diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:13:19 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:13:26 +0300 |
commit | c49ef67dc34ca5770ca16ce3df17786f82cfbcb2 (patch) | |
tree | a28b8cfc9e2e0425de24e654886e1ab3a28407fd /spec | |
parent | f36b8d30e5026d0d4c76ca8103e53f241cf71d7c (diff) |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/import/github_controller_spec.rb | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb index fdc0ddda9f4..bf56043a496 100644 --- a/spec/controllers/import/github_controller_spec.rb +++ b/spec/controllers/import/github_controller_spec.rb @@ -395,6 +395,12 @@ RSpec.describe Import::GithubController, feature_category: :importers do ) end + let(:user) { project.owner } + + before do + sign_in(user) + end + context 'when import is not finished' do it 'return bad_request' do get :failures, params: { project_id: project.id } @@ -434,6 +440,16 @@ RSpec.describe Import::GithubController, feature_category: :importers do expect(json_response.first['title']).to eq(issue_title) end end + + context 'when signed user is not the owner' do + let(:user) { create(:user) } + + it 'renders 404' do + get :failures, params: { project_id: project.id } + + expect(response).to have_gitlab_http_status(:not_found) + end + end end describe "POST cancel" do @@ -444,6 +460,12 @@ RSpec.describe Import::GithubController, feature_category: :importers do ) end + let(:user) { project.owner } + + before do + sign_in(user) + end + context 'when project import was canceled' do before do allow(Import::Github::CancelProjectImportService) @@ -476,6 +498,16 @@ RSpec.describe Import::GithubController, feature_category: :importers do expect(json_response['errors']).to eq('The import cannot be canceled because it is finished') end end + + context 'when signed user is not the owner' do + let(:user) { create(:user) } + + it 'renders 404' do + post :cancel, params: { project_id: project.id } + + expect(response).to have_gitlab_http_status(:not_found) + end + end end describe 'POST cancel_all' do |