From 1bde803c0dc057fefff36be2104c0ae6b5cb1336 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 2 Mar 2023 00:18:50 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee

---
 spec/requests/api/ci/jobs_spec.rb | 40 +++++++++++++++++----------------------
 1 file changed, 17 insertions(+), 23 deletions(-)

(limited to 'spec/requests')

diff --git a/spec/requests/api/ci/jobs_spec.rb b/spec/requests/api/ci/jobs_spec.rb
index 10dd9c3b556..8b3ec59b785 100644
--- a/spec/requests/api/ci/jobs_spec.rb
+++ b/spec/requests/api/ci/jobs_spec.rb
@@ -750,11 +750,7 @@ RSpec.describe API::Ci::Jobs, feature_category: :continuous_integration do
       end
     end
 
-    context 'when ci_debug_trace is set to true' do
-      before_all do
-        create(:ci_instance_variable, key: 'CI_DEBUG_TRACE', value: true)
-      end
-
+    shared_examples_for "additional access criteria" do
       where(:public_builds, :user_project_role, :expected_status) do
         true         | 'developer'     | :ok
         true         | 'guest'         | :forbidden
@@ -776,30 +772,28 @@ RSpec.describe API::Ci::Jobs, feature_category: :continuous_integration do
       end
     end
 
-    context 'when ci_debug_services is set to true' do
-      before_all do
-        create(:ci_instance_variable, key: 'CI_DEBUG_SERVICES', value: true)
+    describe 'when metadata debug_trace_enabled is set to true' do
+      before do
+        job.metadata.update!(debug_trace_enabled: true)
       end
 
-      where(:public_builds, :user_project_role, :expected_status) do
-        true         | 'developer'     | :ok
-        true         | 'guest'         | :forbidden
-        false        | 'developer'     | :ok
-        false        | 'guest'         | :forbidden
-      end
+      it_behaves_like "additional access criteria"
+    end
 
-      with_them do
-        before do
-          project.update!(public_builds: public_builds)
-          project.add_role(user, user_project_role)
+    context 'when ci_debug_trace is set to true' do
+      before_all do
+        create(:ci_instance_variable, key: 'CI_DEBUG_TRACE', value: true)
+      end
 
-          get api("/projects/#{project.id}/jobs/#{job.id}/trace", api_user)
-        end
+      it_behaves_like "additional access criteria"
+    end
 
-        it 'renders successfully to authorized users' do
-          expect(response).to have_gitlab_http_status(expected_status)
-        end
+    context 'when ci_debug_services is set to true' do
+      before_all do
+        create(:ci_instance_variable, key: 'CI_DEBUG_SERVICES', value: true)
       end
+
+      it_behaves_like "additional access criteria"
     end
   end
 
-- 
cgit v1.2.3