diff options
Diffstat (limited to 'spec/requests/api/award_emoji_spec.rb')
| -rw-r--r-- | spec/requests/api/award_emoji_spec.rb | 112 |
1 files changed, 78 insertions, 34 deletions
diff --git a/spec/requests/api/award_emoji_spec.rb b/spec/requests/api/award_emoji_spec.rb index 782e14593f7..67ddaf2fda5 100644 --- a/spec/requests/api/award_emoji_spec.rb +++ b/spec/requests/api/award_emoji_spec.rb @@ -3,8 +3,8 @@ require 'spec_helper' RSpec.describe API::AwardEmoji do + let_it_be_with_reload(:project) { create(:project, :private) } let_it_be(:user) { create(:user) } - let_it_be(:project) { create(:project) } let_it_be(:issue) { create(:issue, project: project) } let_it_be(:award_emoji) { create(:award_emoji, awardable: issue, user: user) } let_it_be(:note) { create(:note, project: project, noteable: issue) } @@ -16,10 +16,46 @@ RSpec.describe API::AwardEmoji do project.add_maintainer(user) end + shared_examples 'request with insufficient permissions' do |request_method| + let(:request_params) { {} } + + context 'when user is not signed in' do + it 'returns 404' do + process request_method, api(request_path), params: request_params + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when user does not have access' do + it 'returns 404' do + other_user = create(:user) + + process request_method, api(request_path, other_user), params: request_params + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + shared_examples 'unauthenticated request to public awardable' do + before do + project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) + end + + it 'returns the awarded emoji' do + get api(request_path) + + expect(response).to have_gitlab_http_status(:ok) + end + end + describe "GET /projects/:id/awardable/:awardable_id/award_emoji" do context 'on an issue' do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji" } + it "returns an array of award_emoji" do - get api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji", user) + get api(request_path, user) expect(response).to have_gitlab_http_status(:ok) expect(json_response).to be_an Array @@ -48,6 +84,9 @@ RSpec.describe API::AwardEmoji do expect(response).to have_gitlab_http_status(:not_found) end + + it_behaves_like 'unauthenticated request to public awardable' + it_behaves_like 'request with insufficient permissions', :get end context 'on a merge request' do @@ -73,34 +112,30 @@ RSpec.describe API::AwardEmoji do expect(json_response.first['name']).to eq(award.name) end end - - context 'when the user has no access' do - it 'returns a status code 404' do - user1 = create(:user) - - get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/award_emoji", user1) - - expect(response).to have_gitlab_http_status(:not_found) - end - end end describe 'GET /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji' do - let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket') } + let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket') } + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji" } it 'returns an array of award emoji' do - get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji", user) + get api(request_path, user) expect(response).to have_gitlab_http_status(:ok) expect(json_response).to be_an Array expect(json_response.first['name']).to eq(rocket.name) end + + it_behaves_like 'unauthenticated request to public awardable' + it_behaves_like 'request with insufficient permissions', :get end describe "GET /projects/:id/awardable/:awardable_id/award_emoji/:award_id" do context 'on an issue' do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji/#{award_emoji.id}" } + it "returns the award emoji" do - get api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji/#{award_emoji.id}", user) + get api(request_path, user) expect(response).to have_gitlab_http_status(:ok) expect(json_response['name']).to eq(award_emoji.name) @@ -113,6 +148,9 @@ RSpec.describe API::AwardEmoji do expect(response).to have_gitlab_http_status(:not_found) end + + it_behaves_like 'unauthenticated request to public awardable' + it_behaves_like 'request with insufficient permissions', :get end context 'on a merge request' do @@ -139,28 +177,22 @@ RSpec.describe API::AwardEmoji do expect(json_response['awardable_type']).to eq("Snippet") end end - - context 'when the user has no access' do - it 'returns a status code 404' do - user1 = create(:user) - - get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/award_emoji/#{downvote.id}", user1) - - expect(response).to have_gitlab_http_status(:not_found) - end - end end describe 'GET /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji/:award_id' do - let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket') } + let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket') } + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}" } it 'returns an award emoji' do - get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}", user) + get api(request_path, user) expect(response).to have_gitlab_http_status(:ok) expect(json_response).not_to be_an Array expect(json_response['name']).to eq(rocket.name) end + + it_behaves_like 'unauthenticated request to public awardable' + it_behaves_like 'request with insufficient permissions', :get end describe "POST /projects/:id/awardable/:awardable_id/award_emoji" do @@ -189,12 +221,6 @@ RSpec.describe API::AwardEmoji do expect(response).to have_gitlab_http_status(:bad_request) end - it "returns a 401 unauthorized error if the user is not authenticated" do - post api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji"), params: { name: 'thumbsup' } - - expect(response).to have_gitlab_http_status(:unauthorized) - end - it "normalizes +1 as thumbsup award" do post api("/projects/#{project.id}/issues/#{issue.iid}/award_emoji", user), params: { name: '+1' } @@ -223,6 +249,11 @@ RSpec.describe API::AwardEmoji do expect(json_response['user']['username']).to eq(user.username) end end + + it_behaves_like 'request with insufficient permissions', :post do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji" } + let(:request_params) { { name: 'blowfish' } } + end end describe "POST /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji" do @@ -260,6 +291,11 @@ RSpec.describe API::AwardEmoji do expect(json_response["message"]).to match("has already been taken") end end + + it_behaves_like 'request with insufficient permissions', :post do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji" } + let(:request_params) { { name: 'rocket' } } + end end describe 'DELETE /projects/:id/awardable/:awardable_id/award_emoji/:award_id' do @@ -319,9 +355,13 @@ RSpec.describe API::AwardEmoji do let(:request) { api("/projects/#{project.id}/snippets/#{snippet.id}/award_emoji/#{award.id}", user) } end end + + it_behaves_like 'request with insufficient permissions', :delete do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/award_emoji/#{award_emoji.id}" } + end end - describe 'DELETE /projects/:id/awardable/:awardable_id/award_emoji/:award_emoji_id' do + describe 'DELETE /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji/:award_id' do let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket', user: user) } it 'deletes the award' do @@ -335,5 +375,9 @@ RSpec.describe API::AwardEmoji do it_behaves_like '412 response' do let(:request) { api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}", user) } end + + it_behaves_like 'request with insufficient permissions', :delete do + let(:request_path) { "/projects/#{project.id}/issues/#{issue.iid}/notes/#{note.id}/award_emoji/#{rocket.id}" } + end end end |