debian-mirror-gitlab/spec/controllers/groups/group_members_controller_spec.rb

496 lines
14 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2016-06-02 11:05:42 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe Groups::GroupMembersController do
2019-07-07 11:18:12 +05:30
include ExternalAuthorizationServiceHelpers
2020-01-01 13:55:28 +05:30
let(:user) { create(:user) }
2019-12-21 20:55:43 +05:30
let(:group) { create(:group, :public) }
2019-07-07 11:18:12 +05:30
let(:membership) { create(:group_member, group: group) }
2016-06-02 11:05:42 +05:30
2017-08-17 22:00:37 +05:30
describe 'GET index' do
it 'renders index with 200 status code' do
2019-02-15 15:39:39 +05:30
get :index, params: { group_id: group }
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2016-06-02 11:05:42 +05:30
expect(response).to render_template(:index)
end
2019-10-12 21:52:04 +05:30
context 'user with owner access' do
let!(:invited) { create_list(:group_member, 3, :invited, group: group) }
before do
group.add_owner(user)
sign_in(user)
end
it 'assigns invited members' do
get :index, params: { group_id: group }
expect(assigns(:invited_members).map(&:invite_email)).to match_array(invited.map(&:invite_email))
end
2020-03-13 15:44:24 +05:30
it 'assigns skip groups' do
get :index, params: { group_id: group }
expect(assigns(:skip_groups)).to match_array(group.related_group_ids)
end
2019-10-12 21:52:04 +05:30
it 'restricts search to one email' do
get :index, params: { group_id: group, search_invited: invited.first.invite_email }
expect(assigns(:invited_members).map(&:invite_email)).to match_array(invited.first.invite_email)
end
it 'paginates invited list' do
stub_const('Groups::GroupMembersController::MEMBER_PER_PAGE_LIMIT', 2)
get :index, params: { group_id: group, invited_members_page: 1 }
expect(assigns(:invited_members).count).to eq(2)
get :index, params: { group_id: group, invited_members_page: 2 }
expect(assigns(:invited_members).count).to eq(1)
end
end
2020-01-01 13:55:28 +05:30
context 'when user has owner access to subgroup' do
let(:nested_group) { create(:group, parent: group) }
let(:nested_group_user) { create(:user) }
before do
group.add_owner(user)
nested_group.add_owner(nested_group_user)
sign_in(user)
end
it 'lists inherited group members by default' do
get :index, params: { group_id: nested_group }
expect(assigns(:members).map(&:user_id)).to contain_exactly(user.id, nested_group_user.id)
end
it 'lists direct group members only' do
get :index, params: { group_id: nested_group, with_inherited_permissions: 'exclude' }
expect(assigns(:members).map(&:user_id)).to contain_exactly(nested_group_user.id)
end
it 'lists inherited group members only' do
get :index, params: { group_id: nested_group, with_inherited_permissions: 'only' }
expect(assigns(:members).map(&:user_id)).to contain_exactly(user.id)
end
end
2016-06-02 11:05:42 +05:30
end
2017-08-17 22:00:37 +05:30
describe 'POST create' do
let(:group_user) { create(:user) }
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
2017-08-17 22:00:37 +05:30
context 'when user does not have enough rights' do
2017-09-10 17:25:29 +05:30
before do
group.add_developer(user)
end
it 'returns 403' do
2019-02-15 15:39:39 +05:30
post :create, params: {
group_id: group,
user_ids: group_user.id,
access_level: Gitlab::Access::GUEST
}
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2017-08-17 22:00:37 +05:30
expect(group.users).not_to include group_user
end
end
2017-08-17 22:00:37 +05:30
context 'when user has enough rights' do
2017-09-10 17:25:29 +05:30
before do
group.add_owner(user)
end
2017-08-17 22:00:37 +05:30
it 'adds user to members' do
2019-02-15 15:39:39 +05:30
post :create, params: {
group_id: group,
user_ids: group_user.id,
access_level: Gitlab::Access::GUEST
}
2017-08-17 22:00:37 +05:30
expect(response).to set_flash.to 'Users were successfully added.'
expect(response).to redirect_to(group_group_members_path(group))
expect(group.users).to include group_user
end
2017-08-17 22:00:37 +05:30
it 'adds no user to members' do
2019-02-15 15:39:39 +05:30
post :create, params: {
group_id: group,
user_ids: '',
access_level: Gitlab::Access::GUEST
}
2017-08-17 22:00:37 +05:30
expect(response).to set_flash.to 'No users specified.'
expect(response).to redirect_to(group_group_members_path(group))
expect(group.users).not_to include group_user
end
end
2020-10-04 03:57:07 +05:30
context 'access expiry date' do
before do
group.add_owner(user)
end
subject do
post :create, params: {
group_id: group,
user_ids: group_user.id,
access_level: Gitlab::Access::GUEST,
expires_at: expires_at
}
end
context 'when set to a date in the past' do
let(:expires_at) { 2.days.ago }
it 'does not add user to members' do
subject
expect(flash[:alert]).to include('Expires at cannot be a date in the past')
expect(response).to redirect_to(group_group_members_path(group))
expect(group.users).not_to include group_user
end
end
context 'when set to a date in the future' do
let(:expires_at) { 5.days.from_now }
it 'adds user to members' do
subject
expect(response).to set_flash.to 'Users were successfully added.'
expect(response).to redirect_to(group_group_members_path(group))
expect(group.users).to include group_user
end
end
end
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
describe 'PUT update' do
let(:requester) { create(:group_member, :access_request, group: group) }
before do
group.add_owner(user)
sign_in(user)
end
2020-10-04 03:57:07 +05:30
context 'access level' do
Gitlab::Access.options.each do |label, value|
it "can change the access level to #{label}" do
put :update, params: {
group_member: { access_level: value },
group_id: group,
id: requester
}, xhr: true
expect(requester.reload.human_access).to eq(label)
end
end
end
context 'access expiry date' do
subject do
put :update, xhr: true, params: {
group_member: {
expires_at: expires_at
},
group_id: group,
id: requester
}
end
2018-03-17 18:26:18 +05:30
2020-10-04 03:57:07 +05:30
context 'when set to a date in the past' do
let(:expires_at) { 2.days.ago }
it 'does not update the member' do
subject
expect(requester.reload.expires_at).not_to eq(expires_at.to_date)
end
end
context 'when set to a date in the future' do
let(:expires_at) { 5.days.from_now }
it 'updates the member' do
subject
expect(requester.reload.expires_at).to eq(expires_at.to_date)
end
2018-03-17 18:26:18 +05:30
end
end
end
2017-08-17 22:00:37 +05:30
describe 'DELETE destroy' do
let(:member) { create(:group_member, :developer, group: group) }
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
2017-08-17 22:00:37 +05:30
context 'when member is not found' do
it 'returns 403' do
2019-02-15 15:39:39 +05:30
delete :destroy, params: { group_id: group, id: 42 }
2017-08-17 22:00:37 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2017-08-17 22:00:37 +05:30
end
end
context 'when member is found' do
context 'when user does not have enough rights' do
2017-09-10 17:25:29 +05:30
before do
group.add_developer(user)
end
it 'returns 403' do
2019-02-15 15:39:39 +05:30
delete :destroy, params: { group_id: group, id: member }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2017-08-17 22:00:37 +05:30
expect(group.members).to include member
end
end
context 'when user has enough rights' do
2017-09-10 17:25:29 +05:30
before do
group.add_owner(user)
end
it '[HTML] removes user from members' do
2019-02-15 15:39:39 +05:30
delete :destroy, params: { group_id: group, id: member }
2019-01-03 12:48:30 +05:30
expect(response).to set_flash.to 'User was successfully removed from group and any subresources.'
expect(response).to redirect_to(group_group_members_path(group))
2017-08-17 22:00:37 +05:30
expect(group.members).not_to include member
end
it '[JS] removes user from members' do
2019-02-15 15:39:39 +05:30
delete :destroy, params: { group_id: group, id: member }, xhr: true
2019-12-04 20:38:33 +05:30
expect(response).to be_successful
2017-08-17 22:00:37 +05:30
expect(group.members).not_to include member
end
end
end
end
2017-08-17 22:00:37 +05:30
describe 'DELETE leave' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
context 'when member is not found' do
2016-11-03 12:29:30 +05:30
it 'returns 404' do
2019-02-15 15:39:39 +05:30
delete :leave, params: { group_id: group }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when member is found' do
context 'and is not an owner' do
2017-09-10 17:25:29 +05:30
before do
group.add_developer(user)
end
it 'removes user from members' do
2019-02-15 15:39:39 +05:30
delete :leave, params: { group_id: group }
expect(response).to set_flash.to "You left the \"#{group.name}\" group."
expect(response).to redirect_to(dashboard_groups_path)
expect(group.users).not_to include user
end
2017-09-10 17:25:29 +05:30
it 'supports json request' do
2019-02-15 15:39:39 +05:30
delete :leave, params: { group_id: group }, format: :json
2017-09-10 17:25:29 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2017-09-10 17:25:29 +05:30
expect(json_response['notice']).to eq "You left the \"#{group.name}\" group."
end
end
context 'and is an owner' do
2017-09-10 17:25:29 +05:30
before do
group.add_owner(user)
end
it 'cannot removes himself from the group' do
2019-02-15 15:39:39 +05:30
delete :leave, params: { group_id: group }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'and is a requester' do
2017-09-10 17:25:29 +05:30
before do
group.request_access(user)
end
it 'removes user from members' do
2019-02-15 15:39:39 +05:30
delete :leave, params: { group_id: group }
expect(response).to set_flash.to 'Your access request to the group has been withdrawn.'
2016-08-24 12:49:21 +05:30
expect(response).to redirect_to(group_path(group))
expect(group.requesters).to be_empty
expect(group.users).not_to include user
end
end
end
end
2017-08-17 22:00:37 +05:30
describe 'POST request_access' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
it 'creates a new GroupMember that is not a team member' do
2019-02-15 15:39:39 +05:30
post :request_access, params: { group_id: group }
expect(response).to set_flash.to 'Your request for access has been queued for review.'
expect(response).to redirect_to(group_path(group))
2016-08-24 12:49:21 +05:30
expect(group.requesters.exists?(user_id: user)).to be_truthy
expect(group.users).not_to include user
end
end
2017-08-17 22:00:37 +05:30
describe 'POST approve_access_request' do
let(:member) { create(:group_member, :access_request, group: group) }
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
context 'when member is not found' do
it 'returns 403' do
2019-02-15 15:39:39 +05:30
post :approve_access_request, params: { group_id: group, id: 42 }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'when member is found' do
context 'when user does not have enough rights' do
2017-09-10 17:25:29 +05:30
before do
group.add_developer(user)
end
it 'returns 403' do
2019-02-15 15:39:39 +05:30
post :approve_access_request, params: { group_id: group, id: member }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2017-08-17 22:00:37 +05:30
expect(group.members).not_to include member
end
end
context 'when user has enough rights' do
2017-09-10 17:25:29 +05:30
before do
group.add_owner(user)
end
it 'adds user to members' do
2019-02-15 15:39:39 +05:30
post :approve_access_request, params: { group_id: group, id: member }
expect(response).to redirect_to(group_group_members_path(group))
2017-08-17 22:00:37 +05:30
expect(group.members).to include member
end
end
end
end
2019-07-07 11:18:12 +05:30
context 'with external authorization enabled' do
before do
enable_external_authorization_service_check
group.add_owner(user)
sign_in(user)
end
describe 'GET #index' do
it 'is successful' do
get :index, params: { group_id: group }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-07-07 11:18:12 +05:30
end
end
describe 'POST #create' do
it 'is successful' do
post :create, params: { group_id: group, users: user, access_level: Gitlab::Access::GUEST }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2019-07-07 11:18:12 +05:30
end
end
describe 'PUT #update' do
it 'is successful' do
put :update,
params: {
group_member: { access_level: Gitlab::Access::GUEST },
group_id: group,
id: membership
},
format: :js
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-07-07 11:18:12 +05:30
end
end
describe 'DELETE #destroy' do
it 'is successful' do
delete :destroy, params: { group_id: group, id: membership }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2019-07-07 11:18:12 +05:30
end
end
describe 'POST #destroy' do
it 'is successful' do
sign_in(create(:user))
post :request_access, params: { group_id: group }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2019-07-07 11:18:12 +05:30
end
end
describe 'POST #approve_request_access' do
it 'is successful' do
access_request = create(:group_member, :access_request, group: group)
post :approve_access_request, params: { group_id: group, id: access_request }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2019-07-07 11:18:12 +05:30
end
end
describe 'DELETE #leave' do
it 'is successful' do
group.add_owner(create(:user))
delete :leave, params: { group_id: group }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2019-07-07 11:18:12 +05:30
end
end
describe 'POST #resend_invite' do
it 'is successful' do
post :resend_invite, params: { group_id: group, id: membership }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2019-07-07 11:18:12 +05:30
end
end
end
2016-06-02 11:05:42 +05:30
end