diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-20 13:43:29 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-20 13:43:29 +0300 |
commit | 3b1af5cc7ed2666ff18b718ce5d30fa5a2756674 (patch) | |
tree | 3bc4a40e0ee51ec27eabf917c537033c0c5b14d4 /spec/controllers/groups | |
parent | 9bba14be3f2c211bf79e15769cd9b77bc73a13bc (diff) |
Add latest changes from gitlab-org/gitlab@16-1-stable-eev16.1.0-rc42
Diffstat (limited to 'spec/controllers/groups')
6 files changed, 101 insertions, 87 deletions
diff --git a/spec/controllers/groups/children_controller_spec.rb b/spec/controllers/groups/children_controller_spec.rb index 2e37ed95c1c..ee8b2dce298 100644 --- a/spec/controllers/groups/children_controller_spec.rb +++ b/spec/controllers/groups/children_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Groups::ChildrenController, feature_category: :subgroups do +RSpec.describe Groups::ChildrenController, feature_category: :groups_and_projects do include ExternalAuthorizationServiceHelpers let(:group) { create(:group, :public) } diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb index f36494c3d78..6c747d4f00f 100644 --- a/spec/controllers/groups/clusters_controller_spec.rb +++ b/spec/controllers/groups/clusters_controller_spec.rb @@ -115,46 +115,6 @@ RSpec.describe Groups::ClustersController, feature_category: :deployment_managem end end - it_behaves_like 'GET #metrics_dashboard for dashboard', 'Cluster health' do - let(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) } - - let(:metrics_dashboard_req_params) do - { - id: cluster.id, - group_id: group.name - } - end - end - - describe 'GET #prometheus_proxy' do - let(:proxyable) do - create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) - end - - it_behaves_like 'metrics dashboard prometheus api proxy' do - let(:proxyable_params) do - { - id: proxyable.id.to_s, - group_id: group.name - } - end - - context 'with anonymous user' do - let(:prometheus_body) { nil } - - before do - sign_out(user) - end - - it 'returns 404' do - get :prometheus_proxy, params: prometheus_proxy_params - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - end - describe 'POST create for existing cluster' do let(:params) do { @@ -353,41 +313,6 @@ RSpec.describe Groups::ClustersController, feature_category: :deployment_managem let(:subject) { go } end - describe 'functionality' do - context 'when remove_monitor_metrics FF is disabled' do - before do - stub_feature_flags(remove_monitor_metrics: false) - end - - render_views - - it 'renders view' do - go - - expect(response).to have_gitlab_http_status(:ok) - expect(assigns(:cluster)).to eq(cluster) - end - - it 'renders integration tab view', :aggregate_failures do - go(tab: 'integrations') - - expect(response).to render_template('clusters/clusters/_integrations') - expect(response).to have_gitlab_http_status(:ok) - end - end - - context 'when remove_monitor_metrics FF is enabled' do - render_views - - it 'renders details tab view', :aggregate_failures do - go(tab: 'integrations') - - expect(response).to render_template('clusters/clusters/_details') - expect(response).to have_gitlab_http_status(:ok) - end - end - end - describe 'security' do it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index a59c90a3cf2..89a75fb53f2 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -28,7 +28,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do let(:image) { '../path_traversal' } it 'raises an error' do - expect { subject }.to raise_error(Gitlab::Utils::PathTraversalAttackError, 'Invalid path') + expect { subject }.to raise_error(Gitlab::PathTraversal::PathTraversalAttackError, 'Invalid path') end end @@ -36,7 +36,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do let(:tag) { 'latest%2f..%2f..%2fpath_traversal' } it 'raises an error' do - expect { subject }.to raise_error(Gitlab::Utils::PathTraversalAttackError, 'Invalid path') + expect { subject }.to raise_error(Gitlab::PathTraversal::PathTraversalAttackError, 'Invalid path') end end end diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb index 87030448b30..fa2a2277e85 100644 --- a/spec/controllers/groups/milestones_controller_spec.rb +++ b/spec/controllers/groups/milestones_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Groups::MilestonesController do +RSpec.describe Groups::MilestonesController, feature_category: :team_planning do let(:group) { create(:group, :public) } let!(:project) { create(:project, :public, group: group) } let!(:project2) { create(:project, group: group) } @@ -275,6 +275,57 @@ RSpec.describe Groups::MilestonesController do expect(response).not_to redirect_to(group_milestone_path(group, milestone.iid)) expect(response).to render_template(:edit) end + + context 'with format :json' do + subject do + patch :update, + params: { + id: milestone.iid, + milestone: milestone_params, + group_id: group.to_param, + format: :json + } + end + + it "responds :no_content (204) without content body and updates milestone sucessfully" do + subject + + expect(response).to have_gitlab_http_status(:no_content) + expect(response.body).to be_blank + + milestone.reload + + expect(milestone).to have_attributes(title: milestone_params[:title]) + end + + it 'responds unprocessable_entity (422) with error data' do + # Note: This assignment ensures and triggers a validation error when updating the milestone. + # Same approach used in spec/models/milestone_spec.rb . + milestone_params[:title] = '<img src=x onerror=prompt(1)>' + + subject + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + + expect(json_response).to include("errors" => be_an(Array)) + end + + it "handles ActiveRecord::StaleObjectError" do + milestone_params[:title] = "title changed" + # Purposely reduce the `lock_version` to trigger an ActiveRecord::StaleObjectError + milestone_params[:lock_version] = milestone.lock_version - 1 + + subject + + expect(response).to have_gitlab_http_status(:conflict) + expect(json_response).to include "errors" => [ + format( + _("Someone edited this %{model_name} at the same time you did. Please refresh your browser and make sure your changes will not unintentionally remove theirs."), # rubocop:disable Layout/LineLength + model_name: _('milestone') + ) + ] + end + end end describe "#destroy" do diff --git a/spec/controllers/groups/settings/integrations_controller_spec.rb b/spec/controllers/groups/settings/integrations_controller_spec.rb index 3ae43c8ab7c..e21010b76f7 100644 --- a/spec/controllers/groups/settings/integrations_controller_spec.rb +++ b/spec/controllers/groups/settings/integrations_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Groups::Settings::IntegrationsController do +RSpec.describe Groups::Settings::IntegrationsController, feature_category: :integrations do let_it_be(:user) { create(:user) } let_it_be(:group) { create(:group) } @@ -52,7 +52,11 @@ RSpec.describe Groups::Settings::IntegrationsController do describe '#edit' do context 'when user is not owner' do it 'renders not_found' do - get :edit, params: { group_id: group, id: Integration.available_integration_names(include_project_specific: false).sample } + get :edit, + params: { + group_id: group, + id: Integration.available_integration_names(include_project_specific: false).sample + } expect(response).to have_gitlab_http_status(:not_found) end @@ -88,7 +92,7 @@ RSpec.describe Groups::Settings::IntegrationsController do put :update, params: { group_id: group, id: integration.class.to_param, service: params } end - context 'valid params' do + context 'with valid params' do let(:params) { { url: 'https://jira.gitlab-example.com', password: 'password' } } it 'updates the integration' do @@ -97,7 +101,7 @@ RSpec.describe Groups::Settings::IntegrationsController do end end - context 'invalid params' do + context 'with invalid params' do let(:params) { { url: 'invalid', password: 'password' } } it 'does not update the integration' do diff --git a/spec/controllers/groups/uploads_controller_spec.rb b/spec/controllers/groups/uploads_controller_spec.rb index 645360289d1..6649e8f057c 100644 --- a/spec/controllers/groups/uploads_controller_spec.rb +++ b/spec/controllers/groups/uploads_controller_spec.rb @@ -40,8 +40,8 @@ RSpec.describe Groups::UploadsController do let(:user) { create(:user) } let(:jpg) { fixture_file_upload('spec/fixtures/rails_sample.jpg', 'image/jpg') } let(:txt) { fixture_file_upload('spec/fixtures/doc_sample.txt', 'text/plain') } - let(:secret) { FileUploader.generate_secret } - let(:uploader_class) { FileUploader } + let(:uploader_class) { NamespaceFileUploader } + let(:secret) { uploader_class.generate_secret } let(:upload_service) do UploadService.new(model, jpg, uploader_class).execute @@ -52,9 +52,9 @@ RSpec.describe Groups::UploadsController do end before do - allow(FileUploader).to receive(:generate_secret).and_return(secret) + allow(uploader_class).to receive(:generate_secret).and_return(secret) - allow_next_instance_of(FileUploader) do |instance| + allow_next_instance_of(uploader_class) do |instance| allow(instance).to receive(:image?).and_return(true) end @@ -72,6 +72,40 @@ RSpec.describe Groups::UploadsController do expect(response).to have_gitlab_http_status(:ok) end + + context 'when uploader class does not match the upload' do + let(:uploader_class) { FileUploader } + + it 'responds with status 200 but logs a deprecation message' do + expect(Gitlab::AppJsonLogger).to receive(:info).with( + message: 'Deprecated usage of build_uploader_from_params', + uploader_class: uploader_class.name, + path: filename, + exists: true + ) + + show_upload + + expect(response).to have_gitlab_http_status(:ok) + end + end + + context 'when filename does not match' do + let(:invalid_filename) { 'invalid_filename.jpg' } + + it 'responds with status 404 and logs a deprecation message' do + expect(Gitlab::AppJsonLogger).to receive(:info).with( + message: 'Deprecated usage of build_uploader_from_params', + uploader_class: uploader_class.name, + path: invalid_filename, + exists: false + ) + + get :show, params: params.merge(secret: secret, filename: invalid_filename) + + expect(response).to have_gitlab_http_status(:not_found) + end + end end context "when signed in" do |