diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:38:23 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:38:23 +0300 |
| commit | f6211f5842821e9fa6acc6881d0ec2c4e9d0ca92 (patch) | |
| tree | d029b03d6f079cf6e6e5bdd25fb4efcd22bafa00 /spec/requests | |
| parent | 3dbdaea3d971a2f5b59778c7d1e10d6c25874b89 (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/api/bulk_imports_spec.rb | 14 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 41 |
2 files changed, 47 insertions, 8 deletions
diff --git a/spec/requests/api/bulk_imports_spec.rb b/spec/requests/api/bulk_imports_spec.rb index b159d4ad445..fdbfbf052d0 100644 --- a/spec/requests/api/bulk_imports_spec.rb +++ b/spec/requests/api/bulk_imports_spec.rb @@ -248,6 +248,20 @@ RSpec.describe API::BulkImports, feature_category: :importers do end end + context 'when the destination_namespace is invalid' do + it 'returns invalid error' do + params[:entities][0][:destination_namespace] = 'dest?nation-namespace' + + request + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to include('entities[0][destination_namespace] must have a relative path ' \ + 'structure with no HTTP protocol characters, or leading or ' \ + 'trailing forward slashes. Path segments must not start or end ' \ + 'with a special character, and must not contain consecutive ' \ + 'special characters.') + end + end + context 'when the destination_slug is invalid' do it 'returns invalid error when restricting special characters is disabled' do Feature.disable(:restrict_special_characters_in_namespace_path) diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index bb96771b3d5..ad6b2962806 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -3212,16 +3212,41 @@ RSpec.describe API::Projects, :aggregate_failures, feature_category: :groups_and project_fork_target.add_maintainer(user) end - it 'allows project to be forked from an existing project' do - expect(project_fork_target).not_to be_forked + context 'and user is a reporter of target group' do + let_it_be_with_reload(:target_group) { create(:group, project_creation_level: ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS) } + let_it_be_with_reload(:project_fork_target) { create(:project, namespace: target_group) } - post api(path, user) - project_fork_target.reload + before do + target_group.add_reporter(user) + end - expect(response).to have_gitlab_http_status(:created) - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - expect(project_fork_target.fork_network_member).to be_present - expect(project_fork_target).to be_forked + it 'fails as target namespace is unauthorized' do + post api(path, user) + + expect(response).to have_gitlab_http_status(:unauthorized) + expect(json_response['message']).to eq "401 Unauthorized - Target Namespace" + end + end + + context 'and user is a developer of target group' do + let_it_be_with_reload(:target_group) { create(:group, project_creation_level: ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS) } + let_it_be_with_reload(:project_fork_target) { create(:project, namespace: target_group) } + + before do + target_group.add_developer(user) + end + + it 'allows project to be forked from an existing project' do + expect(project_fork_target).not_to be_forked + + post api(path, user) + project_fork_target.reload + + expect(response).to have_gitlab_http_status(:created) + expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) + expect(project_fork_target.fork_network_member).to be_present + expect(project_fork_target).to be_forked + end end it 'fails without permission from forked_from project' do |