("Private", checked: false, disabled: true)
+ expect(page).to have_field("Internal", checked: false, disabled: true)
+ expect(page).to have_field("Public", checked: true, disabled: false)
end
- it 'shows a message if all levels are restricted' do
+ it 'disables all radio button for visibility levels' do
stub_application_setting(restricted_visibility_levels: Gitlab::VisibilityLevel.values)
visit new_project_path
click_link 'Create blank project'
- expect(page).to have_content 'Visibility settings have been disabled by the administrator.'
+ expect(page).to have_field("Private", checked: true, disabled: true)
+ expect(page).to have_field("Internal", checked: false, disabled: true)
+ expect(page).to have_field("Public", checked: false, disabled: true)
end
end
diff --git a/spec/helpers/visibility_level_helper_spec.rb b/spec/helpers/visibility_level_helper_spec.rb
index c2027c35ab3a3ec7a93d014ecfbaf8a4a93f8eba..7a90a79d56e095636b0dfda8bb47d0a84a504e1b 100644
--- a/spec/helpers/visibility_level_helper_spec.rb
+++ b/spec/helpers/visibility_level_helper_spec.rb
@@ -152,6 +152,75 @@
end
end
+ describe '#disallowed_visibility_level_by_parent?' do
+ using RSpec::Parameterized::TableSyntax
+
+ let(:parent_group) { create(:group, parent_group_visibility_level) }
+ let(:group) { build(:group, :private, parent: parent_group) }
+
+ subject { helper.disallowed_visibility_level_by_parent?(group, visibility_level) }
+
+ where(:parent_group_visibility_level, :visibility_level, :expected) do
+ :public | Gitlab::VisibilityLevel::PUBLIC | false
+ :public | Gitlab::VisibilityLevel::INTERNAL | false
+ :public | Gitlab::VisibilityLevel::PRIVATE | false
+ :internal | Gitlab::VisibilityLevel::PUBLIC | true
+ :internal | Gitlab::VisibilityLevel::INTERNAL | false
+ :internal | Gitlab::VisibilityLevel::PRIVATE | false
+ :private | Gitlab::VisibilityLevel::PUBLIC | true
+ :private | Gitlab::VisibilityLevel::INTERNAL | true
+ :private | Gitlab::VisibilityLevel::PRIVATE | false
+ end
+
+ with_them do
+ it { is_expected.to eq expected }
+ end
+ end
+
+ shared_examples_for 'disallowed visibility level by child' do
+ using RSpec::Parameterized::TableSyntax
+
+ where(:child_visibility_level, :visibility_level, :expected) do
+ Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PUBLIC | false
+ Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+ Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PRIVATE | true
+ Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PUBLIC | false
+ Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::INTERNAL | false
+ Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PRIVATE | true
+ Gitlab::VisibilityLevel::PRIVATE | Gitlab::VisibilityLevel::PUBLIC | false
+ Gitlab::VisibilityLevel::PRIVATE | Gitlab::VisibilityLevel::INTERNAL | false
+ Gitlab::VisibilityLevel::PRIVATE | Gitlab::VisibilityLevel::PRIVATE | false
+ end
+
+ with_them do
+ before do
+ child.update!(visibility_level: child_visibility_level)
+ end
+
+ it { is_expected.to eq expected }
+ end
+ end
+
+ describe '#disallowed_visibility_level_by_projects?' do
+ let_it_be(:group) { create(:group, :public) }
+
+ let_it_be_with_reload(:child) { create(:project, group: group) }
+
+ subject { helper.disallowed_visibility_level_by_projects?(group, visibility_level) }
+
+ it_behaves_like 'disallowed visibility level by child'
+ end
+
+ describe '#disallowed_visibility_level_by_sub_groups?' do
+ let_it_be(:group) { create(:group, :public) }
+
+ let_it_be_with_reload(:child) { create(:group, parent: group) }
+
+ subject { helper.disallowed_visibility_level_by_sub_groups?(group, visibility_level) }
+
+ it_behaves_like 'disallowed visibility level by child'
+ end
+
describe "selected_visibility_level" do
let(:group) { create(:group, :public) }
let!(:project) { create(:project, :internal, group: group) }
@@ -323,4 +392,102 @@
it { is_expected.to eq(expected) }
end
end
+
+ describe '#all_visibility_levels' do
+ subject { helper.all_visibility_levels }
+
+ it 'returns all visibility levels' do
+ is_expected.to eq [
+ Gitlab::VisibilityLevel::PRIVATE,
+ Gitlab::VisibilityLevel::INTERNAL,
+ Gitlab::VisibilityLevel::PUBLIC
+ ]
+ end
+ end
+
+ describe '#disabled_visibility_level?' do
+ using RSpec::Parameterized::TableSyntax
+
+ let_it_be(:user) { create(:user) }
+ let_it_be(:group) { create(:group, :public) }
+ let_it_be_with_reload(:child) { create(:project, group: group) }
+
+ subject { helper.disabled_visibility_level?(group, visibility_level) }
+
+ where(:restricted_visibility_levels, :child_visibility_level, :visibility_level, :expected) do
+ [] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PUBLIC | false
+ [] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+ [] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PRIVATE | true
+ [] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PUBLIC | false
+ [] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::INTERNAL | false
+ [] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PRIVATE | true
+ [] | Gitlab::VisibilityLevel::PRIVATE | Gitlab::VisibilityLevel::PUBLIC | false
+ [] | Gitlab::VisibilityLevel::PRIVATE | Gitlab::VisibilityLevel::INTERNAL | false
+ [] | Gitlab::VisibilityLevel::PRIVATE | Gitlab::VisibilityLevel::PRIVATE | false
+
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PUBLIC | true
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PRIVATE | true
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PUBLIC | true
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::INTERNAL | false
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PRIVATE | true
+
+ [Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PUBLIC | false
+ [Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+ [Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PRIVATE | true
+ [Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PUBLIC | false
+ [Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::INTERNAL | true
+ [Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::INTERNAL | Gitlab::VisibilityLevel::PRIVATE | true
+
+ [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PUBLIC | true
+ [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+ [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+
+ Gitlab::VisibilityLevel.values | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::PUBLIC | true
+ Gitlab::VisibilityLevel.values | Gitlab::VisibilityLevel::PUBLIC | Gitlab::VisibilityLevel::INTERNAL | true
+ end
+
+ with_them do
+ before do
+ allow(helper).to receive(:current_user) { user }
+ stub_application_setting(restricted_visibility_levels: restricted_visibility_levels)
+
+ child.update!(visibility_level: child_visibility_level)
+ end
+
+ it { is_expected.to eq expected }
+ end
+ end
+
+ describe '#restricted_visibility_level?' do
+ using RSpec::Parameterized::TableSyntax
+
+ let(:user) { create(:user) }
+
+ subject { helper.restricted_visibility_level?(visibility_level) }
+
+ where(:restricted_visibility_levels, :visibility_level, :expected) do
+ [] | Gitlab::VisibilityLevel::PUBLIC | false
+ [] | Gitlab::VisibilityLevel::INTERNAL | false
+ [] | Gitlab::VisibilityLevel::PRIVATE | false
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::PUBLIC | true
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::INTERNAL | false
+ [Gitlab::VisibilityLevel::PUBLIC] | Gitlab::VisibilityLevel::PRIVATE | false
+ [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PUBLIC | true
+ [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::INTERNAL | true
+ [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL] | Gitlab::VisibilityLevel::PRIVATE | false
+ Gitlab::VisibilityLevel.values | Gitlab::VisibilityLevel::PUBLIC | true
+ Gitlab::VisibilityLevel.values | Gitlab::VisibilityLevel::INTERNAL | true
+ Gitlab::VisibilityLevel.values | Gitlab::VisibilityLevel::PRIVATE | true
+ end
+
+ with_them do
+ before do
+ allow(helper).to receive(:current_user) { user }
+ stub_application_setting(restricted_visibility_levels: restricted_visibility_levels)
+ end
+
+ it { is_expected.to eq expected }
+ end
+ end
end