diff options
author | Sean McGivern <sean@mcgivern.me.uk> | 2018-04-05 20:06:05 +0300 |
---|---|---|
committer | Sean McGivern <sean@mcgivern.me.uk> | 2018-04-05 20:06:05 +0300 |
commit | f103475766fecc6e6fdf996e9cfaaa41e795962f (patch) | |
tree | 01143342ee8aa80a6d0c238854cc229d8cd2a1fb /spec | |
parent | 9685ab323ef9c3138734de6df456afcc9bd7463e (diff) | |
parent | 07f516d167b935acce6289a656872bad9a88b0ac (diff) |
Merge branch 'osw-44295-adjust-authorization-for-discussions-show' into 'master'
Adjust 404's for LegacyDiffNote discussion rendering
Closes #44295
See merge request gitlab-org/gitlab-ce!18201
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/projects/discussions_controller_spec.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/spec/controllers/projects/discussions_controller_spec.rb b/spec/controllers/projects/discussions_controller_spec.rb index fcb0c2f28c8..53647749a60 100644 --- a/spec/controllers/projects/discussions_controller_spec.rb +++ b/spec/controllers/projects/discussions_controller_spec.rb @@ -16,6 +16,53 @@ describe Projects::DiscussionsController do } end + describe 'GET show' do + before do + sign_in user + end + + context 'when user is not authorized to read the MR' do + it 'returns 404' do + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(404) + end + end + + context 'when user is authorized to read the MR' do + before do + project.add_reporter(user) + end + + it 'returns status 200' do + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(200) + end + + it 'returns status 404 if MR does not exists' do + merge_request.destroy! + + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(404) + end + end + + context 'when user is authorized but note is LegacyDiffNote' do + before do + project.add_developer(user) + note.update!(type: 'LegacyDiffNote') + end + + it 'returns status 200' do + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(200) + end + end + end + describe 'POST resolve' do before do sign_in user |