diff options
author | Nick Thomas <nick@gitlab.com> | 2018-01-17 17:30:07 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-01-17 17:30:07 +0300 |
commit | 1a3bcc76ea14dda52447a517122117942914ecac (patch) | |
tree | 25ab2c54087e2ee098156f99462460bed39c35de /spec/requests/api/project_snippets_spec.rb | |
parent | f17d7a4beef61d0156865f1a9070fb53c8f05c99 (diff) |
Fix the user-agent detail API endpoint for project snippets
Diffstat (limited to 'spec/requests/api/project_snippets_spec.rb')
-rw-r--r-- | spec/requests/api/project_snippets_spec.rb | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb index e741ac4b7bd..4a2289ca137 100644 --- a/spec/requests/api/project_snippets_spec.rb +++ b/spec/requests/api/project_snippets_spec.rb @@ -1,9 +1,9 @@ require 'rails_helper' describe API::ProjectSnippets do - let(:project) { create(:project, :public) } - let(:user) { create(:user) } - let(:admin) { create(:admin) } + set(:project) { create(:project, :public) } + set(:user) { create(:user) } + set(:admin) { create(:admin) } describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do let(:snippet) { create(:project_snippet, :public, project: project) } @@ -18,6 +18,13 @@ describe API::ProjectSnippets do expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted) end + it 'respects project scoping' do + other_project = create(:project) + + get api("/projects/#{other_project.id}/snippets/#{snippet.id}/user_agent_detail", admin) + expect(response).to have_gitlab_http_status(404) + end + it "returns unautorized for non-admin users" do get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user) |