1 files changed, 57 insertions, 2 deletions

diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index 13cced81875..4cfa49d1566 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -10,6 +10,8 @@ describe API::API, api: true  do
   let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
   let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
   let!(:group2) { create(:group) }
+  let!(:project1) { create(:project, namespace: group1) }
+  let!(:project2) { create(:project, namespace: group2) }
 
   before do
     group1.add_owner(user1)
@@ -67,7 +69,7 @@ describe API::API, api: true  do
       it "should return any existing group" do
         get api("/groups/#{group2.id}", admin)
         expect(response.status).to eq(200)
-        json_response['name'] == group2.name
+        expect(json_response['name']).to eq(group2.name)
       end
 
       it "should not return a non existing group" do
@@ -80,7 +82,7 @@ describe API::API, api: true  do
       it 'should return any existing group' do
         get api("/groups/#{group1.path}", admin)
         expect(response.status).to eq(200)
-        json_response['name'] == group2.name
+        expect(json_response['name']).to eq(group1.name)
       end
 
       it 'should not return a non existing group' do
@@ -95,6 +97,59 @@ describe API::API, api: true  do
     end
   end
 
+  describe "GET /groups/:id/projects" do
+    context "when authenticated as user" do
+      it "should return the group's projects" do
+        get api("/groups/#{group1.id}/projects", user1)
+        expect(response.status).to eq(200)
+        expect(json_response.length).to eq(1)
+        expect(json_response.first['name']).to eq(project1.name)
+      end
+
+      it "should not return a non existing group" do
+        get api("/groups/1328/projects", user1)
+        expect(response.status).to eq(404)
+      end
+
+      it "should not return a group not attached to user1" do
+        get api("/groups/#{group2.id}/projects", user1)
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return any existing group" do
+        get api("/groups/#{group2.id}/projects", admin)
+        expect(response.status).to eq(200)
+        expect(json_response.length).to eq(1)
+        expect(json_response.first['name']).to eq(project2.name)
+      end
+
+      it "should not return a non existing group" do
+        get api("/groups/1328/projects", admin)
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'when using group path in URL' do
+      it 'should return any existing group' do
+        get api("/groups/#{group1.path}/projects", admin)
+        expect(response.status).to eq(200)
+        expect(json_response.first['name']).to eq(project1.name)
+      end
+
+      it 'should not return a non existing group' do
+        get api('/groups/unknown/projects', admin)
+        expect(response.status).to eq(404)
+      end
+
+      it 'should not return a group not attached to user1' do
+        get api("/groups/#{group2.path}/projects", user1)
+        expect(response.status).to eq(403)
+      end
+    end
+  end
+
   describe "POST /groups" do
     context "when authenticated as user without group permissions" do
       it "should not create group" do