Add latest changes from gitlab-org/security/gitlab@13-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-10-01 01:02:13 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-10-01 01:02:13 +0300
commit: 516fba52cf280b9d5bad08dce9f0150f859b6cea (patch)
tree: 4dad71be856651af62c9a281b01087ae15480810 /spec/controllers
parent: c90be62bdefdb6bb67c73a9c4a6d164c9f78a28d (diff)
2 files changed, 167 insertions, 17 deletions
diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb
index 85f1b247ee9..4b9dd3629f1 100644
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@@ -139,6 +139,45 @@ RSpec.describe Groups::GroupMembersController do
         expect(group.users).not_to include group_user
       end
     end
+
+    context 'access expiry date' do
+      before do
+        group.add_owner(user)
+      end
+
+      subject do
+        post :create, params: {
+                        group_id: group,
+                        user_ids: group_user.id,
+                        access_level: Gitlab::Access::GUEST,
+                        expires_at: expires_at
+                      }
+      end
+
+      context 'when set to a date in the past' do
+        let(:expires_at) { 2.days.ago }
+
+        it 'does not add user to members' do
+          subject
+
+          expect(flash[:alert]).to include('Expires at cannot be a date in the past')
+          expect(response).to redirect_to(group_group_members_path(group))
+          expect(group.users).not_to include group_user
+        end
+      end
+
+      context 'when set to a date in the future' do
+        let(:expires_at) { 5.days.from_now }
+
+        it 'adds user to members' do
+          subject
+
+          expect(response).to set_flash.to 'Users were successfully added.'
+          expect(response).to redirect_to(group_group_members_path(group))
+          expect(group.users).to include group_user
+        end
+      end
+    end
   end
 
   describe 'PUT update' do
@@ -149,15 +188,49 @@ RSpec.describe Groups::GroupMembersController do
       sign_in(user)
     end
 
-    Gitlab::Access.options.each do |label, value|
-      it "can change the access level to #{label}" do
-        put :update, params: {
-          group_member: { access_level: value },
-          group_id: group,
-          id: requester
-        }, xhr: true
+    context 'access level' do
+      Gitlab::Access.options.each do |label, value|
+        it "can change the access level to #{label}" do
+          put :update, params: {
+            group_member: { access_level: value },
+            group_id: group,
+            id: requester
+          }, xhr: true
 
-        expect(requester.reload.human_access).to eq(label)
+          expect(requester.reload.human_access).to eq(label)
+        end
+      end
+    end
+
+    context 'access expiry date' do
+      subject do
+        put :update, xhr: true, params: {
+                                          group_member: {
+                                            expires_at: expires_at
+                                          },
+                                          group_id: group,
+                                          id: requester
+                                        }
+      end
+
+      context 'when set to a date in the past' do
+        let(:expires_at) { 2.days.ago }
+
+        it 'does not update the member' do
+          subject
+
+          expect(requester.reload.expires_at).not_to eq(expires_at.to_date)
+        end
+      end
+
+      context 'when set to a date in the future' do
+        let(:expires_at) { 5.days.from_now }
+
+        it 'updates the member' do
+          subject
+
+          expect(requester.reload.expires_at).to eq(expires_at.to_date)
+        end
       end
     end
   end
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index 40a220d57a7..ae05e2d2631 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -129,6 +129,46 @@ RSpec.describe Projects::ProjectMembersController do
         expect(response).to redirect_to(project_project_members_path(project))
       end
     end
+
+    context 'access expiry date' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      subject do
+        post :create, params: {
+                        namespace_id: project.namespace,
+                        project_id: project,
+                        user_ids: project_user.id,
+                        access_level: Gitlab::Access::GUEST,
+                        expires_at: expires_at
+                      }
+      end
+
+      context 'when set to a date in the past' do
+        let(:expires_at) { 2.days.ago }
+
+        it 'does not add user to members' do
+          subject
+
+          expect(flash[:alert]).to include('Expires at cannot be a date in the past')
+          expect(response).to redirect_to(project_project_members_path(project))
+          expect(project.users).not_to include project_user
+        end
+      end
+
+      context 'when set to a date in the future' do
+        let(:expires_at) { 5.days.from_now }
+
+        it 'adds user to members' do
+          subject
+
+          expect(response).to set_flash.to 'Users were successfully added.'
+          expect(response).to redirect_to(project_project_members_path(project))
+          expect(project.users).to include project_user
+        end
+      end
+    end
   end
 
   describe 'PUT update' do
@@ -139,16 +179,53 @@ RSpec.describe Projects::ProjectMembersController do
       sign_in(user)
     end
 
-    Gitlab::Access.options.each do |label, value|
-      it "can change the access level to #{label}" do
-        put :update, params: {
-          project_member: { access_level: value },
-          namespace_id: project.namespace,
-          project_id: project,
-          id: requester
-        }, xhr: true
+    context 'access level' do
+      Gitlab::Access.options.each do |label, value|
+        it "can change the access level to #{label}" do
+          params = {
+            project_member: { access_level: value },
+            namespace_id: project.namespace,
+            project_id: project,
+            id: requester
+          }
+
+          put :update, params: params, xhr: true
+
+          expect(requester.reload.human_access).to eq(label)
+        end
+      end
+    end
+
+    context 'access expiry date' do
+      subject do
+        put :update, xhr: true, params: {
+                                          project_member: {
+                                            expires_at: expires_at
+                                          },
+                                          namespace_id: project.namespace,
+                                          project_id: project,
+                                          id: requester
+                                        }
+      end
 
-        expect(requester.reload.human_access).to eq(label)
+      context 'when set to a date in the past' do
+        let(:expires_at) { 2.days.ago }
+
+        it 'does not update the member' do
+          subject
+
+          expect(requester.reload.expires_at).not_to eq(expires_at.to_date)
+        end
+      end
+
+      context 'when set to a date in the future' do
+        let(:expires_at) { 5.days.from_now }
+
+        it 'updates the member' do
+          subject
+
+          expect(requester.reload.expires_at).to eq(expires_at.to_date)
+        end
       end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-10-01 01:02:13 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-10-01 01:02:13 +0300
commit	516fba52cf280b9d5bad08dce9f0150f859b6cea (patch)
tree	4dad71be856651af62c9a281b01087ae15480810 /spec/controllers
parent	c90be62bdefdb6bb67c73a9c4a6d164c9f78a28d (diff)