Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-12 15:09:17 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-12 15:09:17 +0300
commit: cd52759ee33051b8ad7b88b02ba7954e4fad7018 (patch)
tree: f1096c68e457aef7f5201acd16e4a751ff538026 /spec/requests
parent: 18f7828977b74bf6e5153594a098ef90e773b3b7 (diff)
3 files changed, 83 insertions, 37 deletions
diff --git a/spec/requests/api/deploy_tokens_spec.rb b/spec/requests/api/deploy_tokens_spec.rb
index fa46b8017cb..fa20635056f 100644
--- a/spec/requests/api/deploy_tokens_spec.rb
+++ b/spec/requests/api/deploy_tokens_spec.rb
@@ -148,21 +148,21 @@ describe API::DeployTokens do
     end
   end
 
-  describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
+  describe 'DELETE /projects/:id/deploy_tokens/:token_id' do
     subject do
-      delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
+      delete api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user)
       response
     end
 
     context 'when unauthenticated' do
       let(:user) { nil }
 
-      it { is_expected.to have_gitlab_http_status(:forbidden) }
+      it { is_expected.to have_gitlab_http_status(:not_found) }
     end
 
     context 'when authenticated as non-admin user' do
       before do
-        group.add_developer(user)
+        project.add_developer(user)
       end
 
       it { is_expected.to have_gitlab_http_status(:forbidden) }
@@ -170,26 +170,26 @@ describe API::DeployTokens do
 
     context 'when authenticated as maintainer' do
       before do
-        group.add_maintainer(user)
+        project.add_maintainer(user)
       end
 
-      it 'deletes the deploy token' do
-        expect { subject }.to change { group.deploy_tokens.count }.by(-1)
+      it { is_expected.to have_gitlab_http_status(:no_content) }
 
-        expect(group.deploy_tokens).to be_empty
+      it 'deletes the deploy token' do
+        expect { subject }.to change { project.deploy_tokens.count }.by(-1)
       end
 
       context 'invalid request' do
         it 'returns not found with invalid group id' do
-          delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
+          delete api("/projects/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
 
           expect(response).to have_gitlab_http_status(:not_found)
         end
 
-        it 'returns not found with invalid deploy token id' do
-          delete api("/groups/#{group.id}/deploy_tokens/bad_id", user)
+        it 'returns bad_request with invalid token id' do
+          delete api("/projects/#{project.id}/deploy_tokens/123abc", user)
 
-          expect(response).to have_gitlab_http_status(:not_found)
+          expect(response).to have_gitlab_http_status(:bad_request)
         end
       end
     end
@@ -262,4 +262,51 @@ describe API::DeployTokens do
       it_behaves_like 'creating a deploy token', :group, :forbidden
     end
   end
+
+  describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
+    subject do
+      delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
+      response
+    end
+
+    context 'when unauthenticated' do
+      let(:user) { nil }
+
+      it { is_expected.to have_gitlab_http_status(:forbidden) }
+    end
+
+    context 'when authenticated as non-admin user' do
+      before do
+        group.add_developer(user)
+      end
+
+      it { is_expected.to have_gitlab_http_status(:forbidden) }
+    end
+
+    context 'when authenticated as maintainer' do
+      before do
+        group.add_maintainer(user)
+      end
+
+      it 'deletes the deploy token' do
+        expect { subject }.to change { group.deploy_tokens.count }.by(-1)
+
+        expect(group.deploy_tokens).to be_empty
+      end
+
+      context 'invalid request' do
+        it 'returns bad request with invalid group id' do
+          delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+
+        it 'returns not found with invalid deploy token id' do
+          delete api("/groups/#{group.id}/deploy_tokens/bad_id", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
 end
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index 5de8d5aa3ff..4eb6e87c254 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -233,31 +233,6 @@ describe API::Releases do
           .to match_array(release.sources.map(&:url))
       end
 
-      context "when release description contains confidential issue's link" do
-        let(:confidential_issue) do
-          create(:issue,
-                 :confidential,
-                 project: project,
-                 title: 'A vulnerability')
-        end
-
-        let!(:release) do
-          create(:release,
-                 project: project,
-                 tag: 'v0.1',
-                 sha: commit.id,
-                 author: maintainer,
-                 description: "This is confidential #{confidential_issue.to_reference}")
-        end
-
-        it "does not expose confidential issue's title" do
-          get api("/projects/#{project.id}/releases/v0.1", maintainer)
-
-          expect(json_response['description_html']).to include(confidential_issue.to_reference)
-          expect(json_response['description_html']).not_to include('A vulnerability')
-        end
-      end
-
       context 'when release has link asset' do
         let!(:link) do
           create(:release_link,
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 4a89069cbec..7d63a031666 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -330,6 +330,14 @@ describe API::Users, :do_not_mock_admin_mode do
       expect(json_response.keys).not_to include 'last_sign_in_ip'
     end
 
+    it "does not contain plan or trial data" do
+      get api("/users/#{user.id}", user)
+
+      expect(response).to match_response_schema('public_api/v4/user/basic')
+      expect(json_response.keys).not_to include 'plan'
+      expect(json_response.keys).not_to include 'trial'
+    end
+
     context 'when job title is present' do
       let(:job_title) { 'Fullstack Engineer' }
 
@@ -367,6 +375,22 @@ describe API::Users, :do_not_mock_admin_mode do
         expect(json_response['highest_role']).to be(0)
       end
 
+      if Gitlab.ee?
+        it 'does not include values for plan or trial' do
+          get api("/users/#{user.id}", admin)
+
+          expect(response).to match_response_schema('public_api/v4/user/basic')
+        end
+      else
+        it 'does not include plan or trial data' do
+          get api("/users/#{user.id}", admin)
+
+          expect(response).to match_response_schema('public_api/v4/user/basic')
+          expect(json_response.keys).not_to include 'plan'
+          expect(json_response.keys).not_to include 'trial'
+        end
+      end
+
       context 'when user has not logged in' do
         it 'does not include the sign in IPs' do
           get api("/users/#{user.id}", admin)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-12 15:09:17 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-12 15:09:17 +0300
commit	cd52759ee33051b8ad7b88b02ba7954e4fad7018 (patch)
tree	f1096c68e457aef7f5201acd16e4a751ff538026 /spec/requests
parent	18f7828977b74bf6e5153594a098ef90e773b3b7 (diff)