diff options
Diffstat (limited to 'spec/requests/api/groups_spec.rb')
-rw-r--r-- | spec/requests/api/groups_spec.rb | 136 |
1 files changed, 123 insertions, 13 deletions
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index bc37f8e4655..6169bc9b2a2 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -5,6 +5,7 @@ require 'spec_helper' RSpec.describe API::Groups do include GroupAPIHelpers include UploadHelpers + include WorkhorseHelpers let_it_be(:user1) { create(:user, can_create_group: false) } let_it_be(:user2) { create(:user) } @@ -540,9 +541,9 @@ RSpec.describe API::Groups do # Returns a Hash of visibility_level => Project pairs def add_projects_to_group(group, share_with: nil) projects = { - public: create(:project, :public, namespace: group), + public: create(:project, :public, namespace: group), internal: create(:project, :internal, namespace: group), - private: create(:project, :private, namespace: group) + private: create(:project, :private, namespace: group) } if share_with @@ -872,21 +873,31 @@ RSpec.describe API::Groups do group_param = { avatar: fixture_file_upload(file_path) } - put api("/groups/#{group1.id}", user1), params: group_param + workhorse_form_with_file( + api("/groups/#{group1.id}", user1), + method: :put, + file_key: :avatar, + params: group_param + ) end end context 'when authenticated as the group owner' do it 'updates the group' do - put api("/groups/#{group1.id}", user1), params: { - name: new_group_name, - request_access_enabled: true, - project_creation_level: "noone", - subgroup_creation_level: "maintainer", - default_branch_protection: ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS, - prevent_sharing_groups_outside_hierarchy: true, - avatar: fixture_file_upload(file_path) - } + workhorse_form_with_file( + api("/groups/#{group1.id}", user1), + method: :put, + file_key: :avatar, + params: { + name: new_group_name, + request_access_enabled: true, + project_creation_level: "noone", + subgroup_creation_level: "maintainer", + default_branch_protection: ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS, + prevent_sharing_groups_outside_hierarchy: true, + avatar: fixture_file_upload(file_path) + } + ) expect(response).to have_gitlab_http_status(:ok) expect(json_response['name']).to eq(new_group_name) @@ -912,6 +923,16 @@ RSpec.describe API::Groups do expect(json_response['prevent_sharing_groups_outside_hierarchy']).to eq(true) end + it 'removes the group avatar' do + put api("/groups/#{group1.id}", user1), params: { avatar: '' } + + aggregate_failures "testing response" do + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['avatar_url']).to be_nil + expect(group1.reload.avatar_url).to be_nil + end + end + it 'does not update visibility_level if it is restricted' do stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::INTERNAL]) @@ -1787,7 +1808,12 @@ RSpec.describe API::Groups do attrs[:avatar] = fixture_file_upload(file_path) end - post api("/groups", user3), params: params + workhorse_form_with_file( + api('/groups', user3), + method: :post, + file_key: :avatar, + params: params + ) end end @@ -2029,6 +2055,90 @@ RSpec.describe API::Groups do end end + describe 'GET /groups/:id/transfer_locations' do + let_it_be(:user) { create(:user) } + let_it_be(:source_group) { create(:group, :private) } + + let(:params) { {} } + + subject(:request) do + get api("/groups/#{source_group.id}/transfer_locations", user), params: params + end + + context 'when the user has rights to transfer the group' do + let_it_be(:guest_group) { create(:group) } + let_it_be(:maintainer_group) { create(:group, name: 'maintainer group', path: 'maintainer-group') } + let_it_be(:owner_group_1) { create(:group, name: 'owner group', path: 'owner-group') } + let_it_be(:owner_group_2) { create(:group, name: 'gitlab group', path: 'gitlab-group') } + let_it_be(:shared_with_group_where_direct_owner_as_owner) { create(:group) } + + before do + source_group.add_owner(user) + guest_group.add_guest(user) + maintainer_group.add_maintainer(user) + owner_group_1.add_owner(user) + owner_group_2.add_owner(user) + create(:group_group_link, :owner, + shared_with_group: owner_group_1, + shared_group: shared_with_group_where_direct_owner_as_owner + ) + end + + it 'returns 200' do + request + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to include_pagination_headers + end + + it 'only includes groups where the user has permissions to transfer a group to' do + request + + expect(group_ids_from_response).to contain_exactly( + owner_group_1.id, + owner_group_2.id, + shared_with_group_where_direct_owner_as_owner.id + ) + end + + context 'with search' do + let(:params) { { search: 'gitlab' } } + + it 'includes groups where the user has permissions to transfer a group to, matching the search term' do + request + + expect(group_ids_from_response).to contain_exactly(owner_group_2.id) + end + end + + def group_ids_from_response + json_response.map { |group| group['id'] } + end + end + + context 'when the user does not have permissions to transfer the group' do + before do + source_group.add_developer(user) + end + + it 'returns 403' do + request + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'for an anonymous user' do + let_it_be(:user) { nil } + + it 'returns 404' do + request + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + describe 'POST /groups/:id/transfer' do let_it_be(:user) { create(:user) } let_it_be_with_reload(:new_parent_group) { create(:group, :private) } |