diff options
Diffstat (limited to 'spec/requests/api/protected_branches_spec.rb')
-rw-r--r-- | spec/requests/api/protected_branches_spec.rb | 124 |
1 files changed, 102 insertions, 22 deletions
diff --git a/spec/requests/api/protected_branches_spec.rb b/spec/requests/api/protected_branches_spec.rb index 8e8a25a8dc2..04d5f7ac20a 100644 --- a/spec/requests/api/protected_branches_spec.rb +++ b/spec/requests/api/protected_branches_spec.rb @@ -5,6 +5,7 @@ require 'spec_helper' RSpec.describe API::ProtectedBranches, feature_category: :source_code_management do let_it_be_with_reload(:project) { create(:project, :repository) } let_it_be(:maintainer) { create(:user) } + let_it_be(:developer) { create(:user) } let_it_be(:guest) { create(:user) } let(:protected_name) { 'feature' } @@ -16,12 +17,14 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management before_all do project.add_maintainer(maintainer) + project.add_developer(developer) project.add_guest(guest) end describe "GET /projects/:id/protected_branches" do let(:params) { {} } let(:route) { "/projects/#{project.id}/protected_branches" } + let(:expected_branch_names) { project.protected_branches.map { |x| x['name'] } } shared_examples_for 'protected branches' do it 'returns the protected branches' do @@ -39,9 +42,7 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management let(:user) { maintainer } context 'when search param is not present' do - it_behaves_like 'protected branches' do - let(:expected_branch_names) { project.protected_branches.map { |x| x['name'] } } - end + it_behaves_like 'protected branches' end context 'when search param is present' do @@ -53,6 +54,12 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management end end + context 'when authenticated as a developer' do + let(:user) { developer } + + it_behaves_like 'protected branches' + end + context 'when authenticated as a guest' do let(:user) { guest } @@ -103,6 +110,27 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management it_behaves_like 'protected branch' end + + context 'when a deploy key is present' do + let(:deploy_key) do + create(:deploy_key, deploy_keys_projects: [create(:deploy_keys_project, :write_access, project: project)]) + end + + it 'returns deploy key information' do + create(:protected_branch_push_access_level, protected_branch: protected_branch, deploy_key: deploy_key) + get api(route, user) + + expect(json_response['push_access_levels']).to include( + a_hash_including('access_level_description' => 'Deploy key', 'deploy_key_id' => deploy_key.id) + ) + end + end + end + + context 'when authenticated as a developer' do + let(:user) { developer } + + it_behaves_like 'protected branch' end context 'when authenticated as a guest' do @@ -243,10 +271,20 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management end end + context 'when authenticated as a developer' do + let(:user) { developer } + + it "returns a 403 error" do + post post_endpoint, params: { name: branch_name } + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + context 'when authenticated as a guest' do let(:user) { guest } - it "returns a 403 error if guest" do + it "returns a 403 error" do post post_endpoint, params: { name: branch_name } expect(response).to have_gitlab_http_status(:forbidden) @@ -266,6 +304,15 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management end.to change { protected_branch.reload.allow_force_push }.from(false).to(true) expect(response).to have_gitlab_http_status(:ok) end + + context 'when allow_force_push is not set' do + it 'responds with a bad request error' do + patch api(route, user), params: { allow_force_push: nil } + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to eq 'allow_force_push is empty' + end + end end context 'when returned protected branch is invalid' do @@ -286,6 +333,16 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management end end + context 'when authenticated as a developer' do + let(:user) { developer } + + it "returns a 403 error" do + patch api(route, user), params: { allow_force_push: true } + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + context 'when authenticated as a guest' do let(:user) { guest } @@ -298,42 +355,65 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management end describe "DELETE /projects/:id/protected_branches/unprotect/:branch" do - let(:user) { maintainer } let(:delete_endpoint) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) } - it "unprotects a single branch" do - delete delete_endpoint + context "when authenticated as a maintainer" do + let(:user) { maintainer } - expect(response).to have_gitlab_http_status(:no_content) - end + it "unprotects a single branch" do + delete delete_endpoint - it_behaves_like '412 response' do - let(:request) { delete_endpoint } - end + expect(response).to have_gitlab_http_status(:no_content) + end + + it_behaves_like '412 response' do + let(:request) { delete_endpoint } + end + + it "returns 404 if branch does not exist" do + delete api("/projects/#{project.id}/protected_branches/barfoo", user) + + expect(response).to have_gitlab_http_status(:not_found) + end + + context 'when a policy restricts rule deletion' do + it "prevents deletion of the protected branch rule" do + disallow(:destroy_protected_branch, protected_branch) - it "returns 404 if branch does not exist" do - delete api("/projects/#{project.id}/protected_branches/barfoo", user) + delete delete_endpoint - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'when branch has a wildcard in its name' do + let(:protected_name) { 'feature*' } + + it "unprotects a wildcard branch" do + delete delete_endpoint + + expect(response).to have_gitlab_http_status(:no_content) + end + end end - context 'when a policy restricts rule deletion' do - it "prevents deletion of the protected branch rule" do - disallow(:destroy_protected_branch, protected_branch) + context 'when authenticated as a developer' do + let(:user) { developer } + it "returns a 403 error" do delete delete_endpoint expect(response).to have_gitlab_http_status(:forbidden) end end - context 'when branch has a wildcard in its name' do - let(:protected_name) { 'feature*' } + context 'when authenticated as a guest' do + let(:user) { guest } - it "unprotects a wildcard branch" do + it "returns a 403 error" do delete delete_endpoint - expect(response).to have_gitlab_http_status(:no_content) + expect(response).to have_gitlab_http_status(:forbidden) end end end |