Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-07-28 21:09:03 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-07-28 21:09:03 +0300
commit: b420660ef1369fec4d09b7bf5e961d81980974e5 (patch)
tree: f096fdd1bd3b4898e1b2ca80957ce68c200c09f0 /spec/controllers
parent: b8026fd558e7ec154c626208a33c1485aec8f4ea (diff)
2 files changed, 62 insertions, 37 deletions
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index e874df62cd7..70e58124d21 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -378,63 +378,74 @@ RSpec.describe AutocompleteController do
   end
 
   context 'GET deploy_keys_with_owners' do
-    let!(:deploy_key) { create(:deploy_key, user: user) }
-    let!(:deploy_keys_project) { create(:deploy_keys_project, :write_access, project: project, deploy_key: deploy_key) }
+    let_it_be(:public_project) { create(:project, :public) }
+    let_it_be(:user) { create(:user) }
+    let_it_be(:deploy_key) { create(:deploy_key, user: user) }
+    let_it_be(:deploy_keys_project) do
+      create(:deploy_keys_project, :write_access, project: public_project, deploy_key: deploy_key)
+    end
 
     context 'unauthorized user' do
       it 'returns a not found response' do
-        get(:deploy_keys_with_owners, params: { project_id: project.id })
+        get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
         expect(response).to have_gitlab_http_status(:redirect)
       end
     end
 
-    context 'when the user who can read the project is logged in' do
+    context 'when the user is logged in' do
       before do
         sign_in(user)
       end
 
-      context 'and they cannot read the project' do
+      context 'with a non-existing project' do
         it 'returns a not found response' do
-          allow(Ability).to receive(:allowed?).and_call_original
-          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(false)
-
-          get(:deploy_keys_with_owners, params: { project_id: project.id })
+          get(:deploy_keys_with_owners, params: { project_id: 9999 })
 
           expect(response).to have_gitlab_http_status(:not_found)
         end
       end
 
-      it 'renders the deploy key in a json payload, with its owner' do
-        get(:deploy_keys_with_owners, params: { project_id: project.id })
+      context 'with an existing project' do
+        context 'when user cannot admin project' do
+          it 'returns a forbidden response' do
+            get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
-        expect(json_response.count).to eq(1)
-        expect(json_response.first['title']).to eq(deploy_key.title)
-        expect(json_response.first['owner']['id']).to eq(deploy_key.user.id)
-        expect(json_response.first['deploy_keys_projects']).to be_nil
-      end
+            expect(response).to have_gitlab_http_status(:forbidden)
+          end
+        end
 
-      context 'with an unknown project' do
-        it 'returns a not found response' do
-          get(:deploy_keys_with_owners, params: { project_id: 9999 })
+        context 'when user can admin project' do
+          before do
+            public_project.add_maintainer(user)
+          end
 
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
+          context 'and user can read owner of key' do
+            it 'renders the deploy keys in a json payload, with owner' do
+              get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
-      context 'and the user cannot read the owner of the key' do
-        before do
-          allow(Ability).to receive(:allowed?).and_call_original
-          allow(Ability).to receive(:allowed?).with(user, :read_user, deploy_key.user).and_return(false)
-        end
+              expect(json_response.count).to eq(1)
+              expect(json_response.first['title']).to eq(deploy_key.title)
+              expect(json_response.first['owner']['id']).to eq(deploy_key.user.id)
+              expect(json_response.first['deploy_keys_projects']).to be_nil
+            end
+          end
+
+          context 'and user cannot read owner of key' do
+            before do
+              allow(Ability).to receive(:allowed?).and_call_original
+              allow(Ability).to receive(:allowed?).with(user, :read_user, deploy_key.user).and_return(false)
+            end
 
-        it 'returns a payload without owner' do
-          get(:deploy_keys_with_owners, params: { project_id: project.id })
+            it 'returns a payload without owner' do
+              get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
-          expect(json_response.count).to eq(1)
-          expect(json_response.first['title']).to eq(deploy_key.title)
-          expect(json_response.first['owner']).to be_nil
-          expect(json_response.first['deploy_keys_projects']).to be_nil
+              expect(json_response.count).to eq(1)
+              expect(json_response.first['title']).to eq(deploy_key.title)
+              expect(json_response.first['owner']).to be_nil
+              expect(json_response.first['deploy_keys_projects']).to be_nil
+            end
+          end
         end
       end
     end
diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb
index c5e693e3489..b3b7753df61 100644
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -143,14 +143,28 @@ RSpec.describe InvitesController do
 
           context 'when user exists with the invited email as secondary email' do
             before do
-              secondary_email = create(:email, user: user, email: 'foo@example.com')
               member.update!(invite_email: secondary_email.email)
             end
 
-            it 'is redirected to a new session with invite email param' do
-              request
+            context 'when secondary email is confirmed' do
+              let(:secondary_email) { create(:email, :confirmed, user: user, email: 'foo@example.com') }
 
-              expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
+              it 'is redirected to a new session with invite email param' do
+                request
+
+                expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
+              end
+            end
+
+            context 'when secondary email is unconfirmed' do
+              let(:secondary_email) { create(:email, user: user, email: 'foo@example.com') }
+
+              it 'is redirected to a new registration with invite email param and flash message', :aggregate_failures do
+                request
+
+                expect(response).to redirect_to(new_user_registration_path(invite_email: member.invite_email))
+                expect(flash[:notice]).to eq 'To accept this invitation, create an account or sign in.'
+              end
             end
           end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-07-28 21:09:03 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-07-28 21:09:03 +0300
commit	b420660ef1369fec4d09b7bf5e961d81980974e5 (patch)
tree	f096fdd1bd3b4898e1b2ca80957ce68c200c09f0 /spec/controllers
parent	b8026fd558e7ec154c626208a33c1485aec8f4ea (diff)