Add latest changes from gitlab-org/gitlab@master

1 files changed, 94 insertions, 0 deletions

diff --git a/spec/requests/api/metadata_spec.rb b/spec/requests/api/metadata_spec.rb
new file mode 100644
index 00000000000..dbca06b7f3e
--- /dev/null
+++ b/spec/requests/api/metadata_spec.rb
@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::Metadata do
+  shared_examples_for 'GET /metadata' do
+    context 'when unauthenticated' do
+      it 'returns authentication error' do
+        get api('/metadata')
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+
+    context 'when authenticated as user' do
+      let(:user) { create(:user) }
+
+      it 'returns the metadata information' do
+        get api('/metadata', user)
+
+        expect_metadata
+      end
+    end
+
+    context 'when authenticated with token' do
+      let(:personal_access_token) { create(:personal_access_token, scopes: scopes) }
+
+      context 'with api scope' do
+        let(:scopes) { %i(api) }
+
+        it 'returns the metadata information' do
+          get api('/metadata', personal_access_token: personal_access_token)
+
+          expect_metadata
+        end
+
+        it 'returns "200" response on head requests' do
+          head api('/metadata', personal_access_token: personal_access_token)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'with read_user scope' do
+        let(:scopes) { %i(read_user) }
+
+        it 'returns the metadata information' do
+          get api('/metadata', personal_access_token: personal_access_token)
+
+          expect_metadata
+        end
+
+        it 'returns "200" response on head requests' do
+          head api('/metadata', personal_access_token: personal_access_token)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'with neither api nor read_user scope' do
+        let(:scopes) { %i(read_repository) }
+
+        it 'returns authorization error' do
+          get api('/metadata', personal_access_token: personal_access_token)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end
+      end
+    end
+
+    def expect_metadata
+      aggregate_failures("testing response") do
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to match_response_schema('public_api/v4/metadata')
+      end
+    end
+  end
+
+  context 'with graphql enabled' do
+    before do
+      stub_feature_flags(graphql: true)
+    end
+
+    include_examples 'GET /metadata'
+  end
+
+  context 'with graphql disabled' do
+    before do
+      stub_feature_flags(graphql: false)
+    end
+
+    include_examples 'GET /metadata'
+  end
+end