diff options
Diffstat (limited to 'spec/requests/api/releases_spec.rb')
-rw-r--r-- | spec/requests/api/releases_spec.rb | 82 |
1 files changed, 81 insertions, 1 deletions
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb index 81a4fcdbcac..03e0954e5ab 100644 --- a/spec/requests/api/releases_spec.rb +++ b/spec/requests/api/releases_spec.rb @@ -463,9 +463,23 @@ RSpec.describe API::Releases do end context 'when specified tag is not found in the project' do - it 'cannot find the release entry' do + it 'returns 404 for maintater' do get api("/projects/#{project.id}/releases/non_exist_tag", maintainer) + expect(response).to have_gitlab_http_status(:not_found) + expect(json_response['message']).to eq('404 Not Found') + end + + it 'returns project not found for no user' do + get api("/projects/#{project.id}/releases/non_exist_tag", nil) + + expect(response).to have_gitlab_http_status(:not_found) + expect(json_response['message']).to eq('404 Project Not Found') + end + + it 'returns forbidden for guest' do + get api("/projects/#{project.id}/releases/non_existing_tag", guest) + expect(response).to have_gitlab_http_status(:forbidden) end end @@ -662,6 +676,28 @@ RSpec.describe API::Releases do end.not_to change { Project.find_by_id(project.id).repository.tag_count } end + context 'with protected tag' do + context 'when user has access to the protected tag' do + let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) } + + it 'accepts the request' do + post api("/projects/#{project.id}/releases", developer), params: params + + expect(response).to have_gitlab_http_status(:created) + end + end + + context 'when user does not have access to the protected tag' do + let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) } + + it 'forbids the request' do + post api("/projects/#{project.id}/releases", developer), params: params + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + context 'when user is a reporter' do it 'forbids the request' do post api("/projects/#{project.id}/releases", reporter), params: params @@ -1000,6 +1036,28 @@ RSpec.describe API::Releases do expect(project.releases.last.released_at).to eq('2015-10-10T05:00:00Z') end + context 'with protected tag' do + context 'when user has access to the protected tag' do + let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) } + + it 'accepts the request' do + put api("/projects/#{project.id}/releases/v0.1", developer), params: params + + expect(response).to have_gitlab_http_status(:ok) + end + end + + context 'when user does not have access to the protected tag' do + let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) } + + it 'forbids the request' do + put api("/projects/#{project.id}/releases/v0.1", developer), params: params + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + context 'when user tries to update sha' do let(:params) { { sha: 'xxx' } } @@ -1180,6 +1238,28 @@ RSpec.describe API::Releases do expect(response).to match_response_schema('public_api/v4/release') end + context 'with protected tag' do + context 'when user has access to the protected tag' do + let!(:protected_tag) { create(:protected_tag, :developers_can_create, name: '*', project: project) } + + it 'accepts the request' do + delete api("/projects/#{project.id}/releases/v0.1", developer) + + expect(response).to have_gitlab_http_status(:ok) + end + end + + context 'when user does not have access to the protected tag' do + let!(:protected_tag) { create(:protected_tag, :maintainers_can_create, name: '*', project: project) } + + it 'forbids the request' do + delete api("/projects/#{project.id}/releases/v0.1", developer) + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + context 'when there are no corresponding releases' do let!(:release) { } |