2 files changed, 39 insertions, 3 deletions

diff --git a/spec/requests/api/ci/jobs_spec.rb b/spec/requests/api/ci/jobs_spec.rb
index 19ac673308b..41e35de189e 100644
--- a/spec/requests/api/ci/jobs_spec.rb
+++ b/spec/requests/api/ci/jobs_spec.rb
@@ -556,7 +556,7 @@ RSpec.describe API::Ci::Jobs, feature_category: :continuous_integration do
 
     before do
       allow_next_instance_of(Gitlab::ApplicationRateLimiter::BaseStrategy) do |strategy|
-        threshold = Gitlab::ApplicationRateLimiter.rate_limits[:jobs_index][:threshold]
+        threshold = Gitlab::ApplicationRateLimiter.rate_limits[:jobs_index][:threshold].call
         allow(strategy).to receive(:increment).and_return(threshold + 1)
       end
 
diff --git a/spec/requests/api/ci/pipeline_schedules_spec.rb b/spec/requests/api/ci/pipeline_schedules_spec.rb
index d760e4ddf28..fb67d7cb4fb 100644
--- a/spec/requests/api/ci/pipeline_schedules_spec.rb
+++ b/spec/requests/api/ci/pipeline_schedules_spec.rb
@@ -176,7 +176,7 @@ RSpec.describe API::Ci::PipelineSchedules, feature_category: :continuous_integra
     end
 
     context 'with public project' do
-      let_it_be(:project) { create(:project, :repository, :public, public_builds: false) }
+      let_it_be(:project) { create(:project, :repository, :public, public_builds: true) }
 
       it_behaves_like 'request with schedule ownership'
       it_behaves_like 'request with project permissions'
@@ -204,6 +204,30 @@ RSpec.describe API::Ci::PipelineSchedules, feature_category: :continuous_integra
           expect(json_response).not_to have_key('variables')
         end
       end
+
+      context 'when public pipelines are disabled' do
+        let_it_be(:project) { create(:project, :repository, :public, public_builds: false) }
+
+        context 'authenticated user with no project permissions' do
+          it 'does not return pipeline_schedule' do
+            get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+
+        context 'authenticated user with insufficient project permissions' do
+          before do
+            project.add_guest(user)
+          end
+
+          it 'returns pipeline_schedule with no variables' do
+            get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+      end
     end
   end
 
@@ -294,7 +318,7 @@ RSpec.describe API::Ci::PipelineSchedules, feature_category: :continuous_integra
     end
 
     context 'with public project' do
-      let_it_be(:project) { create(:project, :repository, :public, public_builds: false) }
+      let_it_be(:project) { create(:project, :repository, :public, public_builds: true) }
 
       it_behaves_like 'request with schedule ownership'
       it_behaves_like 'request with project permissions'
@@ -308,6 +332,18 @@ RSpec.describe API::Ci::PipelineSchedules, feature_category: :continuous_integra
           expect(response).to return_pipeline_schedule_pipelines_successfully
         end
       end
+
+      context 'when public pipelines are disabled' do
+        let_it_be(:project) { create(:project, :repository, :public, public_builds: false) }
+
+        context 'authenticated user with no project permissions' do
+          it 'does not return the details of pipelines triggered from the pipeline schedule' do
+            get api(url, user)
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+      end
     end
   end