diff options
Diffstat (limited to 'spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb index 3f0318c3973..8903592ba15 100644 --- a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb +++ b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb @@ -54,6 +54,32 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end end + shared_examples 'project-level value stream analytics with guest user' do + let_it_be(:guest) { create(:user) } + + before do + project.add_guest(guest) + sign_out(user) + sign_in(guest) + end + + %w[code review].each do |id| + it "disallows stage #{id}" do + get action, params: params.merge(id: id) + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + %w[issue plan test staging].each do |id| + it "allows stage #{id}" do + get action, params: params.merge(id: id) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + describe 'GET index' do let(:action) { :index } @@ -78,6 +104,20 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it 'only returns authorized stages' do + guest = create(:user) + sign_out(user) + sign_in(guest) + project.add_guest(guest) + + get action, params: params + + expect(response).to have_gitlab_http_status(:ok) + + expect(json_response['stages'].map { |stage| stage['title'] }) + .to contain_exactly('Issue', 'Plan', 'Test', 'Staging') + end end describe 'GET median' do @@ -102,6 +142,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET average' do @@ -126,6 +168,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET count' do @@ -150,6 +194,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET records' do @@ -174,5 +220,7 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end end |