From e12f099f39ef8fb81f9b91612f8b35aefba7347c Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 3 Dec 2021 10:05:41 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee

---
 spec/requests/api/lint_spec.rb | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'spec/requests')

diff --git a/spec/requests/api/lint_spec.rb b/spec/requests/api/lint_spec.rb
index ac30da99afe..0e83b964121 100644
--- a/spec/requests/api/lint_spec.rb
+++ b/spec/requests/api/lint_spec.rb
@@ -26,6 +26,35 @@ RSpec.describe API::Lint do
           expect(response).to have_gitlab_http_status(:ok)
         end
       end
+
+      context 'when authenticated as external user' do
+        let(:project) { create(:project) }
+        let(:api_user) { create(:user, :external) }
+
+        context 'when reporter in a project' do
+          before do
+            project.add_reporter(api_user)
+          end
+
+          it 'returns authorization failure' do
+            post api('/ci/lint', api_user), params: { content: 'content' }
+
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+
+        context 'when developer in a project' do
+          before do
+            project.add_developer(api_user)
+          end
+
+          it 'returns authorization success' do
+            post api('/ci/lint', api_user), params: { content: 'content' }
+
+            expect(response).to have_gitlab_http_status(:ok)
+          end
+        end
+      end
     end
 
     context 'when signup is enabled and not limited' do
-- 
cgit v1.2.3