diff options
author | Matija Čupić <matteeyah@gmail.com> | 2018-12-14 18:42:04 +0300 |
---|---|---|
committer | Matija Čupić <matteeyah@gmail.com> | 2018-12-19 16:50:40 +0300 |
commit | a1c77f2d34d979016499e4fa15b49e67d5666d63 (patch) | |
tree | b7990dcb51030046e7f4dbf90ed93c6c0ed10571 /spec/requests/api/jobs_spec.rb | |
parent | c7ea28612a210811696dae50d6ca948c85566da2 (diff) |
Authorize read_build when listing pipeline jobs
Diffstat (limited to 'spec/requests/api/jobs_spec.rb')
-rw-r--r-- | spec/requests/api/jobs_spec.rb | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb index 6deb842b0bc..97aa71bf231 100644 --- a/spec/requests/api/jobs_spec.rb +++ b/spec/requests/api/jobs_spec.rb @@ -251,10 +251,20 @@ describe API::Jobs do end context 'unauthorized user' do - let(:api_user) { nil } + context 'when user is not logged in' do + let(:api_user) { nil } - it 'does not return jobs' do - expect(response).to have_gitlab_http_status(401) + it 'does not return jobs' do + expect(response).to have_gitlab_http_status(401) + end + end + + context 'when user is guest' do + let(:api_user) { guest } + + it 'does not return jobs' do + expect(response).to have_gitlab_http_status(403) + end end end end |