diff options
Diffstat (limited to 'spec/requests/api/package_files_spec.rb')
-rw-r--r-- | spec/requests/api/package_files_spec.rb | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/spec/requests/api/package_files_spec.rb b/spec/requests/api/package_files_spec.rb index f47dca387ef..3b4bd2f3cf4 100644 --- a/spec/requests/api/package_files_spec.rb +++ b/spec/requests/api/package_files_spec.rb @@ -10,6 +10,15 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do describe 'GET /projects/:id/packages/:package_id/package_files' do let(:url) { "/projects/#{project.id}/packages/#{package.id}/package_files" } + shared_examples 'handling job token and returning' do |status:| + it "returns status #{status}" do + get api(url, job_token: job.token) + + expect(response).to have_gitlab_http_status(status) + expect(response).to match_response_schema('public_api/v4/packages/package_files') if status == :ok + end + end + before do project.add_developer(user) end @@ -27,6 +36,12 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do expect(response).to have_gitlab_http_status(:not_found) end + + context 'with JOB-TOKEN auth' do + let(:job) { create(:ci_build, :running, user: user, project: project) } + + it_behaves_like 'handling job token and returning', status: :ok + end end context 'project is private' do @@ -52,6 +67,28 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do expect(response).to have_gitlab_http_status(:ok) expect(response).to match_response_schema('public_api/v4/packages/package_files') end + + context 'with JOB-TOKEN auth' do + let(:job) { create(:ci_build, :running, user: user, project: project) } + + context 'a non authenticated user' do + let(:user) { nil } + + it_behaves_like 'handling job token and returning', status: :not_found + end + + context 'a user without access to the project', :sidekiq_inline do + before do + project.team.truncate + end + + it_behaves_like 'handling job token and returning', status: :not_found + end + + context 'a user with access to the project' do + it_behaves_like 'handling job token and returning', status: :ok + end + end end context 'with pagination params' do @@ -97,6 +134,18 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do subject(:api_request) { delete api(url, user) } + shared_examples 'handling job token and returning' do |status:| + it "returns status #{status}", :aggregate_failures do + if status == :no_content + expect { api_request }.to change { package.package_files.pending_destruction.count }.by(1) + else + expect { api_request }.not_to change { package.package_files.pending_destruction.count } + end + + expect(response).to have_gitlab_http_status(status) + end + end + context 'project is public' do context 'without user' do let(:user) { nil } @@ -108,6 +157,14 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do end end + context 'with JOB-TOKEN auth' do + subject(:api_request) { delete api(url, job_token: job.token) } + + let(:job) { create(:ci_build, :running, user: user, project: project) } + + it_behaves_like 'handling job token and returning', status: :forbidden + end + it 'returns 403 for a user without access to the project', :aggregate_failures do expect { api_request }.not_to change { package.package_files.pending_destruction.count } @@ -175,6 +232,33 @@ RSpec.describe API::PackageFiles, feature_category: :package_registry do expect(response).to have_gitlab_http_status(:not_found) end end + + context 'with JOB-TOKEN auth' do + subject(:api_request) { delete api(url, job_token: job.token) } + + let(:job) { create(:ci_build, :running, user: user, project: project) } + let_it_be_with_refind(:project) { create(:project, :private) } + + context 'a user without access to the project' do + it_behaves_like 'handling job token and returning', status: :not_found + end + + context 'a user without enough permissions' do + before do + project.add_developer(user) + end + + it_behaves_like 'handling job token and returning', status: :forbidden + end + + context 'a user with the right permissions' do + before do + project.add_maintainer(user) + end + + it_behaves_like 'handling job token and returning', status: :no_content + end + end end end end |