diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-06 20:58:53 +0300 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-11 11:51:17 +0300 |
commit | 71ccfde322b633e9245bee6acba1e64cb7640f19 (patch) | |
tree | e81b9d66257711bd9a3dd31d70d623b1a1927502 /spec | |
parent | 083b0a9b034a0e4004c012444f1a8811bd96ed29 (diff) |
Correct permissions for creating merge requests from issues
This could only be possible for users that can create merge requests
within a project.
So they need to be a allowed to create a branch and create a merge request.
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/projects/issues_controller_spec.rb | 18 | ||||
-rw-r--r-- | spec/requests/api/merge_requests_spec.rb | 4 | ||||
-rw-r--r-- | spec/requests/api/v3/merge_requests_spec.rb | 4 |
3 files changed, 21 insertions, 5 deletions
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 01b5506b64b..6c6b1e4a500 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -938,7 +938,7 @@ describe Projects::IssuesController do end describe 'POST create_merge_request' do - let(:project) { create(:project, :repository) } + let(:project) { create(:project, :repository, :public) } before do project.add_developer(user) @@ -955,6 +955,22 @@ describe Projects::IssuesController do expect(response).to match_response_schema('merge_request') end + it 'is not available when the project is archived' do + project.update(archived: true) + + create_merge_request + + expect(response).to have_gitlab_http_status(404) + end + + it 'is not available for users who cannot create merge requests' do + sign_in(create(:user)) + + create_merge_request + + expect(response).to have_gitlab_http_status(404) + end + def create_merge_request post :create_merge_request, namespace_id: project.namespace.to_param, project_id: project.to_param, diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb index 3764aec0c71..f64623d7018 100644 --- a/spec/requests/api/merge_requests_spec.rb +++ b/spec/requests/api/merge_requests_spec.rb @@ -861,7 +861,7 @@ describe API::MergeRequests do expect(json_response['title']).to eq('Test merge_request') end - it 'returns 422 when target project has disabled merge requests' do + it 'returns 403 when target project has disabled merge requests' do project.project_feature.update(merge_requests_access_level: 0) post api("/projects/#{forked_project.id}/merge_requests", user2), @@ -871,7 +871,7 @@ describe API::MergeRequests do author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(422) + expect(response).to have_gitlab_http_status(403) end it "returns 400 when source_branch is missing" do diff --git a/spec/requests/api/v3/merge_requests_spec.rb b/spec/requests/api/v3/merge_requests_spec.rb index 6b748369f0d..be70cb24dce 100644 --- a/spec/requests/api/v3/merge_requests_spec.rb +++ b/spec/requests/api/v3/merge_requests_spec.rb @@ -340,7 +340,7 @@ describe API::MergeRequests do expect(json_response['title']).to eq('Test merge_request') end - it "returns 422 when target project has disabled merge requests" do + it "returns 403 when target project has disabled merge requests" do project.project_feature.update(merge_requests_access_level: 0) post v3_api("/projects/#{forked_project.id}/merge_requests", user2), @@ -350,7 +350,7 @@ describe API::MergeRequests do author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(422) + expect(response).to have_gitlab_http_status(403) end it "returns 400 when source_branch is missing" do |