Cucumber Ltd / jam

Private projectsfeatures/manage_projects/private_projects.feature

Release Crystal Apple (2018-02-01)

Romain GĂ©rard

Currently viewing

Results for this document from 4 runs in latest build #7117 :

  • passed 12
  • total12 / 239

Feature: Private projects

Whether or not a user can interact with a project depends on a number of rules.

Rules

  • Private projects are only available on the SaaS
  • Public projects can be seen by anyone
    • Unauthenticated users
    • Authenticated users
  • Private projects can only be accessed by (authenticated) collaborators

At the HTTP level, we translate "permission denied errors" into "404 Not Found" so that people cannot discover private projects through brute- force.

Background:

  • Given the app is running on the SaaS
  • And Jo has created these metered SaaS licenses:
    Name
    Zappas
  • And Jo has created the following projects:
    NamePrivateLicense
    beta-projectYesZappas
  • And Lucy has accepted Jo's invitations to collaborate on:
    beta-project

Scenario: you can view your own private projects

  • When Jo creates a private project called alpha-project
  • Then Jo should see alpha-project's name and repo URL
  • And Jo should see that alpha-project is private

Scenario: you can't view a private project if you're not logged in

  • When AnonymousVisitor tries to view beta-project
  • Then AnonymousVisitor should be denied access to the project

Scenario: you can view your private projects you're a collaborator on

  • When Lucy tries to view beta-project
  • Then Lucy should see beta-project's name and repo URL
  • And Lucy should see that beta-project is private

Scenario: you can't view a private project if you're not a collaborator

  • When Bob tries to view janes-private-project
  • Then Bob should be denied access to the project