debian-mirror-gitlab/spec/controllers/projects/security/configuration_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

67 lines
1.9 KiB
Ruby
Raw Permalink Normal View History

2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Security::ConfigurationController do
let(:project) { create(:project, :public) }
let(:user) { create(:user) }
before do
allow(controller).to receive(:ensure_security_and_compliance_enabled!)
sign_in(user)
end
describe 'GET show' do
2021-04-17 20:07:23 +05:30
context 'when user has guest access' do
2021-03-11 19:13:27 +05:30
before do
2021-04-17 20:07:23 +05:30
project.add_guest(user)
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
it 'denies access' do
2021-03-11 19:13:27 +05:30
get :show, params: { namespace_id: project.namespace, project_id: project }
2021-04-17 20:07:23 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2021-03-11 19:13:27 +05:30
end
end
2021-04-17 20:07:23 +05:30
context 'when user has developer access' do
before do
project.add_developer(user)
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
it 'grants access' do
get :show, params: { namespace_id: project.namespace, project_id: project }
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:show)
2021-03-11 19:13:27 +05:30
end
2022-03-02 08:16:31 +05:30
it 'responds with configuration data json' do
get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
features = json_response['features']
sast_feature = features.find { |feature| feature['type'] == 'sast' }
dast_feature = features.find { |feature| feature['type'] == 'dast' }
expect(response).to have_gitlab_http_status(:ok)
expect(sast_feature['available']).to be_truthy
expect(dast_feature['available']).to be_falsey
end
context 'with feature flag unify_security_configuration turned off' do
before do
stub_feature_flags(unify_security_configuration: false)
end
it 'responds with empty configuration data json' do
get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to be_empty
end
end
2021-03-11 19:13:27 +05:30
end
end
end