Authorize read_build when listing pipeline jobs

author: Matija Čupić <matteeyah@gmail.com> 2018-12-14 18:42:04 +0300
committer: Matija Čupić <matteeyah@gmail.com> 2018-12-19 16:50:40 +0300
commit: a1c77f2d34d979016499e4fa15b49e67d5666d63 (patch)
tree: b7990dcb51030046e7f4dbf90ed93c6c0ed10571 /spec/requests/api/jobs_spec.rb
parent: c7ea28612a210811696dae50d6ca948c85566da2 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb
index 6deb842b0bc..97aa71bf231 100644
--- a/spec/requests/api/jobs_spec.rb
+++ b/spec/requests/api/jobs_spec.rb
@@ -251,10 +251,20 @@ describe API::Jobs do
     end
 
     context 'unauthorized user' do
-      let(:api_user) { nil }
+      context 'when user is not logged in' do
+        let(:api_user) { nil }
 
-      it 'does not return jobs' do
-        expect(response).to have_gitlab_http_status(401)
+        it 'does not return jobs' do
+          expect(response).to have_gitlab_http_status(401)
+        end
+      end
+
+      context 'when user is guest' do
+        let(:api_user) { guest }
+
+        it 'does not return jobs' do
+          expect(response).to have_gitlab_http_status(403)
+        end
       end
     end
   end
author	Matija Čupić <matteeyah@gmail.com>	2018-12-14 18:42:04 +0300
committer	Matija Čupić <matteeyah@gmail.com>	2018-12-19 16:50:40 +0300
commit	a1c77f2d34d979016499e4fa15b49e67d5666d63 (patch)
tree	b7990dcb51030046e7f4dbf90ed93c6c0ed10571 /spec/requests/api/jobs_spec.rb
parent	c7ea28612a210811696dae50d6ca948c85566da2 (diff)