diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
| commit | 1fb0bae24e6686b3571fc1c44cbf239d8563e0d7 (patch) | |
| tree | f2023d9164543389c3eee436de750d8a49c3a535 /spec/requests | |
| parent | 2fa10931183f6d699f77575f084770b1e4b5470d (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 41 |
1 files changed, 33 insertions, 8 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 26132215404..601e8cb3081 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -3311,16 +3311,41 @@ RSpec.describe API::Projects, :aggregate_failures, feature_category: :groups_and project_fork_target.add_maintainer(user) end - it 'allows project to be forked from an existing project' do - expect(project_fork_target).not_to be_forked + context 'and user is a reporter of target group' do + let_it_be_with_reload(:target_group) { create(:group, project_creation_level: ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS) } + let_it_be_with_reload(:project_fork_target) { create(:project, namespace: target_group) } - post api(path, user) - project_fork_target.reload + before do + target_group.add_reporter(user) + end - expect(response).to have_gitlab_http_status(:created) - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - expect(project_fork_target.fork_network_member).to be_present - expect(project_fork_target).to be_forked + it 'fails as target namespace is unauthorized' do + post api(path, user) + + expect(response).to have_gitlab_http_status(:unauthorized) + expect(json_response['message']).to eq "401 Unauthorized - Target Namespace" + end + end + + context 'and user is a developer of target group' do + let_it_be_with_reload(:target_group) { create(:group, project_creation_level: ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS) } + let_it_be_with_reload(:project_fork_target) { create(:project, namespace: target_group) } + + before do + target_group.add_developer(user) + end + + it 'allows project to be forked from an existing project' do + expect(project_fork_target).not_to be_forked + + post api(path, user) + project_fork_target.reload + + expect(response).to have_gitlab_http_status(:created) + expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) + expect(project_fork_target.fork_network_member).to be_present + expect(project_fork_target).to be_forked + end end it 'fails without permission from forked_from project' do |