1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
require 'spec_helper'
describe Gitlab::API do
include ApiHelpers
let(:user1) { create(:user) }
let(:user2) { create(:user) }
let(:admin) { create(:admin) }
let!(:group1) { create(:group, owner: user1) }
let!(:group2) { create(:group, owner: user2) }
describe "GET /groups" do
context "when unauthenticated" do
it "should return authentication error" do
get api("/groups")
response.status.should == 401
end
end
context "when authenticated as user" do
it "normal user: should return an array of groups of user1" do
get api("/groups", user1)
response.status.should == 200
json_response.should be_an Array
json_response.length.should == 1
json_response.first['name'].should == group1.name
end
end
context "when authenticated as admin" do
it "admin: should return an array of all groups" do
get api("/groups", admin)
response.status.should == 200
json_response.should be_an Array
json_response.length.should == 2
end
end
end
describe "GET /groups/:id" do
context "when authenticated as user" do
it "should return one of user1's groups" do
get api("/groups/#{group1.id}", user1)
response.status.should == 200
json_response['name'] == group1.name
end
it "should not return a non existing group" do
get api("/groups/1328", user1)
response.status.should == 404
end
it "should not return a group not attached to user1" do
get api("/groups/#{group2.id}", user1)
response.status.should == 404
end
end
context "when authenticated as admin" do
it "should return any existing group" do
get api("/groups/#{group2.id}", admin)
response.status.should == 200
json_response['name'] == group2.name
end
it "should not return a non existing group" do
get api("/groups/1328", admin)
response.status.should == 404
end
end
end
describe "POST /groups" do
context "when authenticated as user" do
it "should not create group" do
post api("/groups", user1), attributes_for(:group)
response.status.should == 403
end
end
context "when authenticated as admin" do
it "should create group" do
post api("/groups", admin), attributes_for(:group)
response.status.should == 201
end
it "should not create group, duplicate" do
post api("/groups", admin), {:name => "Duplicate Test", :path => group2.path}
response.status.should == 404
end
end
end
end
|