Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-07-01 03:49:57 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-07-01 03:49:57 +0300
commit: c31c9f964a81f104f4c265b6082b469361fb1653 (patch)
tree: ff99939150d948ed8e8a1fb1139eb8fac778e69b /spec/controllers
parent: c6c26f3b730d4bbc567aee33b4c6fd621517055e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb
index f2d86b1b166..aed97a01a72 100644
--- a/spec/controllers/graphql_controller_spec.rb
+++ b/spec/controllers/graphql_controller_spec.rb
@@ -44,7 +44,7 @@ RSpec.describe GraphqlController do
         expect(response).to have_gitlab_http_status(:ok)
       end
 
-      it 'returns access denied template when user cannot access API' do
+      it 'returns forbidden when user cannot access API' do
         # User cannot access API in a couple of cases
         # * When user is internal(like ghost users)
         # * When user is blocked
@@ -54,7 +54,9 @@ RSpec.describe GraphqlController do
         post :execute
 
         expect(response).to have_gitlab_http_status(:forbidden)
-        expect(response).to render_template('errors/access_denied')
+        expect(json_response).to include(
+          'errors' => include(a_hash_including('message' => /API not accessible/))
+        )
       end
 
       it 'updates the users last_activity_on field' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-07-01 03:49:57 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-07-01 03:49:57 +0300
commit	c31c9f964a81f104f4c265b6082b469361fb1653 (patch)
tree	ff99939150d948ed8e8a1fb1139eb8fac778e69b /spec/controllers
parent	c6c26f3b730d4bbc567aee33b4c6fd621517055e (diff)