diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-03-26 20:56:41 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-03-26 20:56:41 +0300 |
commit | e5121cd2a1ea1df276317fa68765e969a0b21eae (patch) | |
tree | 3b9732ce48aab909276c030b9a60d1c12cee2525 /spec/requests/api/triggers_spec.rb | |
parent | 4ee3ab616fc8b89b957b531294b67097941e49f6 (diff) | |
parent | 63745c932cc8bc81fc2b2d30e9a171e346f4b969 (diff) |
Merge remote-tracking branch 'dev/12-9-stable' into 12-9-stable
Diffstat (limited to 'spec/requests/api/triggers_spec.rb')
-rw-r--r-- | spec/requests/api/triggers_spec.rb | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/spec/requests/api/triggers_spec.rb b/spec/requests/api/triggers_spec.rb index bcc1c6bc4d4..19b01cb7913 100644 --- a/spec/requests/api/triggers_spec.rb +++ b/spec/requests/api/triggers_spec.rb @@ -238,24 +238,44 @@ describe API::Triggers do end describe 'PUT /projects/:id/triggers/:trigger_id' do - context 'authenticated user with valid permissions' do - let(:new_description) { 'new description' } + context 'user is maintainer of the project' do + context 'the trigger belongs to user' do + let(:new_description) { 'new description' } - it 'updates description' do - put api("/projects/#{project.id}/triggers/#{trigger.id}", user), - params: { description: new_description } + it 'updates description' do + put api("/projects/#{project.id}/triggers/#{trigger.id}", user), + params: { description: new_description } - expect(response).to have_gitlab_http_status(:ok) - expect(json_response).to include('description' => new_description) - expect(trigger.reload.description).to eq(new_description) + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to include('description' => new_description) + expect(trigger.reload.description).to eq(new_description) + end + end + + context 'the trigger does not belong to user' do + it 'does not update trigger' do + put api("/projects/#{project.id}/triggers/#{trigger2.id}", user) + + expect(response).to have_gitlab_http_status(:forbidden) + end end end - context 'authenticated user with invalid permissions' do - it 'does not update trigger' do - put api("/projects/#{project.id}/triggers/#{trigger.id}", user2) + context 'user is developer of the project' do + context 'the trigger belongs to user' do + it 'does not update trigger' do + put api("/projects/#{project.id}/triggers/#{trigger2.id}", user2) - expect(response).to have_gitlab_http_status(:forbidden) + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'the trigger does not belong to user' do + it 'does not update trigger' do + put api("/projects/#{project.id}/triggers/#{trigger.id}", user2) + + expect(response).to have_gitlab_http_status(:forbidden) + end end end |