diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 17:14:01 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 17:14:01 +0300 |
| commit | a5baa12bfff6c41f6c9cf156edcf8e621f71848e (patch) | |
| tree | 1a7f51da1300bca04a1bd070f12e66bc4955c832 /spec/requests/api | |
| parent | bb51b8a098aa17b226d1e7941218512f8c835e08 (diff) | |
Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee
Diffstat (limited to 'spec/requests/api')
| -rw-r--r-- | spec/requests/api/labels_spec.rb | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/spec/requests/api/labels_spec.rb b/spec/requests/api/labels_spec.rb index 48f2c45bd98..c1217292d5c 100644 --- a/spec/requests/api/labels_spec.rb +++ b/spec/requests/api/labels_spec.rb @@ -483,6 +483,29 @@ RSpec.describe API::Labels do let(:request) { api("/projects/#{project.id}/labels", user) } let(:params) { { name: valid_label_title_1 } } end + + context 'with group label' do + let_it_be(:group) { create(:group) } + let_it_be(:group_label) { create(:group_label, title: valid_group_label_title_1, group: group) } + + before do + project.update!(group: group) + end + + it 'returns 401 if user does not have access' do + delete api("/projects/#{project.id}/labels/#{group_label.id}", user) + + expect(response).to have_gitlab_http_status(:forbidden) + end + + it 'returns 204 if user has access' do + group.add_developer(user) + + delete api("/projects/#{project.id}/labels/#{group_label.id}", user) + + expect(response).to have_gitlab_http_status(:no_content) + end + end end describe 'PUT /projects/:id/labels' do @@ -537,6 +560,44 @@ RSpec.describe API::Labels do expect(response).to have_gitlab_http_status(:bad_request) end + + context 'with group label' do + let_it_be(:group) { create(:group) } + let_it_be(:group_label) { create(:group_label, title: valid_group_label_title_1, group: group) } + + before do + project.update!(group: group) + end + + it 'allows updating of group label priority' do + put api("/projects/#{project.id}/labels/#{group_label.id}", user), params: { priority: 5 } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['priority']).to eq(5) + end + + it 'returns 401 when updating other fields' do + put api("/projects/#{project.id}/labels/#{group_label.id}", user), params: { + priority: 5, + new_name: 'new label name' + } + + expect(response).to have_gitlab_http_status(:forbidden) + end + + it 'returns 200 when user has access to the group label' do + group.add_developer(user) + + put api("/projects/#{project.id}/labels/#{group_label.id}", user), params: { + priority: 5, + new_name: 'new label name' + } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['priority']).to eq(5) + expect(json_response['name']).to eq('new label name') + end + end end describe 'PUT /projects/:id/labels/promote' do |