diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 15:09:17 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 15:09:17 +0300 |
commit | cd52759ee33051b8ad7b88b02ba7954e4fad7018 (patch) | |
tree | f1096c68e457aef7f5201acd16e4a751ff538026 /spec/requests | |
parent | 18f7828977b74bf6e5153594a098ef90e773b3b7 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/deploy_tokens_spec.rb | 71 | ||||
-rw-r--r-- | spec/requests/api/releases_spec.rb | 25 | ||||
-rw-r--r-- | spec/requests/api/users_spec.rb | 24 |
3 files changed, 83 insertions, 37 deletions
diff --git a/spec/requests/api/deploy_tokens_spec.rb b/spec/requests/api/deploy_tokens_spec.rb index fa46b8017cb..fa20635056f 100644 --- a/spec/requests/api/deploy_tokens_spec.rb +++ b/spec/requests/api/deploy_tokens_spec.rb @@ -148,21 +148,21 @@ describe API::DeployTokens do end end - describe 'DELETE /groups/:id/deploy_tokens/:token_id' do + describe 'DELETE /projects/:id/deploy_tokens/:token_id' do subject do - delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user) + delete api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user) response end context 'when unauthenticated' do let(:user) { nil } - it { is_expected.to have_gitlab_http_status(:forbidden) } + it { is_expected.to have_gitlab_http_status(:not_found) } end context 'when authenticated as non-admin user' do before do - group.add_developer(user) + project.add_developer(user) end it { is_expected.to have_gitlab_http_status(:forbidden) } @@ -170,26 +170,26 @@ describe API::DeployTokens do context 'when authenticated as maintainer' do before do - group.add_maintainer(user) + project.add_maintainer(user) end - it 'deletes the deploy token' do - expect { subject }.to change { group.deploy_tokens.count }.by(-1) + it { is_expected.to have_gitlab_http_status(:no_content) } - expect(group.deploy_tokens).to be_empty + it 'deletes the deploy token' do + expect { subject }.to change { project.deploy_tokens.count }.by(-1) end context 'invalid request' do it 'returns not found with invalid group id' do - delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user) + delete api("/projects/bad_id/deploy_tokens/#{group_deploy_token.id}", user) expect(response).to have_gitlab_http_status(:not_found) end - it 'returns not found with invalid deploy token id' do - delete api("/groups/#{group.id}/deploy_tokens/bad_id", user) + it 'returns bad_request with invalid token id' do + delete api("/projects/#{project.id}/deploy_tokens/123abc", user) - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:bad_request) end end end @@ -262,4 +262,51 @@ describe API::DeployTokens do it_behaves_like 'creating a deploy token', :group, :forbidden end end + + describe 'DELETE /groups/:id/deploy_tokens/:token_id' do + subject do + delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user) + response + end + + context 'when unauthenticated' do + let(:user) { nil } + + it { is_expected.to have_gitlab_http_status(:forbidden) } + end + + context 'when authenticated as non-admin user' do + before do + group.add_developer(user) + end + + it { is_expected.to have_gitlab_http_status(:forbidden) } + end + + context 'when authenticated as maintainer' do + before do + group.add_maintainer(user) + end + + it 'deletes the deploy token' do + expect { subject }.to change { group.deploy_tokens.count }.by(-1) + + expect(group.deploy_tokens).to be_empty + end + + context 'invalid request' do + it 'returns bad request with invalid group id' do + delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user) + + expect(response).to have_gitlab_http_status(:not_found) + end + + it 'returns not found with invalid deploy token id' do + delete api("/groups/#{group.id}/deploy_tokens/bad_id", user) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + end end diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb index 5de8d5aa3ff..4eb6e87c254 100644 --- a/spec/requests/api/releases_spec.rb +++ b/spec/requests/api/releases_spec.rb @@ -233,31 +233,6 @@ describe API::Releases do .to match_array(release.sources.map(&:url)) end - context "when release description contains confidential issue's link" do - let(:confidential_issue) do - create(:issue, - :confidential, - project: project, - title: 'A vulnerability') - end - - let!(:release) do - create(:release, - project: project, - tag: 'v0.1', - sha: commit.id, - author: maintainer, - description: "This is confidential #{confidential_issue.to_reference}") - end - - it "does not expose confidential issue's title" do - get api("/projects/#{project.id}/releases/v0.1", maintainer) - - expect(json_response['description_html']).to include(confidential_issue.to_reference) - expect(json_response['description_html']).not_to include('A vulnerability') - end - end - context 'when release has link asset' do let!(:link) do create(:release_link, diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 4a89069cbec..7d63a031666 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -330,6 +330,14 @@ describe API::Users, :do_not_mock_admin_mode do expect(json_response.keys).not_to include 'last_sign_in_ip' end + it "does not contain plan or trial data" do + get api("/users/#{user.id}", user) + + expect(response).to match_response_schema('public_api/v4/user/basic') + expect(json_response.keys).not_to include 'plan' + expect(json_response.keys).not_to include 'trial' + end + context 'when job title is present' do let(:job_title) { 'Fullstack Engineer' } @@ -367,6 +375,22 @@ describe API::Users, :do_not_mock_admin_mode do expect(json_response['highest_role']).to be(0) end + if Gitlab.ee? + it 'does not include values for plan or trial' do + get api("/users/#{user.id}", admin) + + expect(response).to match_response_schema('public_api/v4/user/basic') + end + else + it 'does not include plan or trial data' do + get api("/users/#{user.id}", admin) + + expect(response).to match_response_schema('public_api/v4/user/basic') + expect(json_response.keys).not_to include 'plan' + expect(json_response.keys).not_to include 'trial' + end + end + context 'when user has not logged in' do it 'does not include the sign in IPs' do get api("/users/#{user.id}", admin) |