Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/controllers/projects/group_links_controller_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers/projects/group_links_controller_spec.rb')
-rw-r--r--spec/controllers/projects/group_links_controller_spec.rb44
1 files changed, 42 insertions, 2 deletions
diff --git a/spec/controllers/projects/group_links_controller_spec.rb b/spec/controllers/projects/group_links_controller_spec.rb
index 4510e9e646e..e7a08c55a70 100644
--- a/spec/controllers/projects/group_links_controller_spec.rb
+++ b/spec/controllers/projects/group_links_controller_spec.rb
@@ -76,6 +76,17 @@ RSpec.describe Projects::GroupLinksController, feature_category: :system_access
expect(response).to have_gitlab_http_status(:not_found)
expect(json_response['message']).to eq('404 Not Found')
end
+
+ context 'when MAINTAINER tries to update the link to OWNER access' do
+ let(:group_access) { Gitlab::Access::OWNER }
+
+ it 'returns 403' do
+ update_link
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ expect(json_response['message']).to eq('Forbidden')
+ end
+ end
end
describe '#destroy' do
@@ -167,12 +178,41 @@ RSpec.describe Projects::GroupLinksController, feature_category: :system_access
sign_in(user)
end
- it 'renders 404' do
- destroy_link
+ it 'returns 404' do
+ expect { destroy_link }.to not_change { project.reload.project_group_links.count }
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
+
+ context 'when the user is a project maintainer' do
+ before do
+ project.add_maintainer(user)
+ sign_in(user)
+ end
+
+ context 'when they try to destroy a link with OWNER access level' do
+ let(:group_access) { Gitlab::Access::OWNER }
+
+ it 'does not destroy the link' do
+ expect { destroy_link }.to not_change { project.reload.project_group_links.count }
+
+ expect(response).to redirect_to(project_project_members_path(project, tab: :groups))
+ expect(flash[:alert]).to include('The project-group link could not be removed.')
+ end
+
+ context 'when format is js' do
+ let(:format) { :js }
+
+ it 'returns 403' do
+ expect { destroy_link }.to not_change { project.reload.project_group_links.count }
+
+ expect(json_response).to eq({ "message" => "Forbidden" })
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 00:47:16 +0300