diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:40:02 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:40:02 +0300 |
| commit | 2be5e2c1605042dbe8974310b45174d855ded65d (patch) | |
| tree | 0497afb2253d8faa75250f4001ffc5b02d48c343 /spec | |
| parent | 06058749033e635496dff24911de369a15648379 (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/lib/api/entities/project_import_status_spec.rb | 38 | ||||
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 11 |
2 files changed, 41 insertions, 8 deletions
diff --git a/spec/lib/api/entities/project_import_status_spec.rb b/spec/lib/api/entities/project_import_status_spec.rb index 37a18718950..5d7f06dc78e 100644 --- a/spec/lib/api/entities/project_import_status_spec.rb +++ b/spec/lib/api/entities/project_import_status_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do +RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures, feature_category: :importers do describe '#as_json' do subject { entity.as_json } @@ -67,14 +67,36 @@ RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do context 'when import has failed' do let(:project) { create(:project, :import_failed, import_type: 'import_type', import_correlation_id: correlation_id, import_last_error: 'error') } - let(:entity) { described_class.new(project) } + let(:current_user) { create(:user) } + let(:options) { { current_user: current_user } } + let(:entity) { described_class.new(project, options) } + + context 'when user has access to read import status' do + before do + project.add_maintainer(current_user) + end + + it 'includes basic fields with import error' do + expect(subject[:import_status]).to eq('failed') + expect(subject[:import_type]).to eq('import_type') + expect(subject[:correlation_id]).to eq(correlation_id) + expect(subject[:import_error]).to eq('error') + expect(subject[:failed_relations]).to eq([]) + end + end - it 'includes basic fields with import error' do - expect(subject[:import_status]).to eq('failed') - expect(subject[:import_type]).to eq('import_type') - expect(subject[:correlation_id]).to eq(correlation_id) - expect(subject[:import_error]).to eq('error') - expect(subject[:failed_relations]).to eq([]) + context 'when user does not have access to read import status' do + before do + project.add_reporter(current_user) + end + + it 'includes basic fields with import error' do + expect(subject[:import_status]).to eq('failed') + expect(subject[:import_type]).to eq('import_type') + expect(subject[:correlation_id]).to eq(correlation_id) + expect(subject[:import_error]).to eq('Ask a maintainer to check the import status for more details.') + expect(subject[:failed_relations]).to eq([]) + end end end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index ee8d811971a..210c1df5ca3 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -578,6 +578,11 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do expect(described_class.new(maintainer, project)).to be_allowed(:admin_incident_management_timeline_event_tag) expect(described_class.new(owner, project)).to be_allowed(:admin_incident_management_timeline_event_tag) end + + it 'allows to read import error' do + expect(described_class.new(maintainer, project)).to be_allowed(:read_import_error) + expect(described_class.new(owner, project)).to be_allowed(:read_import_error) + end end context 'when user is a developer/guest/reporter' do @@ -586,6 +591,12 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do expect(described_class.new(guest, project)).to be_disallowed(:admin_incident_management_timeline_event_tag) expect(described_class.new(reporter, project)).to be_disallowed(:admin_incident_management_timeline_event_tag) end + + it 'disallows reading the import error' do + expect(described_class.new(developer, project)).to be_disallowed(:read_import_error) + expect(described_class.new(guest, project)).to be_disallowed(:read_import_error) + expect(described_class.new(reporter, project)).to be_disallowed(:read_import_error) + end end context 'when user is not a member of the project' do |