1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Groups::LabelsController, feature_category: :team_planning do
let_it_be(:group) { create(:group) }
let_it_be(:user) { create(:user) }
let_it_be(:another_user) { create(:user) }
let_it_be(:project) { create(:project, namespace: group) }
before do
group.add_owner(user)
sign_in(user)
end
describe 'GET #index' do
let_it_be(:label_1) { create(:label, project: project, title: 'label_1') }
let_it_be(:group_label_1) { create(:group_label, group: group, title: 'group_label_1') }
it 'returns group and project labels by default' do
get :index, params: { group_id: group }, format: :json
label_ids = json_response.map { |label| label['title'] }
expect(label_ids).to match_array([label_1.title, group_label_1.title])
end
context 'with ancestor group' do
let_it_be(:subgroup) { create(:group, parent: group) }
let_it_be(:subgroup_label_1) { create(:group_label, group: subgroup, title: 'subgroup_label_1') }
before do
subgroup.add_owner(user)
end
it 'returns ancestor group labels' do
params = { group_id: subgroup, only_group_labels: true }
get :index, params: params, format: :json
label_ids = json_response.map { |label| label['title'] }
expect(label_ids).to match_array([group_label_1.title, subgroup_label_1.title])
end
end
context 'external authorization' do
subject { get :index, params: { group_id: group.to_param } }
it_behaves_like 'disabled when using an external authorization service'
end
context 'with views rendered' do
render_views
before do
get :index, params: { group_id: group.to_param }
end
it 'avoids N+1 queries', :use_clean_rails_redis_caching do
control = ActiveRecord::QueryRecorder.new(skip_cached: false) { get :index, params: { group_id: group.to_param } }
create_list(:group_label, 3, group: group)
# some n+1 queries still exist
expect { get :index, params: { group_id: group.to_param } }.not_to exceed_all_query_limit(control.count).with_threshold(10)
expect(assigns(:labels).count).to eq(4)
end
end
end
shared_examples 'when current_user does not have ability to modify the label' do
before do
sign_in(another_user)
end
it 'responds with status 404' do
group_request
expect(response).to have_gitlab_http_status(:not_found)
end
# No matter what permissions you have in a sub-group, you need the proper
# permissions in the group in order to modify a group label
# See https://gitlab.com/gitlab-org/gitlab/-/issues/387531
context 'when trying to edit a parent group label from inside a subgroup' do
it 'responds with status 404' do
sub_group.add_owner(another_user)
sub_group_request
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
describe 'GET #edit' do
let_it_be(:label) { create(:group_label, group: group) }
it 'shows the edit page' do
get :edit, params: { group_id: group.to_param, id: label.to_param }
expect(response).to have_gitlab_http_status(:ok)
end
it_behaves_like 'when current_user does not have ability to modify the label' do
let_it_be(:sub_group) { create(:group, parent: group) }
let(:group_request) { get :edit, params: { group_id: group.to_param, id: label.to_param } }
let(:sub_group_request) { get :edit, params: { group_id: sub_group.to_param, id: label.to_param } }
end
end
describe 'POST #toggle_subscription' do
it 'allows user to toggle subscription on group labels' do
label = create(:group_label, group: group)
post :toggle_subscription, params: { group_id: group.to_param, id: label.to_param }
expect(response).to have_gitlab_http_status(:ok)
end
end
describe 'DELETE #destroy' do
context 'when current user has ability to destroy the label' do
before do
sign_in(user)
end
it 'removes the label' do
label = create(:group_label, group: group)
delete :destroy, params: { group_id: group.to_param, id: label.to_param }
expect { label.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
it 'does not remove the label if it is locked' do
label = create(:group_label, group: group, lock_on_merge: true)
delete :destroy, params: { group_id: group.to_param, id: label.to_param }
expect(label.reload).to eq label
end
context 'when label is succesfuly destroyed' do
it 'redirects to the group labels page' do
label = create(:group_label, group: group)
delete :destroy, params: { group_id: group.to_param, id: label.to_param }
expect(response).to redirect_to(group_labels_path)
end
end
end
it_behaves_like 'when current_user does not have ability to modify the label' do
let_it_be(:label) { create(:group_label, group: group) }
let_it_be(:sub_group) { create(:group, parent: group) }
let(:group_request) { delete :destroy, params: { group_id: group.to_param, id: label.to_param } }
let(:sub_group_request) { delete :destroy, params: { group_id: sub_group.to_param, id: label.to_param } }
end
end
describe 'PUT #update' do
it_behaves_like 'when current_user does not have ability to modify the label' do
let_it_be(:label) { create(:group_label, group: group) }
let_it_be(:sub_group) { create(:group, parent: group) }
let(:group_request) { put :update, params: { group_id: group.to_param, id: label.to_param, label: { title: 'Test' } } }
let(:sub_group_request) { put :update, params: { group_id: sub_group.to_param, id: label.to_param, label: { title: 'Test' } } }
end
end
end
|
