diff options
Diffstat (limited to 'spec/controllers')
27 files changed, 593 insertions, 544 deletions
diff --git a/spec/controllers/admin/dev_ops_report_controller_spec.rb b/spec/controllers/admin/dev_ops_report_controller_spec.rb index 49e6c0f69bd..5d7a7e089aa 100644 --- a/spec/controllers/admin/dev_ops_report_controller_spec.rb +++ b/spec/controllers/admin/dev_ops_report_controller_spec.rb @@ -28,6 +28,17 @@ RSpec.describe Admin::DevOpsReportController do let(:request_params) { { tab: 'devops-score' } } end + + it_behaves_like 'Snowplow event tracking' do + subject { get :show, format: :html } + + let(:feature_flag_name) { :route_hll_to_snowplow_phase2 } + let(:category) { described_class.name } + let(:action) { 'perform_analytics_usage_action' } + let(:label) { 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly' } + let(:property) { 'i_analytics_dev_ops_score' } + let(:namespace) { nil } + end end end diff --git a/spec/controllers/admin/identities_controller_spec.rb b/spec/controllers/admin/identities_controller_spec.rb index 6ac5ce13884..e32191e04e7 100644 --- a/spec/controllers/admin/identities_controller_spec.rb +++ b/spec/controllers/admin/identities_controller_spec.rb @@ -9,6 +9,30 @@ RSpec.describe Admin::IdentitiesController do sign_in(admin) end + describe 'GET #index' do + context 'when the user has no identities' do + it 'shows no identities' do + get :index, params: { user_id: admin.username } + + expect(assigns(:user)).to eq(admin) + expect(assigns(:identities)).to be_blank + expect(response).to have_gitlab_http_status(:ok) + end + end + + context 'when the user has identities' do + let(:ldap_user) { create(:omniauth_user, provider: 'ldapmain', extern_uid: 'ldap-uid') } + + it 'shows identities' do + get :index, params: { user_id: ldap_user.username } + + expect(assigns(:user)).to eq(ldap_user) + expect(assigns(:identities)).to eq(ldap_user.identities) + expect(response).to have_gitlab_http_status(:ok) + end + end + end + describe 'UPDATE identity' do let(:user) { create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=myuser,ou=people,dc=example,dc=com') } diff --git a/spec/controllers/admin/topics_controller_spec.rb b/spec/controllers/admin/topics_controller_spec.rb index ee36d5f1def..87093e0263b 100644 --- a/spec/controllers/admin/topics_controller_spec.rb +++ b/spec/controllers/admin/topics_controller_spec.rb @@ -173,4 +173,44 @@ RSpec.describe Admin::TopicsController do end end end + + describe 'POST #merge' do + let_it_be(:source_topic) { create(:topic, name: 'source_topic') } + let_it_be(:project) { create(:project, topic_list: source_topic.name ) } + + it 'merges source topic into target topic' do + post :merge, params: { source_topic_id: source_topic.id, target_topic_id: topic.id } + + expect(response).to redirect_to(admin_topics_path) + expect(topic.projects).to contain_exactly(project) + expect { source_topic.reload }.to raise_error(ActiveRecord::RecordNotFound) + end + + it 'renders a 404 error for non-existing id' do + post :merge, params: { source_topic_id: non_existing_record_id, target_topic_id: topic.id } + + expect(response).to have_gitlab_http_status(:not_found) + expect { topic.reload }.not_to raise_error + end + + it 'renders a 400 error for identical topic ids' do + post :merge, params: { source_topic_id: topic, target_topic_id: topic.id } + + expect(response).to have_gitlab_http_status(:bad_request) + expect { topic.reload }.not_to raise_error + end + + context 'as a normal user' do + before do + sign_in(user) + end + + it 'renders a 404 error' do + post :merge, params: { source_topic_id: source_topic.id, target_topic_id: topic.id } + + expect(response).to have_gitlab_http_status(:not_found) + expect { source_topic.reload }.not_to raise_error + end + end + end end diff --git a/spec/controllers/admin/usage_trends_controller_spec.rb b/spec/controllers/admin/usage_trends_controller_spec.rb index 35fb005aacb..356f603bf57 100644 --- a/spec/controllers/admin/usage_trends_controller_spec.rb +++ b/spec/controllers/admin/usage_trends_controller_spec.rb @@ -13,5 +13,18 @@ RSpec.describe Admin::UsageTrendsController do it_behaves_like 'tracking unique visits', :index do let(:target_id) { 'i_analytics_instance_statistics' } end + + it_behaves_like 'Snowplow event tracking' do + subject { get :index } + + let(:feature_flag_name) { :route_hll_to_snowplow_phase2 } + let(:category) { described_class.name } + let(:action) { 'perform_analytics_usage_action' } + let(:label) { 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly' } + let(:property) { 'i_analytics_instance_statistics' } + let(:namespace) { nil } + let(:project) { nil } + let(:user) { admin } + end end end diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index c46a12680a2..515ad9daf36 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -140,7 +140,7 @@ RSpec.describe Admin::UsersController do it 'displays the rejection message' do subject - expect(response).to redirect_to(admin_users_path) + expect(response).to redirect_to(admin_user_path(user)) expect(flash[:notice]).to eq("You've rejected #{user.name}") end @@ -612,8 +612,8 @@ RSpec.describe Admin::UsersController do end context 'when the new password does not match the password confirmation' do - let(:password) { 'some_password' } - let(:password_confirmation) { 'not_same_as_password' } + let(:password) { User.random_password } + let(:password_confirmation) { User.random_password } it 'shows the edit page again' do update_password(user, password, password_confirmation) diff --git a/spec/controllers/groups/uploads_controller_spec.rb b/spec/controllers/groups/uploads_controller_spec.rb index 8fcc3a7fccf..645360289d1 100644 --- a/spec/controllers/groups/uploads_controller_spec.rb +++ b/spec/controllers/groups/uploads_controller_spec.rb @@ -67,30 +67,10 @@ RSpec.describe Groups::UploadsController do end context "when not signed in" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end + it "responds with appropriate status" do + show_upload - it "responds with appropriate status" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end - - context "with flag disabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end + expect(response).to have_gitlab_http_status(:ok) end end @@ -100,30 +80,10 @@ RSpec.describe Groups::UploadsController do end context "when the user doesn't have access to the model" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end - end - - context "with flag disabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) - end - - it "responds with status 200" do - show_upload + it "responds with status 200" do + show_upload - expect(response).to have_gitlab_http_status(:ok) - end + expect(response).to have_gitlab_http_status(:ok) end end end @@ -135,30 +95,10 @@ RSpec.describe Groups::UploadsController do end context "when not signed in" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end + it "responds with appropriate status" do + show_upload - it "responds with appropriate status" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end - - context "with flag disabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end + expect(response).to have_gitlab_http_status(:ok) end end @@ -168,30 +108,10 @@ RSpec.describe Groups::UploadsController do end context "when the user doesn't have access to the model" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end - end - - context "with flag disabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) - end - - it "responds with status 200" do - show_upload + it "responds with status 200" do + show_upload - expect(response).to have_gitlab_http_status(:ok) - end + expect(response).to have_gitlab_http_status(:ok) end end end diff --git a/spec/controllers/import/bulk_imports_controller_spec.rb b/spec/controllers/import/bulk_imports_controller_spec.rb index 7177c8c10a6..3be12717664 100644 --- a/spec/controllers/import/bulk_imports_controller_spec.rb +++ b/spec/controllers/import/bulk_imports_controller_spec.rb @@ -245,11 +245,11 @@ RSpec.describe Import::BulkImportsController do let(:bulk_import_params) do [{ "source_type" => "group_entity", "source_full_path" => "full_path", - "destination_name" => "destination_name", + "destination_slug" => "destination_name", "destination_namespace" => "root" }, { "source_type" => "group_entity2", "source_full_path" => "full_path2", - "destination_name" => "destination_name2", + "destination_slug" => "destination_name2", "destination_namespace" => "root" }] end @@ -258,7 +258,7 @@ RSpec.describe Import::BulkImportsController do session[:bulk_import_gitlab_url] = instance_url end - it 'executes BulkImpors::CreateService' do + it 'executes BulkImports::CreateService' do error_response = ServiceResponse.error(message: 'Record invalid', http_status: :unprocessable_entity) expect_next_instance_of( @@ -276,6 +276,38 @@ RSpec.describe Import::BulkImportsController do expect(json_response).to eq([{ "success" => true, "id" => bulk_import.id, "message" => nil }, { "success" => false, "id" => nil, "message" => "Record invalid" }]) end + + context 'when entity destination_name is specified' do + let(:bulk_import_params) do + [ + { + "source_type" => "group_entity", + "source_full_path" => "full_path", + "destination_name" => "destination_name", + "destination_namespace" => "root" + } + ] + end + + it 'replaces destination_name with destination_slug and executes BulkImports::CreateService' do + entity = { + "source_type" => "group_entity", + "source_full_path" => "full_path", + "destination_slug" => "destination_name", + "destination_namespace" => "root" + } + + expect_next_instance_of( + ::BulkImports::CreateService, user, entity, { url: instance_url, access_token: pat }) do |service| + allow(service).to receive(:execute).and_return(ServiceResponse.success(payload: bulk_import)) + end + + post :create, params: { bulk_import: bulk_import_params } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to match_array([{ "success" => true, "id" => bulk_import.id, "message" => nil }]) + end + end end end diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb index aafea0050d3..0e531dbaf4b 100644 --- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb +++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb @@ -87,6 +87,38 @@ RSpec.describe Profiles::PersonalAccessTokensController do end end + context "tokens returned are ordered" do + let(:expires_1_day_from_now) { 1.day.from_now.to_date } + let(:expires_2_day_from_now) { 2.days.from_now.to_date } + + before do + create(:personal_access_token, user: user, name: "Token1", expires_at: expires_1_day_from_now) + create(:personal_access_token, user: user, name: "Token2", expires_at: expires_2_day_from_now) + end + + it "orders token list ascending on expires_at" do + get :index + + first_token = assigns(:active_personal_access_tokens).first.as_json + expect(first_token[:name]).to eq("Token1") + expect(first_token[:expires_at]).to eq(expires_1_day_from_now.strftime("%Y-%m-%d")) + end + + it "orders tokens on id in case token has same expires_at" do + create(:personal_access_token, user: user, name: "Token3", expires_at: expires_1_day_from_now) + + get :index + + first_token = assigns(:active_personal_access_tokens).first.as_json + expect(first_token[:name]).to eq("Token3") + expect(first_token[:expires_at]).to eq(expires_1_day_from_now.strftime("%Y-%m-%d")) + + second_token = assigns(:active_personal_access_tokens).second.as_json + expect(second_token[:name]).to eq("Token1") + expect(second_token[:expires_at]).to eq(expires_1_day_from_now.strftime("%Y-%m-%d")) + end + end + context "access_token_pagination feature flag is disabled" do before do stub_feature_flags(access_token_pagination: false) diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb index 6e7cc058fbc..89185a8f856 100644 --- a/spec/controllers/profiles_controller_spec.rb +++ b/spec/controllers/profiles_controller_spec.rb @@ -3,16 +3,16 @@ require('spec_helper') RSpec.describe ProfilesController, :request_store do - let(:password) { 'longsecret987!' } + let(:password) { User.random_password } let(:user) { create(:user, password: password) } describe 'POST update' do it 'does not update password' do sign_in(user) - + new_password = User.random_password expect do post :update, - params: { user: { password: 'hello12345', password_confirmation: 'hello12345' } } + params: { user: { password: new_password, password_confirmation: new_password } } end.not_to change { user.reload.encrypted_password } expect(response).to have_gitlab_http_status(:found) diff --git a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb index 3f0318c3973..8903592ba15 100644 --- a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb +++ b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb @@ -54,6 +54,32 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end end + shared_examples 'project-level value stream analytics with guest user' do + let_it_be(:guest) { create(:user) } + + before do + project.add_guest(guest) + sign_out(user) + sign_in(guest) + end + + %w[code review].each do |id| + it "disallows stage #{id}" do + get action, params: params.merge(id: id) + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + %w[issue plan test staging].each do |id| + it "allows stage #{id}" do + get action, params: params.merge(id: id) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + describe 'GET index' do let(:action) { :index } @@ -78,6 +104,20 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it 'only returns authorized stages' do + guest = create(:user) + sign_out(user) + sign_in(guest) + project.add_guest(guest) + + get action, params: params + + expect(response).to have_gitlab_http_status(:ok) + + expect(json_response['stages'].map { |stage| stage['title'] }) + .to contain_exactly('Issue', 'Plan', 'Test', 'Staging') + end end describe 'GET median' do @@ -102,6 +142,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET average' do @@ -126,6 +168,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET count' do @@ -150,6 +194,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET records' do @@ -174,5 +220,7 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end end diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb index cc807098498..887a5ba598f 100644 --- a/spec/controllers/projects/blob_controller_spec.rb +++ b/spec/controllers/projects/blob_controller_spec.rb @@ -352,7 +352,6 @@ RSpec.describe Projects::BlobController do project_new_merge_request_path( forked_project, merge_request: { - source_project_id: forked_project.id, target_project_id: project.id, source_branch: "fork-test-1", target_branch: "master" diff --git a/spec/controllers/projects/ci/secure_files_controller_spec.rb b/spec/controllers/projects/ci/secure_files_controller_spec.rb deleted file mode 100644 index 200997e31b9..00000000000 --- a/spec/controllers/projects/ci/secure_files_controller_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Projects::Ci::SecureFilesController do - let_it_be(:project) { create(:project) } - let_it_be(:user) { create(:user) } - - subject(:show_request) { get :show, params: { namespace_id: project.namespace, project_id: project } } - - describe 'GET #show' do - context 'when the :ci_secure_files feature flag is enabled' do - context 'with enough privileges' do - before do - stub_feature_flags(ci_secure_files: true) - sign_in(user) - project.add_developer(user) - show_request - end - - it { expect(response).to have_gitlab_http_status(:ok) } - - it 'renders show page' do - expect(response).to render_template :show - end - end - end - - context 'when the :ci_secure_files feature flag is disabled' do - context 'with enough privileges' do - before do - stub_feature_flags(ci_secure_files: false) - sign_in(user) - project.add_developer(user) - show_request - end - - it 'responds with 404' do - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - - context 'without enough privileges' do - before do - sign_in(user) - project.add_reporter(user) - show_request - end - - it 'responds with 404' do - expect(response).to have_gitlab_http_status(:not_found) - end - end - - context 'an unauthenticated user' do - before do - show_request - end - - it 'redirects to sign in' do - expect(response).to have_gitlab_http_status(:found) - expect(response).to redirect_to('/users/sign_in') - end - end - end -end diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb index d45ea268e64..12202518e1e 100644 --- a/spec/controllers/projects/clusters_controller_spec.rb +++ b/spec/controllers/projects/clusters_controller_spec.rb @@ -259,9 +259,11 @@ RSpec.describe Projects::ClustersController do it 'is allowed for admin when admin mode enabled', :enable_admin_mode do expect { go }.to be_allowed_for(:admin) end + it 'is disabled for admin when admin mode disabled' do expect { go }.to be_denied_for(:admin) end + it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -300,9 +302,11 @@ RSpec.describe Projects::ClustersController do it 'is allowed for admin when admin mode enabled', :enable_admin_mode do expect { go }.to be_allowed_for(:admin) end + it 'is disabled for admin when admin mode disabled' do expect { go }.to be_denied_for(:admin) end + it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -349,9 +353,11 @@ RSpec.describe Projects::ClustersController do it 'is allowed for admin when admin mode enabled', :enable_admin_mode do expect { go }.to be_allowed_for(:admin) end + it 'is disabled for admin when admin mode disabled' do expect { go }.to be_denied_for(:admin) end + it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -401,9 +407,11 @@ RSpec.describe Projects::ClustersController do it 'is allowed for admin when admin mode enabled', :enable_admin_mode do expect { go }.to be_allowed_for(:admin) end + it 'is disabled for admin when admin mode disabled' do expect { go }.to be_denied_for(:admin) end + it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_allowed_for(:developer).of(project) } @@ -515,9 +523,11 @@ RSpec.describe Projects::ClustersController do it 'is allowed for admin when admin mode enabled', :enable_admin_mode do expect { go }.to be_allowed_for(:admin) end + it 'is disabled for admin when admin mode disabled' do expect { go }.to be_denied_for(:admin) end + it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } @@ -593,9 +603,11 @@ RSpec.describe Projects::ClustersController do it 'is allowed for admin when admin mode enabled', :enable_admin_mode do expect { go }.to be_allowed_for(:admin) end + it 'is disabled for admin when admin mode disabled' do expect { go }.to be_denied_for(:admin) end + it { expect { go }.to be_allowed_for(:owner).of(project) } it { expect { go }.to be_allowed_for(:maintainer).of(project) } it { expect { go }.to be_denied_for(:developer).of(project) } diff --git a/spec/controllers/projects/commit_controller_spec.rb b/spec/controllers/projects/commit_controller_spec.rb index a72c98552a5..edb07bbdce6 100644 --- a/spec/controllers/projects/commit_controller_spec.rb +++ b/spec/controllers/projects/commit_controller_spec.rb @@ -82,6 +82,22 @@ RSpec.describe Projects::CommitController do expect(response).to be_successful end + it 'only loads blobs in the current page' do + stub_feature_flags(async_commit_diff_files: false) + stub_const('Projects::CommitController::COMMIT_DIFFS_PER_PAGE', 1) + + commit = project.commit('1a0b36b3cdad1d2ee32457c102a8c0b7056fa863') + + expect_next_instance_of(Repository) do |repository| + # This commit contains 3 changed files but we expect only the blobs for the first one to be loaded + expect(repository).to receive(:blobs_at).with([[commit.id, '.gitignore']], anything).and_call_original + end + + go(id: commit.id) + + expect(response).to be_ok + end + shared_examples "export as" do |format| it "does generally work" do go(id: commit.id, format: format) @@ -378,7 +394,6 @@ RSpec.describe Projects::CommitController do project_new_merge_request_path( source_project, merge_request: { - source_project_id: source_project.id, target_project_id: project.id, source_branch: branch, target_branch: 'feature' diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb index e6e0307d0ca..6ed6f7017e3 100644 --- a/spec/controllers/projects/compare_controller_spec.rb +++ b/spec/controllers/projects/compare_controller_spec.rb @@ -226,8 +226,8 @@ RSpec.describe Projects::CompareController do context 'when page is valid' do let(:from_project_id) { nil } - let(:from_ref) { '08f22f25' } - let(:to_ref) { '66eceea0' } + let(:from_ref) { '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9' } + let(:to_ref) { '5937ac0a7beb003549fc5fd26fc247adbce4a52e' } let(:page) { 1 } it 'shows the diff' do @@ -237,6 +237,21 @@ RSpec.describe Projects::CompareController do expect(assigns(:diffs).diff_files.first).to be_present expect(assigns(:commits).length).to be >= 1 end + + it 'only loads blobs in the current page' do + stub_const('Projects::CompareController::COMMIT_DIFFS_PER_PAGE', 1) + + expect_next_instance_of(Repository) do |repository| + # This comparison contains 4 changed files but we expect only the blobs for the first one to be loaded + expect(repository).to receive(:blobs_at).with( + contain_exactly([from_ref, '.gitmodules'], [to_ref, '.gitmodules']), anything + ).and_call_original + end + + show_request + + expect(response).to be_successful + end end context 'when page is not valid' do diff --git a/spec/controllers/projects/environments_controller_spec.rb b/spec/controllers/projects/environments_controller_spec.rb index f4cad5790a3..1a6edab795d 100644 --- a/spec/controllers/projects/environments_controller_spec.rb +++ b/spec/controllers/projects/environments_controller_spec.rb @@ -233,7 +233,7 @@ RSpec.describe Projects::EnvironmentsController do end context "when environment params are invalid" do - let(:params) { environment_params.merge(environment: { name: '/foo/', external_url: '/git.gitlab.com' }) } + let(:params) { environment_params.merge(environment: { external_url: 'javascript:alert("hello")' }) } it 'returns bad request' do subject diff --git a/spec/controllers/projects/hooks_controller_spec.rb b/spec/controllers/projects/hooks_controller_spec.rb index a275bc28631..ba7b712964c 100644 --- a/spec/controllers/projects/hooks_controller_spec.rb +++ b/spec/controllers/projects/hooks_controller_spec.rb @@ -98,7 +98,7 @@ RSpec.describe Projects::HooksController do def it_renders_correctly expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:edit) - expect(response).to render_template('projects/hook_logs/_index') + expect(response).to render_template('shared/hook_logs/_index') end end diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index badac688229..c48be8efb1b 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -1607,22 +1607,32 @@ RSpec.describe Projects::IssuesController do project.add_developer(user) end - it "returns 302 for project members with developer role" do - import_csv + context 'when upload proceeds correctly' do + it "returns 302 for project members with developer role" do + import_csv - expect(flash[:notice]).to eq(_("Your issues are being imported. Once finished, you'll get a confirmation email.")) - expect(response).to redirect_to(project_issues_path(project)) - end + expect(flash[:notice]).to eq(_("Your issues are being imported. Once finished, you'll get a confirmation email.")) + expect(response).to redirect_to(project_issues_path(project)) + end + + it 'enqueues an import job' do + expect(ImportIssuesCsvWorker).to receive(:perform_async).with(user.id, project.id, Integer) - it "shows error when upload fails" do - expect_next_instance_of(UploadService) do |upload_service| - expect(upload_service).to receive(:execute).and_return(nil) + import_csv end + end - import_csv + context 'when upload fails' do + it "shows error when upload fails" do + expect_next_instance_of(UploadService) do |upload_service| + expect(upload_service).to receive(:execute).and_return(nil) + end - expect(flash[:alert]).to include(_('File upload error.')) - expect(response).to redirect_to(project_issues_path(project)) + import_csv + + expect(flash[:alert]).to include(_('File upload error.')) + expect(response).to redirect_to(project_issues_path(project)) + end end end diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb index 8ccbc0d3fe2..ed5e32df8ea 100644 --- a/spec/controllers/projects/merge_requests_controller_spec.rb +++ b/spec/controllers/projects/merge_requests_controller_spec.rb @@ -1894,15 +1894,12 @@ RSpec.describe Projects::MergeRequestsController do # First run to insert test data from lets, which does take up some 30 queries get_ci_environments_status - control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) { get_ci_environments_status }.count + control_count = ActiveRecord::QueryRecorder.new { get_ci_environments_status } environment2 = create(:environment, project: forked) create(:deployment, :succeed, environment: environment2, sha: sha, ref: 'master', deployable: build) - # TODO address the last 3 queries - # See https://gitlab.com/gitlab-org/gitlab-foss/issues/63952 (3 queries) - leeway = 3 - expect { get_ci_environments_status }.not_to exceed_all_query_limit(control_count + leeway) + expect { get_ci_environments_status }.not_to exceed_all_query_limit(control_count) end end @@ -2039,25 +2036,50 @@ RSpec.describe Projects::MergeRequestsController do end describe 'POST #rebase' do + let(:other_params) { {} } + let(:params) { { namespace_id: project.namespace, project_id: project, id: merge_request }.merge(other_params) } + def post_rebase - post :rebase, params: { namespace_id: project.namespace, project_id: project, id: merge_request } + post :rebase, params: params end before do allow(RebaseWorker).to receive(:with_status).and_return(RebaseWorker) end - def expect_rebase_worker_for(user) - expect(RebaseWorker).to receive(:perform_async).with(merge_request.id, user.id, false) + def expect_rebase_worker_for(user, skip_ci: false) + expect(RebaseWorker).to receive(:perform_async).with(merge_request.id, user.id, skip_ci) end context 'successfully' do - it 'enqeues a RebaseWorker' do - expect_rebase_worker_for(user) + shared_examples 'successful rebase scheduler' do + it 'enqueues a RebaseWorker' do + expect_rebase_worker_for(user, skip_ci: skip_ci) - post_rebase + post_rebase - expect(response).to have_gitlab_http_status(:ok) + expect(response).to have_gitlab_http_status(:ok) + end + end + + context 'with skip_ci not specified' do + let(:skip_ci) { false } + + it_behaves_like 'successful rebase scheduler' + end + + context 'with skip_ci enabled' do + let(:skip_ci) { true } + let(:other_params) { { skip_ci: 'true' } } + + it_behaves_like 'successful rebase scheduler' + end + + context 'with skip_ci disabled' do + let(:skip_ci) { false } + let(:other_params) { { skip_ci: 'false' } } + + it_behaves_like 'successful rebase scheduler' end end diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb index 85e5de46afd..9050765afd6 100644 --- a/spec/controllers/projects/notes_controller_spec.rb +++ b/spec/controllers/projects/notes_controller_spec.rb @@ -345,34 +345,77 @@ RSpec.describe Projects::NotesController do } end - context 'when `confidential` parameter is not provided' do - it 'sets `confidential` to `false` in JSON response' do + context 'when parameter is not provided' do + it 'sets `confidential` and `internal` to `false` in JSON response' do create! expect(response).to have_gitlab_http_status(:ok) expect(json_response['confidential']).to be false + expect(json_response['internal']).to be false end end - context 'when `confidential` parameter is `false`' do - let(:extra_note_params) { { confidential: false } } + context 'when is not a confidential note' do + context 'when using the `internal` parameter' do + let(:extra_note_params) { { internal: false } } - it 'sets `confidential` to `false` in JSON response' do - create! + it 'sets `confidential` and `internal` to `false` in JSON response' do + create! - expect(response).to have_gitlab_http_status(:ok) - expect(json_response['confidential']).to be false + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be false + expect(json_response['internal']).to be false + end + end + + context 'when using deprecated `confidential` parameter' do + let(:extra_note_params) { { confidential: false } } + + it 'sets `confidential` and `internal` to `false` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be false + expect(json_response['internal']).to be false + end end end - context 'when `confidential` parameter is `true`' do - let(:extra_note_params) { { confidential: true } } + context 'when is a confidential note' do + context 'when using the `internal` parameter' do + let(:extra_note_params) { { internal: true } } - it 'sets `confidential` to `true` in JSON response' do - create! + it 'sets `confidential` and `internal` to `true` in JSON response' do + create! - expect(response).to have_gitlab_http_status(:ok) - expect(json_response['confidential']).to be true + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be true + expect(json_response['internal']).to be true + end + end + + context 'when using deprecated `confidential` parameter' do + let(:extra_note_params) { { confidential: true } } + + it 'sets `confidential` and `internal` to `true` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be true + expect(json_response['internal']).to be true + end + end + + context 'when `internal` parameter is `true` and `confidential` parameter is `false`' do + let(:extra_note_params) { { internal: true, confidential: false } } + + it 'uses the `internal` param as source of truth' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be true + expect(json_response['internal']).to be true + end end end end diff --git a/spec/controllers/projects/pages_controller_spec.rb b/spec/controllers/projects/pages_controller_spec.rb index 1fa8838b548..136f98ac907 100644 --- a/spec/controllers/projects/pages_controller_spec.rb +++ b/spec/controllers/projects/pages_controller_spec.rb @@ -19,9 +19,9 @@ RSpec.describe Projects::PagesController do project.add_maintainer(user) end - describe 'GET show' do + describe 'GET new' do it 'returns 200 status' do - get :show, params: request_params + get :new, params: request_params expect(response).to have_gitlab_http_status(:ok) end @@ -31,13 +31,55 @@ RSpec.describe Projects::PagesController do let(:project) { create(:project, namespace: group) } it 'returns a 200 status code' do - get :show, params: request_params + get :new, params: request_params expect(response).to have_gitlab_http_status(:ok) end end end + describe 'GET show' do + subject { get :show, params: request_params } + + context 'when the project does not have onboarding complete' do + before do + project.pages_metadatum.update_attribute(:deployed, false) + project.pages_metadatum.update_attribute(:onboarding_complete, false) + end + + it 'redirects to #new' do + expect(subject).to redirect_to(action: 'new') + end + end + + context 'when the project does have onboarding complete' do + before do + project.pages_metadatum.update_attribute(:onboarding_complete, true) + end + + it 'returns 200 status' do + expect(subject).to have_gitlab_http_status(:ok) + end + + context 'when the project is in a subgroup' do + let(:group) { create(:group, :nested) } + let(:project) { create(:project, namespace: group) } + + it 'returns a 200 status code' do + expect(subject).to have_gitlab_http_status(:ok) + end + end + end + + context 'when pages is disabled' do + let(:project) { create(:project, :pages_disabled) } + + it 'renders the disabled view' do + expect(subject).to render_template :disabled + end + end + end + describe 'DELETE destroy' do it 'returns 302 status' do delete :destroy, params: request_params diff --git a/spec/controllers/projects/protected_branches_controller_spec.rb b/spec/controllers/projects/protected_branches_controller_spec.rb index dcfccc00347..4996bd90005 100644 --- a/spec/controllers/projects/protected_branches_controller_spec.rb +++ b/spec/controllers/projects/protected_branches_controller_spec.rb @@ -3,14 +3,20 @@ require('spec_helper') RSpec.describe Projects::ProtectedBranchesController do - let(:project) { create(:project, :repository) } + let_it_be_with_reload(:project) { create(:project, :repository) } + let_it_be(:maintainer) { create(:user) } + let(:protected_branch) { create(:protected_branch, project: project) } let(:project_params) { { namespace_id: project.namespace.to_param, project_id: project } } let(:base_params) { project_params.merge(id: protected_branch.id) } - let(:user) { create(:user) } + let(:user) { maintainer } + + before_all do + project.add_maintainer(maintainer) + end before do - project.add_maintainer(user) + sign_in(user) end describe "GET #index" do @@ -30,23 +36,16 @@ RSpec.describe Projects::ProtectedBranchesController do let(:create_params) { attributes_for(:protected_branch).merge(access_level_params) } - before do - sign_in(user) - end - it 'creates the protected branch rule' do expect do post(:create, params: project_params.merge(protected_branch: create_params)) end.to change(ProtectedBranch, :count).by(1) end - context 'when a policy restricts rule deletion' do - before do - policy = instance_double(ProtectedBranchPolicy, allowed?: false) - allow(ProtectedBranchPolicy).to receive(:new).and_return(policy) - end - + context 'when a policy restricts rule creation' do it "prevents creation of the protected branch rule" do + disallow(:create_protected_branch, an_instance_of(ProtectedBranch)) + post(:create, params: project_params.merge(protected_branch: create_params)) expect(ProtectedBranch.count).to eq 0 @@ -57,10 +56,6 @@ RSpec.describe Projects::ProtectedBranchesController do describe "PUT #update" do let(:update_params) { { name: 'new_name' } } - before do - sign_in(user) - end - it 'updates the protected branch rule' do put(:update, params: base_params.merge(protected_branch: update_params)) @@ -68,13 +63,10 @@ RSpec.describe Projects::ProtectedBranchesController do expect(json_response["name"]).to eq('new_name') end - context 'when a policy restricts rule deletion' do - before do - policy = instance_double(ProtectedBranchPolicy, allowed?: false) - allow(ProtectedBranchPolicy).to receive(:new).and_return(policy) - end - + context 'when a policy restricts rule update' do it "prevents update of the protected branch rule" do + disallow(:update_protected_branch, protected_branch) + old_name = protected_branch.name put(:update, params: base_params.merge(protected_branch: update_params)) @@ -85,10 +77,6 @@ RSpec.describe Projects::ProtectedBranchesController do end describe "DELETE #destroy" do - before do - sign_in(user) - end - it "deletes the protected branch rule" do delete(:destroy, params: base_params) @@ -96,16 +84,18 @@ RSpec.describe Projects::ProtectedBranchesController do end context 'when a policy restricts rule deletion' do - before do - policy = instance_double(ProtectedBranchPolicy, allowed?: false) - allow(ProtectedBranchPolicy).to receive(:new).and_return(policy) - end - it "prevents deletion of the protected branch rule" do + disallow(:destroy_protected_branch, protected_branch) + delete(:destroy, params: base_params) expect(response).to have_gitlab_http_status(:forbidden) end end end + + def disallow(ability, protected_branch) + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, ability, protected_branch).and_return(false) + end end diff --git a/spec/controllers/projects/tags/releases_controller_spec.rb b/spec/controllers/projects/tags/releases_controller_spec.rb deleted file mode 100644 index 1d2385f54f9..00000000000 --- a/spec/controllers/projects/tags/releases_controller_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Projects::Tags::ReleasesController do - let!(:project) { create(:project, :repository) } - let!(:user) { create(:user) } - let!(:release) { create(:release, project: project, tag: "v1.1.0") } - let!(:tag) { release.tag } - - before do - project.add_developer(user) - sign_in(user) - end - - describe 'GET #edit' do - it 'initializes a new release' do - tag_id = release.tag - project.releases.destroy_all # rubocop: disable Cop/DestroyAll - - response = get :edit, params: { namespace_id: project.namespace, project_id: project, tag_id: tag_id } - - release = assigns(:release) - expect(release).not_to be_nil - expect(release).not_to be_persisted - expect(response).to have_gitlab_http_status(:ok) - end - - it 'retrieves an existing release' do - response = get :edit, params: { namespace_id: project.namespace, project_id: project, tag_id: tag } - - release = assigns(:release) - expect(release).not_to be_nil - expect(release).to be_persisted - expect(response).to have_gitlab_http_status(:ok) - end - end - - describe 'PUT #update' do - it 'updates release note description' do - response = update_release(release.tag, "description updated") - - release = project.releases.find_by(tag: tag) - expect(release.description).to eq("description updated") - expect(response).to have_gitlab_http_status(:found) - end - - it 'creates a release if one does not exist' do - tag_without_release = create_new_tag - - expect do - update_release(tag_without_release.name, "a new release") - end.to change { project.releases.count }.by(1) - - expect(response).to have_gitlab_http_status(:found) - end - - it 'sets the release name, sha, and author for a new release' do - tag_without_release = create_new_tag - - response = update_release(tag_without_release.name, "a new release") - - release = project.releases.find_by(tag: tag_without_release.name) - expect(release.name).to eq(tag_without_release.name) - expect(release.sha).to eq(tag_without_release.target_commit.sha) - expect(release.author.id).to eq(user.id) - expect(response).to have_gitlab_http_status(:found) - end - - it 'does not delete release when description is empty' do - expect do - update_release(tag, "") - end.not_to change { project.releases.count } - - expect(release.reload.description).to eq("") - - expect(response).to have_gitlab_http_status(:found) - end - - it 'does nothing when description is empty and the tag does not have a release' do - tag_without_release = create_new_tag - - expect do - update_release(tag_without_release.name, "") - end.not_to change { project.releases.count } - - expect(response).to have_gitlab_http_status(:found) - end - end - - def create_new_tag - project.repository.add_tag(user, 'mytag', 'master') - end - - def update_release(tag_id, description) - put :update, params: { - namespace_id: project.namespace.to_param, - project_id: project, - tag_id: tag_id, - release: { description: description } - } - end -end diff --git a/spec/controllers/projects/uploads_controller_spec.rb b/spec/controllers/projects/uploads_controller_spec.rb index 6d2db25ade2..01635f2e158 100644 --- a/spec/controllers/projects/uploads_controller_spec.rb +++ b/spec/controllers/projects/uploads_controller_spec.rb @@ -86,47 +86,27 @@ RSpec.describe Projects::UploadsController do end context "when not signed in" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end - - context 'when the project has setting enforce_auth_checks_on_uploads true' do - before do - model.update!(enforce_auth_checks_on_uploads: true) - end - - it "responds with status 302" do - show_upload - - expect(response).to have_gitlab_http_status(:redirect) - end - end - - context 'when the project has setting enforce_auth_checks_on_uploads false' do - before do - model.update!(enforce_auth_checks_on_uploads: false) - end + context 'when the project has setting enforce_auth_checks_on_uploads true' do + before do + model.update!(enforce_auth_checks_on_uploads: true) + end - it "responds with status 200" do - show_upload + it "responds with status 302" do + show_upload - expect(response).to have_gitlab_http_status(:ok) - end - end + expect(response).to have_gitlab_http_status(:redirect) end + end - context "with flag disabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) - end + context 'when the project has setting enforce_auth_checks_on_uploads false' do + before do + model.update!(enforce_auth_checks_on_uploads: false) + end - it "responds with status 200" do - show_upload + it "responds with status 200" do + show_upload - expect(response).to have_gitlab_http_status(:ok) - end + expect(response).to have_gitlab_http_status(:ok) end end end @@ -137,41 +117,21 @@ RSpec.describe Projects::UploadsController do end context "when the user doesn't have access to the model" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end - - context 'when the project has setting enforce_auth_checks_on_uploads true' do - before do - model.update!(enforce_auth_checks_on_uploads: true) - end - - it "responds with status 404" do - show_upload - - expect(response).to have_gitlab_http_status(:not_found) - end - end - - context 'when the project has setting enforce_auth_checks_on_uploads false' do - before do - model.update!(enforce_auth_checks_on_uploads: false) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end + context 'when the project has setting enforce_auth_checks_on_uploads true' do + before do + model.update!(enforce_auth_checks_on_uploads: true) + end + + it "responds with status 404" do + show_upload + + expect(response).to have_gitlab_http_status(:not_found) end end - context "with flag disabled" do + context 'when the project has setting enforce_auth_checks_on_uploads false' do before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) + model.update!(enforce_auth_checks_on_uploads: false) end it "responds with status 200" do @@ -190,47 +150,27 @@ RSpec.describe Projects::UploadsController do end context "when not signed in" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end - - context 'when the project has setting enforce_auth_checks_on_uploads true' do - before do - model.update!(enforce_auth_checks_on_uploads: true) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end + context 'when the project has setting enforce_auth_checks_on_uploads true' do + before do + model.update!(enforce_auth_checks_on_uploads: true) + end - context 'when the project has setting enforce_auth_checks_on_uploads false' do - before do - model.update!(enforce_auth_checks_on_uploads: false) - end + it "responds with status 200" do + show_upload - it "responds with status 200" do - show_upload + expect(response).to have_gitlab_http_status(:ok) + end + end - expect(response).to have_gitlab_http_status(:ok) - end - end + context 'when the project has setting enforce_auth_checks_on_uploads false' do + before do + model.update!(enforce_auth_checks_on_uploads: false) end - context "with flag disabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) - end + it "responds with status 200" do + show_upload - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end + expect(response).to have_gitlab_http_status(:ok) end end end @@ -241,41 +181,21 @@ RSpec.describe Projects::UploadsController do end context "when the user doesn't have access to the model" do - context "enforce_auth_checks_on_uploads feature flag" do - context "with flag enabled" do - before do - stub_feature_flags(enforce_auth_checks_on_uploads: true) - end - - context 'when the project has setting enforce_auth_checks_on_uploads true' do - before do - model.update!(enforce_auth_checks_on_uploads: true) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end - - context 'when the project has setting enforce_auth_checks_on_uploads false' do - before do - model.update!(enforce_auth_checks_on_uploads: false) - end - - it "responds with status 200" do - show_upload - - expect(response).to have_gitlab_http_status(:ok) - end - end + context 'when the project has setting enforce_auth_checks_on_uploads true' do + before do + model.update!(enforce_auth_checks_on_uploads: true) + end + + it "responds with status 200" do + show_upload + + expect(response).to have_gitlab_http_status(:ok) end end - context "with flag disabled" do + context 'when the project has setting enforce_auth_checks_on_uploads false' do before do - stub_feature_flags(enforce_auth_checks_on_uploads: false) + model.update!(enforce_auth_checks_on_uploads: false) end it "responds with status 200" do diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 34477a7bb68..94d75ab8d7d 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -878,30 +878,82 @@ RSpec.describe ProjectsController do end context 'with project feature attributes' do - using RSpec::Parameterized::TableSyntax + let(:initial_value) { ProjectFeature::PRIVATE } + let(:update_to) { ProjectFeature::ENABLED } - where(:feature, :initial_value, :update_to) do - :metrics_dashboard_access_level | ProjectFeature::PRIVATE | ProjectFeature::ENABLED - :container_registry_access_level | ProjectFeature::ENABLED | ProjectFeature::PRIVATE + before do + project.project_feature.update!(feature_access_level => initial_value) end - with_them do - it "updates the project_feature new" do - params = { - namespace_id: project.namespace, - id: project.path, - project: { - project_feature_attributes: { - "#{feature}": update_to - } + def update_project_feature + put :update, params: { + namespace_id: project.namespace, + id: project.path, + project: { + project_feature_attributes: { + feature_access_level.to_s => update_to } } + } + end - expect { put :update, params: params }.to change { - project.reload.project_feature.public_send(feature) + shared_examples 'feature update success' do + it 'updates access level successfully' do + expect { update_project_feature }.to change { + project.reload.project_feature.public_send(feature_access_level) }.from(initial_value).to(update_to) end end + + shared_examples 'feature update failure' do + it 'cannot update access level' do + expect { update_project_feature }.not_to change { + project.reload.project_feature.public_send(feature_access_level) + } + end + end + + where(:feature_access_level) do + %i[ + metrics_dashboard_access_level + container_registry_access_level + environments_access_level + feature_flags_access_level + releases_access_level + ] + end + + with_them do + it_behaves_like 'feature update success' + end + + context 'for feature_access_level operations_access_level' do + let(:feature_access_level) { :operations_access_level } + + include_examples 'feature update failure' + end + + context 'with feature flag split_operations_visibility_permissions disabled' do + before do + stub_feature_flags(split_operations_visibility_permissions: false) + end + + context 'for feature_access_level operations_access_level' do + let(:feature_access_level) { :operations_access_level } + + include_examples 'feature update success' + end + + where(:feature_access_level) do + %i[ + environments_access_level feature_flags_access_level + ] + end + + with_them do + it_behaves_like 'feature update failure' + end + end end end diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb index c5a97812d1f..70d4559edc1 100644 --- a/spec/controllers/registrations_controller_spec.rb +++ b/spec/controllers/registrations_controller_spec.rb @@ -25,7 +25,7 @@ RSpec.describe RegistrationsController do end let_it_be(:base_user_params) do - { first_name: 'first', last_name: 'last', username: 'new_username', email: 'new@user.com', password: 'Any_password' } + { first_name: 'first', last_name: 'last', username: 'new_username', email: 'new@user.com', password: User.random_password } end let_it_be(:user_params) { { user: base_user_params } } @@ -222,7 +222,7 @@ RSpec.describe RegistrationsController do context 'when the registration fails' do let_it_be(:member) { create(:project_member, :invited) } let_it_be(:missing_user_params) do - { username: '', email: member.invite_email, password: 'Any_password' } + { username: '', email: member.invite_email, password: User.random_password } end let_it_be(:user_params) { { user: missing_user_params } } @@ -535,7 +535,7 @@ RSpec.describe RegistrationsController do end it 'succeeds if password is confirmed' do - post :destroy, params: { password: '12345678' } + post :destroy, params: { password: user.password } expect_success end @@ -576,7 +576,7 @@ RSpec.describe RegistrationsController do end it 'fails' do - delete :destroy, params: { password: '12345678' } + delete :destroy, params: { password: user.password } expect_failure(s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account')) end diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index b4d4e01e972..14b198dbefe 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -12,47 +12,6 @@ RSpec.describe SearchController do sign_in(user) end - shared_examples_for 'when the user cannot read cross project' do |action, params| - before do - allow(Ability).to receive(:allowed?).and_call_original - allow(Ability).to receive(:allowed?) - .with(user, :read_cross_project, :global) { false } - end - - it 'blocks access without a project_id' do - get action, params: params - - expect(response).to have_gitlab_http_status(:forbidden) - end - - it 'allows access with a project_id' do - get action, params: params.merge(project_id: create(:project, :public).id) - - expect(response).to have_gitlab_http_status(:ok) - end - end - - shared_examples_for 'with external authorization service enabled' do |action, params| - let(:project) { create(:project, namespace: user.namespace) } - let(:note) { create(:note_on_issue, project: project) } - - before do - enable_external_authorization_service_check - end - - it 'renders a 403 when no project is given' do - get action, params: params - - expect(response).to have_gitlab_http_status(:forbidden) - end - - it 'renders a 200 when a project was set' do - get action, params: params.merge(project_id: project.id) - - expect(response).to have_gitlab_http_status(:ok) - end - end - shared_examples_for 'support for active record query timeouts' do |action, params, method_to_stub, format| before do allow_next_instance_of(SearchService) do |service| @@ -133,10 +92,11 @@ RSpec.describe SearchController do { chars_under_limit: (('a' * (term_char_limit - 1) + ' ') * (term_limit - 1))[0, char_limit], chars_over_limit: (('a' * (term_char_limit - 1) + ' ') * (term_limit - 1))[0, char_limit + 1], - terms_under_limit: ('abc ' * (term_limit - 1)), + terms_under_limit: ('abc ' * (term_limit - 1)), terms_over_limit: ('abc ' * (term_limit + 1)), term_length_over_limit: ('a' * (term_char_limit + 1)), - term_length_under_limit: ('a' * (term_char_limit - 1)) + term_length_under_limit: ('a' * (term_char_limit - 1)), + blank: '' } end @@ -147,6 +107,7 @@ RSpec.describe SearchController do :terms_over_limit | :set_terms_flash :term_length_under_limit | :not_to_set_flash :term_length_over_limit | :not_to_set_flash # abuse, so do nothing. + :blank | :not_to_set_flash end with_them do @@ -393,6 +354,13 @@ RSpec.describe SearchController do get(:autocomplete, params: { term: 'foo@bar.com', scope: 'users' }) end end + + it 'can be filtered with params[:filter]' do + get :autocomplete, params: { term: 'setting', filter: 'generic' } + expect(response).to have_gitlab_http_status(:ok) + expect(json_response.count).to eq(1) + expect(json_response.first['label']).to match(/User settings/) + end end describe '#append_info_to_payload' do @@ -410,9 +378,20 @@ RSpec.describe SearchController do expect(payload[:metadata]['meta.search.project_ids']).to eq(%w(456 789)) expect(payload[:metadata]['meta.search.type']).to eq('basic') expect(payload[:metadata]['meta.search.level']).to eq('global') + expect(payload[:metadata]['meta.search.filters.language']).to eq('ruby') end - get :show, params: { scope: 'issues', search: 'hello world', group_id: '123', project_id: '456', project_ids: %w(456 789), confidential: true, state: true, force_search_results: true } + get :show, params: { + scope: 'issues', + search: 'hello world', + group_id: '123', + project_id: '456', + project_ids: %w(456 789), + confidential: true, + state: true, + force_search_results: true, + language: 'ruby' + } end it 'appends the default scope in meta.search.scope' do |