From 9bc5ed14fe97fe63cd5be30c013c6af978715621 Mon Sep 17 00:00:00 2001 From: Imre Farkas Date: Tue, 9 Apr 2019 15:38:58 +0000 Subject: Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE --- .../admin/application_settings_controller_spec.rb | 22 +++++ spec/controllers/boards/issues_controller_spec.rb | 26 ++++++ .../concerns/project_unauthorized_spec.rb | 51 ++++++++++++ .../dashboard/groups_controller_spec.rb | 50 ++++++----- .../dashboard/labels_controller_spec.rb | 6 +- .../dashboard/milestones_controller_spec.rb | 6 ++ .../dashboard/projects_controller_spec.rb | 24 +++++- .../controllers/dashboard/todos_controller_spec.rb | 6 ++ spec/controllers/groups/avatars_controller_spec.rb | 10 +++ spec/controllers/groups/boards_controller_spec.rb | 8 ++ .../controllers/groups/children_controller_spec.rb | 12 +++ .../groups/group_members_controller_spec.rb | 86 +++++++++++++++++++ spec/controllers/groups/labels_controller_spec.rb | 6 ++ .../groups/milestones_controller_spec.rb | 6 ++ .../groups/settings/ci_cd_controller_spec.rb | 15 ++++ .../groups/variables_controller_spec.rb | 34 ++++++++ spec/controllers/groups_controller_spec.rb | 96 ++++++++++++++++++++++ .../controllers/projects/boards_controller_spec.rb | 4 + .../controllers/projects/issues_controller_spec.rb | 11 +++ spec/controllers/projects_controller_spec.rb | 32 ++++++++ spec/controllers/search_controller_spec.rb | 39 +++++++++ spec/controllers/users_controller_spec.rb | 12 +++ 22 files changed, 541 insertions(+), 21 deletions(-) create mode 100644 spec/controllers/concerns/project_unauthorized_spec.rb (limited to 'spec/controllers') diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb index 1a7be4c9a85..f3450a8289f 100644 --- a/spec/controllers/admin/application_settings_controller_spec.rb +++ b/spec/controllers/admin/application_settings_controller_spec.rb @@ -92,6 +92,28 @@ describe Admin::ApplicationSettingsController do expect(response).to redirect_to(admin_application_settings_path) expect(ApplicationSetting.current.default_project_creation).to eq(::Gitlab::Access::MAINTAINER_PROJECT_ACCESS) end + + context 'external policy classification settings' do + let(:settings) do + { + external_authorization_service_enabled: true, + external_authorization_service_url: 'https://custom.service/', + external_authorization_service_default_label: 'default', + external_authorization_service_timeout: 3, + external_auth_client_cert: File.read('spec/fixtures/passphrase_x509_certificate.crt'), + external_auth_client_key: File.read('spec/fixtures/passphrase_x509_certificate_pk.key'), + external_auth_client_key_pass: "5iveL!fe" + } + end + + it 'updates settings when the feature is available' do + put :update, params: { application_setting: settings } + + settings.each do |attribute, value| + expect(ApplicationSetting.current.public_send(attribute)).to eq(value) + end + end + end end describe 'PUT #reset_registration_token' do diff --git a/spec/controllers/boards/issues_controller_spec.rb b/spec/controllers/boards/issues_controller_spec.rb index 5eb05f01b8d..309cac47928 100644 --- a/spec/controllers/boards/issues_controller_spec.rb +++ b/spec/controllers/boards/issues_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Boards::IssuesController do + include ExternalAuthorizationServiceHelpers + let(:project) { create(:project, :private) } let(:board) { create(:board, project: project) } let(:user) { create(:user) } @@ -136,6 +138,30 @@ describe Boards::IssuesController do end end + context 'with external authorization' do + before do + sign_in(user) + enable_external_authorization_service_check + end + + it 'returns a 403 for group boards' do + group = create(:group) + group_board = create(:board, group: group) + + list_issues(user: user, board: group_board) + + expect(response).to have_gitlab_http_status(403) + end + + it 'is successful for project boards' do + project_board = create(:board, project: project) + + list_issues(user: user, board: project_board) + + expect(response).to have_gitlab_http_status(200) + end + end + def list_issues(user:, board:, list: nil) sign_in(user) diff --git a/spec/controllers/concerns/project_unauthorized_spec.rb b/spec/controllers/concerns/project_unauthorized_spec.rb new file mode 100644 index 00000000000..90b59b027cf --- /dev/null +++ b/spec/controllers/concerns/project_unauthorized_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe ProjectUnauthorized do + include ExternalAuthorizationServiceHelpers + let(:user) { create(:user) } + + before do + sign_in user + end + + render_views + + describe '#project_unauthorized_proc' do + controller(::Projects::ApplicationController) do + def show + head :ok + end + end + + let(:project) { create(:project) } + + before do + project.add_developer(user) + end + + it 'renders a 200 when the service allows access to the project' do + external_service_allow_access(user, project) + + get :show, params: { namespace_id: project.namespace.to_param, id: project.to_param } + + expect(response).to have_gitlab_http_status(200) + end + + it 'renders a 403 when the service denies access to the project' do + external_service_deny_access(user, project) + + get :show, params: { namespace_id: project.namespace.to_param, id: project.to_param } + + expect(response).to have_gitlab_http_status(403) + expect(response.body).to match("External authorization denied access to this project") + end + + it 'renders a 404 when the user cannot see the project at all' do + other_project = create(:project, :private) + + get :show, params: { namespace_id: other_project.namespace.to_param, id: other_project.to_param } + + expect(response).to have_gitlab_http_status(404) + end + end +end diff --git a/spec/controllers/dashboard/groups_controller_spec.rb b/spec/controllers/dashboard/groups_controller_spec.rb index c8d99f79277..775b3ca40b2 100644 --- a/spec/controllers/dashboard/groups_controller_spec.rb +++ b/spec/controllers/dashboard/groups_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Dashboard::GroupsController do + include ExternalAuthorizationServiceHelpers + let(:user) { create(:user) } before do @@ -11,33 +13,43 @@ describe Dashboard::GroupsController do expect(described_class).to include(GroupTree) end - it 'only includes projects the user is a member of' do - member_of_group = create(:group) - member_of_group.add_developer(user) - create(:group, :public) + describe '#index' do + it 'only includes projects the user is a member of' do + member_of_group = create(:group) + member_of_group.add_developer(user) + create(:group, :public) - get :index + get :index - expect(assigns(:groups)).to contain_exactly(member_of_group) - end + expect(assigns(:groups)).to contain_exactly(member_of_group) + end - context 'when rendering an expanded hierarchy with public groups you are not a member of', :nested_groups do - let!(:top_level_result) { create(:group, name: 'chef-top') } - let!(:top_level_a) { create(:group, name: 'top-a') } - let!(:sub_level_result_a) { create(:group, name: 'chef-sub-a', parent: top_level_a) } - let!(:other_group) { create(:group, name: 'other') } + context 'when rendering an expanded hierarchy with public groups you are not a member of', :nested_groups do + let!(:top_level_result) { create(:group, name: 'chef-top') } + let!(:top_level_a) { create(:group, name: 'top-a') } + let!(:sub_level_result_a) { create(:group, name: 'chef-sub-a', parent: top_level_a) } + let!(:other_group) { create(:group, name: 'other') } - before do - top_level_result.add_maintainer(user) - top_level_a.add_maintainer(user) + before do + top_level_result.add_maintainer(user) + top_level_a.add_maintainer(user) + end + + it 'renders only groups the user is a member of when searching hierarchy correctly' do + get :index, params: { filter: 'chef' }, format: :json + + expect(response).to have_gitlab_http_status(200) + all_groups = [top_level_result, top_level_a, sub_level_result_a] + expect(assigns(:groups)).to contain_exactly(*all_groups) + end end - it 'renders only groups the user is a member of when searching hierarchy correctly' do - get :index, params: { filter: 'chef' }, format: :json + it 'works when the external authorization service is enabled' do + enable_external_authorization_service_check + + get :index expect(response).to have_gitlab_http_status(200) - all_groups = [top_level_result, top_level_a, sub_level_result_a] - expect(assigns(:groups)).to contain_exactly(*all_groups) end end end diff --git a/spec/controllers/dashboard/labels_controller_spec.rb b/spec/controllers/dashboard/labels_controller_spec.rb index a3bfb2f3a87..01de896f9f4 100644 --- a/spec/controllers/dashboard/labels_controller_spec.rb +++ b/spec/controllers/dashboard/labels_controller_spec.rb @@ -13,13 +13,17 @@ describe Dashboard::LabelsController do describe "#index" do let!(:unrelated_label) { create(:label, project: create(:project, :public)) } + subject { get :index, format: :json } + it 'returns global labels for projects the user has a relationship with' do - get :index, format: :json + subject expect(json_response).to be_kind_of(Array) expect(json_response.size).to eq(1) expect(json_response[0]["id"]).to be_nil expect(json_response[0]["title"]).to eq(label.title) end + + it_behaves_like 'disabled when using an external authorization service' end end diff --git a/spec/controllers/dashboard/milestones_controller_spec.rb b/spec/controllers/dashboard/milestones_controller_spec.rb index 828de0e7ca5..1614739db05 100644 --- a/spec/controllers/dashboard/milestones_controller_spec.rb +++ b/spec/controllers/dashboard/milestones_controller_spec.rb @@ -81,5 +81,11 @@ describe Dashboard::MilestonesController do expect(response.body).to include("Open\n2") expect(response.body).to include("Closed\n0") end + + context 'external authorization' do + subject { get :index } + + it_behaves_like 'disabled when using an external authorization service' + end end end diff --git a/spec/controllers/dashboard/projects_controller_spec.rb b/spec/controllers/dashboard/projects_controller_spec.rb index 649441f4917..c17cb49e460 100644 --- a/spec/controllers/dashboard/projects_controller_spec.rb +++ b/spec/controllers/dashboard/projects_controller_spec.rb @@ -1,7 +1,29 @@ require 'spec_helper' describe Dashboard::ProjectsController do - it_behaves_like 'authenticates sessionless user', :index, :atom + include ExternalAuthorizationServiceHelpers + + describe '#index' do + context 'user not logged in' do + it_behaves_like 'authenticates sessionless user', :index, :atom + end + + context 'user logged in' do + before do + sign_in create(:user) + end + + context 'external authorization' do + it 'works when the external authorization service is enabled' do + enable_external_authorization_service_check + + get :index + + expect(response).to have_gitlab_http_status(200) + end + end + end + end context 'json requests' do render_views diff --git a/spec/controllers/dashboard/todos_controller_spec.rb b/spec/controllers/dashboard/todos_controller_spec.rb index d88beaff0e1..abbf0b52306 100644 --- a/spec/controllers/dashboard/todos_controller_spec.rb +++ b/spec/controllers/dashboard/todos_controller_spec.rb @@ -105,6 +105,12 @@ describe Dashboard::TodosController do end end end + + context 'external authorization' do + subject { get :index } + + it_behaves_like 'disabled when using an external authorization service' + end end describe 'PATCH #restore' do diff --git a/spec/controllers/groups/avatars_controller_spec.rb b/spec/controllers/groups/avatars_controller_spec.rb index 772d1d0c1dd..6ececa6f372 100644 --- a/spec/controllers/groups/avatars_controller_spec.rb +++ b/spec/controllers/groups/avatars_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Groups::AvatarsController do + include ExternalAuthorizationServiceHelpers + let(:user) { create(:user) } let(:group) { create(:group, avatar: fixture_file_upload("spec/fixtures/dk.png", "image/png")) } @@ -15,4 +17,12 @@ describe Groups::AvatarsController do expect(@group.avatar.present?).to be_falsey expect(@group).to be_valid end + + it 'works when external authorization service is enabled' do + enable_external_authorization_service_check + + delete :destroy, params: { group_id: group } + + expect(response).to have_gitlab_http_status(302) + end end diff --git a/spec/controllers/groups/boards_controller_spec.rb b/spec/controllers/groups/boards_controller_spec.rb index 27ee37b3817..0ca5ce51750 100644 --- a/spec/controllers/groups/boards_controller_spec.rb +++ b/spec/controllers/groups/boards_controller_spec.rb @@ -82,6 +82,10 @@ describe Groups::BoardsController do end end + it_behaves_like 'disabled when using an external authorization service' do + subject { list_boards } + end + def list_boards(format: :html) get :index, params: { group_id: group }, format: format end @@ -160,6 +164,10 @@ describe Groups::BoardsController do end end + it_behaves_like 'disabled when using an external authorization service' do + subject { read_board board: board } + end + def read_board(board:, format: :html) get :show, params: { group_id: group, diff --git a/spec/controllers/groups/children_controller_spec.rb b/spec/controllers/groups/children_controller_spec.rb index e1b97013408..4085c8f95a9 100644 --- a/spec/controllers/groups/children_controller_spec.rb +++ b/spec/controllers/groups/children_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Groups::ChildrenController do + include ExternalAuthorizationServiceHelpers + let(:group) { create(:group, :public) } let(:user) { create(:user) } let!(:group_member) { create(:group_member, group: group, user: user) } @@ -317,5 +319,15 @@ describe Groups::ChildrenController do end end end + + context 'external authorization' do + it 'works when external authorization service is enabled' do + enable_external_authorization_service_check + + get :index, params: { group_id: group }, format: :json + + expect(response).to have_gitlab_http_status(200) + end + end end end diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb index 3a801fabafc..96a58d6d87c 100644 --- a/spec/controllers/groups/group_members_controller_spec.rb +++ b/spec/controllers/groups/group_members_controller_spec.rb @@ -1,8 +1,11 @@ require 'spec_helper' describe Groups::GroupMembersController do + include ExternalAuthorizationServiceHelpers + let(:user) { create(:user) } let(:group) { create(:group, :public, :access_requestable) } + let(:membership) { create(:group_member, group: group) } describe 'GET index' do it 'renders index with 200 status code' do @@ -263,4 +266,87 @@ describe Groups::GroupMembersController do end end end + + context 'with external authorization enabled' do + before do + enable_external_authorization_service_check + group.add_owner(user) + sign_in(user) + end + + describe 'GET #index' do + it 'is successful' do + get :index, params: { group_id: group } + + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'POST #create' do + it 'is successful' do + post :create, params: { group_id: group, users: user, access_level: Gitlab::Access::GUEST } + + expect(response).to have_gitlab_http_status(302) + end + end + + describe 'PUT #update' do + it 'is successful' do + put :update, + params: { + group_member: { access_level: Gitlab::Access::GUEST }, + group_id: group, + id: membership + }, + format: :js + + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'DELETE #destroy' do + it 'is successful' do + delete :destroy, params: { group_id: group, id: membership } + + expect(response).to have_gitlab_http_status(302) + end + end + + describe 'POST #destroy' do + it 'is successful' do + sign_in(create(:user)) + + post :request_access, params: { group_id: group } + + expect(response).to have_gitlab_http_status(302) + end + end + + describe 'POST #approve_request_access' do + it 'is successful' do + access_request = create(:group_member, :access_request, group: group) + post :approve_access_request, params: { group_id: group, id: access_request } + + expect(response).to have_gitlab_http_status(302) + end + end + + describe 'DELETE #leave' do + it 'is successful' do + group.add_owner(create(:user)) + + delete :leave, params: { group_id: group } + + expect(response).to have_gitlab_http_status(302) + end + end + + describe 'POST #resend_invite' do + it 'is successful' do + post :resend_invite, params: { group_id: group, id: membership } + + expect(response).to have_gitlab_http_status(302) + end + end + end end diff --git a/spec/controllers/groups/labels_controller_spec.rb b/spec/controllers/groups/labels_controller_spec.rb index fa664a29066..9af47114838 100644 --- a/spec/controllers/groups/labels_controller_spec.rb +++ b/spec/controllers/groups/labels_controller_spec.rb @@ -37,6 +37,12 @@ describe Groups::LabelsController do expect(label_ids).to match_array([group_label_1.title, subgroup_label_1.title]) end end + + context 'external authorization' do + subject { get :index, params: { group_id: group.to_param } } + + it_behaves_like 'disabled when using an external authorization service' + end end describe 'POST #toggle_subscription' do diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb index 043cf28514b..d70946cbc8f 100644 --- a/spec/controllers/groups/milestones_controller_spec.rb +++ b/spec/controllers/groups/milestones_controller_spec.rb @@ -80,6 +80,12 @@ describe Groups::MilestonesController do expect(response.content_type).to eq 'application/json' end end + + context 'external authorization' do + subject { get :index, params: { group_id: group.to_param } } + + it_behaves_like 'disabled when using an external authorization service' + end end describe '#show' do diff --git a/spec/controllers/groups/settings/ci_cd_controller_spec.rb b/spec/controllers/groups/settings/ci_cd_controller_spec.rb index 3290ed8b088..b998f64ef72 100644 --- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb +++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Groups::Settings::CiCdController do + include ExternalAuthorizationServiceHelpers + let(:group) { create(:group) } let(:user) { create(:user) } @@ -33,6 +35,19 @@ describe Groups::Settings::CiCdController do expect(response).to have_gitlab_http_status(404) end end + + context 'external authorization' do + before do + enable_external_authorization_service_check + group.add_owner(user) + end + + it 'renders show with 200 status code' do + get :show, params: { group_id: group } + + expect(response).to have_gitlab_http_status(200) + end + end end describe 'PUT #reset_registration_token' do diff --git a/spec/controllers/groups/variables_controller_spec.rb b/spec/controllers/groups/variables_controller_spec.rb index 29ec3588316..40f05167350 100644 --- a/spec/controllers/groups/variables_controller_spec.rb +++ b/spec/controllers/groups/variables_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Groups::VariablesController do + include ExternalAuthorizationServiceHelpers + let(:group) { create(:group) } let(:user) { create(:user) } @@ -34,4 +36,36 @@ describe Groups::VariablesController do include_examples 'PATCH #update updates variables' end + + context 'with external authorization enabled' do + before do + enable_external_authorization_service_check + end + + describe 'GET #show' do + let!(:variable) { create(:ci_group_variable, group: group) } + + it 'is successful' do + get :show, params: { group_id: group }, format: :json + + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'PATCH #update' do + let!(:variable) { create(:ci_group_variable, group: group) } + let(:owner) { group } + + it 'is successful' do + patch :update, + params: { + group_id: group, + variables_attributes: [{ id: variable.id, key: 'hello' }] + }, + format: :json + + expect(response).to have_gitlab_http_status(200) + end + end + end end diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb index 4a28a27da79..431627cf85a 100644 --- a/spec/controllers/groups_controller_spec.rb +++ b/spec/controllers/groups_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe GroupsController do + include ExternalAuthorizationServiceHelpers + let(:user) { create(:user) } let(:admin) { create(:admin) } let(:group) { create(:group, :public) } @@ -665,4 +667,98 @@ describe GroupsController do end end end + + describe 'external authorization' do + before do + group.add_owner(user) + sign_in(user) + end + + context 'with external authorization service enabled' do + before do + enable_external_authorization_service_check + end + + describe 'GET #show' do + it 'is successful' do + get :show, params: { id: group.to_param } + + expect(response).to have_gitlab_http_status(200) + end + + it 'does not allow other formats' do + get :show, params: { id: group.to_param }, format: :atom + + expect(response).to have_gitlab_http_status(403) + end + end + + describe 'GET #edit' do + it 'is successful' do + get :edit, params: { id: group.to_param } + + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'GET #new' do + it 'is successful' do + get :new + + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'GET #index' do + it 'is successful' do + get :index + + # Redirects to the dashboard + expect(response).to have_gitlab_http_status(302) + end + end + + describe 'POST #create' do + it 'creates a group' do + expect do + post :create, params: { group: { name: 'a name', path: 'a-name' } } + end.to change { Group.count }.by(1) + end + end + + describe 'PUT #update' do + it 'updates a group' do + expect do + put :update, params: { id: group.to_param, group: { name: 'world' } } + end.to change { group.reload.name } + end + end + + describe 'DELETE #destroy' do + it 'deletes the group' do + delete :destroy, params: { id: group.to_param } + + expect(response).to have_gitlab_http_status(302) + end + end + end + + describe 'GET #activity' do + subject { get :activity, params: { id: group.to_param } } + + it_behaves_like 'disabled when using an external authorization service' + end + + describe 'GET #issues' do + subject { get :issues, params: { id: group.to_param } } + + it_behaves_like 'disabled when using an external authorization service' + end + + describe 'GET #merge_requests' do + subject { get :merge_requests, params: { id: group.to_param } } + + it_behaves_like 'disabled when using an external authorization service' + end + end end diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb index 1eeded06459..b1203fd00b0 100644 --- a/spec/controllers/projects/boards_controller_spec.rb +++ b/spec/controllers/projects/boards_controller_spec.rb @@ -98,6 +98,10 @@ describe Projects::BoardsController do end end + it_behaves_like 'unauthorized when external service denies access' do + subject { list_boards } + end + def list_boards(format: :html) get :index, params: { namespace_id: project.namespace, diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index c34d7c13d57..bfa23af76d5 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -127,6 +127,17 @@ describe Projects::IssuesController do expect(assigns(:issues).size).to eq(2) end end + + context 'external authorization' do + before do + sign_in user + project.add_developer(user) + end + + it_behaves_like 'unauthorized when external service denies access' do + subject { get :index, params: { namespace_id: project.namespace, project_id: project } } + end + end end describe 'GET #new' do diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index af437c5561b..1ce06bc877c 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -1,6 +1,7 @@ require('spec_helper') describe ProjectsController do + include ExternalAuthorizationServiceHelpers include ProjectForksHelper let(:project) { create(:project) } @@ -411,6 +412,37 @@ describe ProjectsController do it_behaves_like 'updating a project' end + + context 'as maintainer' do + before do + project.add_maintainer(user) + sign_in(user) + end + + it_behaves_like 'unauthorized when external service denies access' do + subject do + put :update, + params: { + namespace_id: project.namespace, + id: project, + project: { description: 'Hello world' } + } + project.reload + end + + it 'updates when the service allows access' do + external_service_allow_access(user, project) + + expect { subject }.to change(project, :description) + end + + it 'does not update when the service rejects access' do + external_service_deny_access(user, project) + + expect { subject }.not_to change(project, :description) + end + end + end end describe '#transfer' do diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index 02a0cfe0272..752d6ae55cc 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe SearchController do + include ExternalAuthorizationServiceHelpers + let(:user) { create(:user) } before do @@ -76,4 +78,41 @@ describe SearchController do expect(assigns[:search_objects].count).to eq(0) end end + + context 'with external authorization service enabled' do + let(:project) { create(:project, namespace: user.namespace) } + let(:note) { create(:note_on_issue, project: project) } + + before do + enable_external_authorization_service_check + end + + describe 'GET #show' do + it 'renders a 403 when no project is given' do + get :show, params: { scope: 'notes', search: note.note } + + expect(response).to have_gitlab_http_status(403) + end + + it 'renders a 200 when a project was set' do + get :show, params: { project_id: project.id, scope: 'notes', search: note.note } + + expect(response).to have_gitlab_http_status(200) + end + end + + describe 'GET #autocomplete' do + it 'renders a 403 when no project is given' do + get :autocomplete, params: { term: 'hello' } + + expect(response).to have_gitlab_http_status(403) + end + + it 'renders a 200 when a project was set' do + get :autocomplete, params: { project_id: project.id, term: 'hello' } + + expect(response).to have_gitlab_http_status(200) + end + end + end end diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 4f6a6881193..42d28c53d34 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -223,6 +223,12 @@ describe UsersController do end end + context 'external authorization' do + subject { get :calendar_activities, params: { username: user.username } } + + it_behaves_like 'disabled when using an external authorization service' + end + def create_push_event push_data = Gitlab::DataBuilder::Push.build_sample(project, public_user) EventCreateService.new.push(project, public_user, push_data) @@ -286,6 +292,12 @@ describe UsersController do expect(JSON.parse(response.body)).to have_key('html') end end + + context 'external authorization' do + subject { get :snippets, params: { username: user.username } } + + it_behaves_like 'disabled when using an external authorization service' + end end describe 'GET #exists' do -- cgit v1.2.3