diff options
Diffstat (limited to 'spec/controllers/oauth/authorizations_controller_spec.rb')
-rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index fb90a70d91d..5185aa64d9f 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -213,6 +213,75 @@ RSpec.describe Oauth::AuthorizationsController do expect(response).to redirect_to(new_user_session_path) end end + + context 'when the user is admin' do + context 'when disable_admin_oauth_scopes is set' do + before do + stub_application_setting(disable_admin_oauth_scopes: true) + scopes = Doorkeeper::OAuth::Scopes.from_string('api') + + allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes) + end + + let(:user) { create(:user, :admin) } + + it 'returns 200 and renders forbidden view' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/forbidden') + end + end + + context 'when disable_admin_oauth_scopes is set and the application is trusted' do + before do + stub_application_setting(disable_admin_oauth_scopes: true) + + application.update!(trusted: true) + end + + let(:application_scopes) { 'api' } + let(:user) { create(:user, :admin) } + + it 'returns 200 and renders redirect view' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/redirect') + end + end + + context 'when disable_admin_oauth_scopes is disabled' do + before do + stub_application_setting(disable_admin_oauth_scopes: false) + end + + let(:application_scopes) { 'api' } + let(:user) { create(:user, :admin) } + + it 'returns 200 and renders new view' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/new') + end + end + end + + context 'when the user is not admin' do + context 'when disable_admin_oauth_scopes is enabled' do + before do + stub_application_setting(disable_admin_oauth_scopes: true) + end + + it 'returns 200 and renders new view' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/new') + end + end + end end describe 'POST #create' do |