Bugfix: User can't change the access level of an access requester

The endpoint was returning 404 because it was only searching on the
current members of a Group or Project and not the access requesters.

1 files changed, 20 insertions, 0 deletions

diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index a34dc27a5ed..290dba0610a 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -66,6 +66,26 @@ describe Projects::ProjectMembersController do
     end
   end
 
+  describe 'PUT update' do
+    let(:requester) { create(:project_member, :access_request, project: project) }
+
+    before do
+      project.add_master(user)
+      sign_in(user)
+    end
+
+    Gitlab::Access.options.each do |label, value|
+      it "can change the access level to #{label}" do
+        xhr :put, :update, project_member: { access_level: value },
+                           namespace_id: project.namespace,
+                           project_id: project,
+                           id: requester
+
+        expect(requester.reload.human_access).to eq(label)
+      end
+    end
+  end
+
   describe 'DELETE destroy' do
     let(:member) { create(:project_member, :developer, project: project) }