diff options
author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-02-12 09:47:39 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-02-12 09:47:39 +0300 |
commit | 30cf916b263c187fe231acb6e622d21297092add (patch) | |
tree | b460dd5ddebdda957073fdc2c535738673faa82b /spec | |
parent | e71805db8a3c9c138c9835c288c22e6fa7607aeb (diff) | |
parent | b0dacc8eb06615cf5d0afb1fc8d799dd64325846 (diff) |
Merge branch 'api-edit-groups' into 'master'
Edit group members via API
Fixes #1840. Implement a new API endpoint to update the access level of an existing group member. Includes new tests and updated API docs.
cc @sytse @douwe
See merge request !1504
Diffstat (limited to 'spec')
-rw-r--r-- | spec/requests/api/group_members_spec.rb | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/spec/requests/api/group_members_spec.rb b/spec/requests/api/group_members_spec.rb index 4957186f605..43d26d67efe 100644 --- a/spec/requests/api/group_members_spec.rb +++ b/spec/requests/api/group_members_spec.rb @@ -104,6 +104,69 @@ describe API::API, api: true do end end + describe 'PUT /groups/:id/members/:user_id' do + context 'when not a member of the group' do + it 'should return a 409 error if the user is not a group member' do + put( + api("/groups/#{group_no_members.id}/members/#{developer.id}", + owner), access_level: GroupMember::MASTER + ) + expect(response.status).to eq(404) + end + end + + context 'when a member of the group' do + it 'should return ok and update member access level' do + put( + api("/groups/#{group_with_members.id}/members/#{reporter.id}", + owner), + access_level: GroupMember::MASTER + ) + + expect(response.status).to eq(200) + + get api("/groups/#{group_with_members.id}/members", owner) + json_reporter = json_response.find do |e| + e['id'] == reporter.id + end + + expect(json_reporter['access_level']).to eq(GroupMember::MASTER) + end + + it 'should not allow guest to modify group members' do + put( + api("/groups/#{group_with_members.id}/members/#{developer.id}", + guest), + access_level: GroupMember::MASTER + ) + + expect(response.status).to eq(403) + + get api("/groups/#{group_with_members.id}/members", owner) + json_developer = json_response.find do |e| + e['id'] == developer.id + end + + expect(json_developer['access_level']).to eq(GroupMember::DEVELOPER) + end + + it 'should return a 400 error when access level is not given' do + put( + api("/groups/#{group_with_members.id}/members/#{master.id}", owner) + ) + expect(response.status).to eq(400) + end + + it 'should return a 422 error when access level is not known' do + put( + api("/groups/#{group_with_members.id}/members/#{master.id}", owner), + access_level: 1234 + ) + expect(response.status).to eq(422) + end + end + end + describe "DELETE /groups/:id/members/:user_id" do context "when not a member of the group" do it "should not delete guest's membership of group_with_members" do |