diff options
Diffstat (limited to 'spec/requests/users_controller_spec.rb')
-rw-r--r-- | spec/requests/users_controller_spec.rb | 142 |
1 files changed, 119 insertions, 23 deletions
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 11d8be24e06..c49dbb6a269 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -174,39 +174,95 @@ RSpec.describe UsersController, feature_category: :user_management do end context 'requested in json format' do - let(:project) { create(:project) } + context 'when profile_tabs_vue feature flag is turned OFF' do + let(:project) { create(:project) } - before do - project.add_developer(user) - Gitlab::DataBuilder::Push.build_sample(project, user) + before do + project.add_developer(user) + Gitlab::DataBuilder::Push.build_sample(project, user) + stub_feature_flags(profile_tabs_vue: false) + sign_in(user) + end - sign_in(user) - end + it 'loads events' do + get user_activity_url user.username, format: :json - it 'loads events' do - get user_activity_url user.username, format: :json + expect(response.media_type).to eq('application/json') + expect(Gitlab::Json.parse(response.body)['count']).to eq(1) + end - expect(response.media_type).to eq('application/json') - expect(Gitlab::Json.parse(response.body)['count']).to eq(1) - end + it 'hides events if the user cannot read cross project' do + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } - it 'hides events if the user cannot read cross project' do - allow(Ability).to receive(:allowed?).and_call_original - expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + get user_activity_url user.username, format: :json - get user_activity_url user.username, format: :json + expect(response.media_type).to eq('application/json') + expect(Gitlab::Json.parse(response.body)['count']).to eq(0) + end - expect(response.media_type).to eq('application/json') - expect(Gitlab::Json.parse(response.body)['count']).to eq(0) + it 'hides events if the user has a private profile' do + Gitlab::DataBuilder::Push.build_sample(project, private_user) + + get user_activity_url private_user.username, format: :json + + expect(response.media_type).to eq('application/json') + expect(Gitlab::Json.parse(response.body)['count']).to eq(0) + end end - it 'hides events if the user has a private profile' do - Gitlab::DataBuilder::Push.build_sample(project, private_user) + context 'when profile_tabs_vue feature flag is turned ON' do + let(:project) { create(:project) } + + before do + project.add_developer(user) + Gitlab::DataBuilder::Push.build_sample(project, user) + stub_feature_flags(profile_tabs_vue: true) + sign_in(user) + end + + it 'loads events' do + get user_activity_url user.username, format: :json - get user_activity_url private_user.username, format: :json + expect(response.media_type).to eq('application/json') + expect(Gitlab::Json.parse(response.body).count).to eq(1) + end - expect(response.media_type).to eq('application/json') - expect(Gitlab::Json.parse(response.body)['count']).to eq(0) + it 'hides events if the user cannot read cross project' do + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + get user_activity_url user.username, format: :json + + expect(response.media_type).to eq('application/json') + expect(Gitlab::Json.parse(response.body).count).to eq(0) + end + + it 'hides events if the user has a private profile' do + Gitlab::DataBuilder::Push.build_sample(project, private_user) + + get user_activity_url private_user.username, format: :json + + expect(response.media_type).to eq('application/json') + expect(Gitlab::Json.parse(response.body).count).to eq(0) + end + + it 'hides events if the user has a private profile' do + project = create(:project, :private) + private_event_user = create(:user, include_private_contributions: true) + push_data = Gitlab::DataBuilder::Push.build_sample(project, private_event_user) + EventCreateService.new.push(project, private_event_user, push_data) + + get user_activity_url private_event_user.username, format: :json + + response_body = Gitlab::Json.parse(response.body) + event = response_body.first + expect(response.media_type).to eq('application/json') + expect(response_body.count).to eq(1) + expect(event).to include('created_at', 'author', 'action') + expect(event['action']).to eq('private') + expect(event).not_to include('ref', 'commit', 'target', 'resource_parent') + end end end end @@ -472,7 +528,7 @@ RSpec.describe UsersController, feature_category: :user_management do get user_calendar_activities_url public_user.username - expect(response.body).to include(project_work_items_path(project, work_item.iid, iid_path: true)) + expect(response.body).to include(project_work_items_path(project, work_item.iid)) expect(response.body).to include(project_issue_path(project, issue)) end @@ -714,6 +770,17 @@ RSpec.describe UsersController, feature_category: :user_management do expect(response.body).to eq(expected_json) end end + + context 'when a project has the same name as a desired username' do + let_it_be(:project) { create(:project, name: 'project-name') } + + it 'returns JSON indicating a user by that username does not exist' do + get user_exists_url 'project-name' + + expected_json = { exists: false }.to_json + expect(response.body).to eq(expected_json) + end + end end context 'when the rate limit has been reached' do @@ -858,6 +925,35 @@ RSpec.describe UsersController, feature_category: :user_management do expect(user).not_to be_following(public_user) end end + + context 'when user or followee disabled following' do + before do + sign_in(user) + end + + it 'alerts and not follow if user disabled following' do + user.enabled_following = false + + post user_follow_url(username: public_user.username) + expect(response).to be_redirect + + expected_message = format(_('Action not allowed.')) + expect(flash[:alert]).to eq(expected_message) + expect(user).not_to be_following(public_user) + end + + it 'alerts and not follow if followee disabled following' do + public_user.enabled_following = false + public_user.save! + + post user_follow_url(username: public_user.username) + expect(response).to be_redirect + + expected_message = format(_('Action not allowed.')) + expect(flash[:alert]).to eq(expected_message) + expect(user).not_to be_following(public_user) + end + end end context 'token authentication' do |