diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 21:36:52 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 21:36:52 +0300 |
commit | b50ad884608668c5db50eb1b0287f613e32aef25 (patch) | |
tree | 0e2fd877999ae2d3ab1e83b62a4d69ad4ab2e9ea /spec/requests | |
parent | 03340f0987ac61ef4c884d4730e2fd3cbff113c5 (diff) | |
parent | 211c4e5985bf40afe7cf2391c76a6cfde153fb49 (diff) |
Merge branch '2802-security-add-public-internal-groups-as-members-to-your-project-idor' into 'master'
Add public/internal groups as members to your Project(IDOR)
See merge request gitlab/gitlabhq!2898
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/projects_spec.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 856fe1bbe89..dc1c9d8c169 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1510,6 +1510,9 @@ describe API::Projects do describe "POST /projects/:id/share" do let(:group) { create(:group) } + before do + group.add_developer(user) + end it "shares project with group" do expires_at = 10.days.from_now.to_date @@ -1560,6 +1563,15 @@ describe API::Projects do expect(response).to have_gitlab_http_status(400) expect(json_response['error']).to eq 'group_access does not have a valid value' end + + it "returns a 409 error when link is not saved" do + allow(::Projects::GroupLinks::CreateService).to receive_message_chain(:new, :execute) + .and_return({ status: :error, http_status: 409, message: 'error' }) + + post api("/projects/#{project.id}/share", user), params: { group_id: group.id, group_access: Gitlab::Access::DEVELOPER } + + expect(response).to have_gitlab_http_status(409) + end end describe 'DELETE /projects/:id/share/:group_id' do |