diff options
Diffstat (limited to 'spec/requests/api')
| -rw-r--r-- | spec/requests/api/files_spec.rb | 3 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 42 | ||||
| -rw-r--r-- | spec/requests/api/repositories_spec.rb | 10 |
3 files changed, 49 insertions, 6 deletions
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb index 71a4a1a2784..869df06b60c 100644 --- a/spec/requests/api/files_spec.rb +++ b/spec/requests/api/files_spec.rb @@ -558,8 +558,7 @@ RSpec.describe API::Files do get api(url, current_user), params: params - expect(response.headers["Cache-Control"]).to include("no-store") - expect(response.headers["Cache-Control"]).to include("no-cache") + expect(response.headers["Cache-Control"]).to eq("max-age=0, private, must-revalidate, no-store, no-cache") expect(response.headers["Pragma"]).to eq("no-cache") expect(response.headers["Expires"]).to eq("Fri, 01 Jan 1990 00:00:00 GMT") end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 16619017dfe..e103aa3d6de 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -3864,6 +3864,48 @@ RSpec.describe API::Projects do end end + describe 'GET /projects/:id/storage' do + context 'when unauthenticated' do + it 'does not return project storage data' do + get api("/projects/#{project.id}/storage") + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + it 'returns project storage data when user is admin' do + get api("/projects/#{project.id}/storage", create(:admin)) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['project_id']).to eq(project.id) + expect(json_response['disk_path']).to eq(project.repository.disk_path) + expect(json_response['created_at']).to be_present + expect(json_response['repository_storage']).to eq(project.repository_storage) + end + + it 'does not return project storage data when user is not admin' do + get api("/projects/#{project.id}/storage", user3) + + expect(response).to have_gitlab_http_status(:forbidden) + end + + it 'responds with a 401 for unauthenticated users trying to access a non-existent project id' do + expect(Project.find_by(id: non_existing_record_id)).to be_nil + + get api("/projects/#{non_existing_record_id}/storage") + + expect(response).to have_gitlab_http_status(:unauthorized) + end + + it 'responds with a 403 for non-admin users trying to access a non-existent project id' do + expect(Project.find_by(id: non_existing_record_id)).to be_nil + + get api("/projects/#{non_existing_record_id}/storage", user3) + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + it_behaves_like 'custom attributes endpoints', 'projects' do let(:attributable) { project } let(:other_attributable) { project2 } diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb index a12b4dc9848..1b96efeca22 100644 --- a/spec/requests/api/repositories_spec.rb +++ b/spec/requests/api/repositories_spec.rb @@ -178,10 +178,12 @@ RSpec.describe API::Repositories do expect(headers['Content-Disposition']).to eq 'inline' end - it_behaves_like 'uncached response' do - before do - get api(route, current_user) - end + it 'defines an uncached header response' do + get api(route, current_user) + + expect(response.headers["Cache-Control"]).to eq("max-age=0, private, must-revalidate, no-store, no-cache") + expect(response.headers["Pragma"]).to eq("no-cache") + expect(response.headers["Expires"]).to eq("Fri, 01 Jan 1990 00:00:00 GMT") end context 'when sha does not exist' do |