debian-mirror-gitlab/spec/requests/api/groups_spec.rb

295 lines
8.9 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
require 'spec_helper'
describe API::API, api: true do
include ApiHelpers
2015-09-11 14:41:01 +05:30
let(:user1) { create(:user, can_create_group: false) }
2014-09-02 18:07:02 +05:30
let(:user2) { create(:user) }
2015-09-11 14:41:01 +05:30
let(:user3) { create(:user) }
2014-09-02 18:07:02 +05:30
let(:admin) { create(:admin) }
2015-09-11 14:41:01 +05:30
let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
2016-06-02 11:05:42 +05:30
let!(:group2) { create(:group, :private) }
2015-12-23 02:04:40 +05:30
let!(:project1) { create(:project, namespace: group1) }
let!(:project2) { create(:project, namespace: group2) }
2014-09-02 18:07:02 +05:30
before do
group1.add_owner(user1)
group2.add_owner(user2)
end
describe "GET /groups" do
context "when unauthenticated" do
it "should return authentication error" do
get api("/groups")
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(401)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as user" do
it "normal user: should return an array of groups of user1" do
get api("/groups", user1)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(group1.name)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as admin" do
it "admin: should return an array of all groups" do
get api("/groups", admin)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(2)
2014-09-02 18:07:02 +05:30
end
end
end
describe "GET /groups/:id" do
context "when authenticated as user" do
it "should return one of user1's groups" do
get api("/groups/#{group1.id}", user1)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(200)
2014-09-02 18:07:02 +05:30
json_response['name'] == group1.name
end
it "should not return a non existing group" do
get api("/groups/1328", user1)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(404)
2014-09-02 18:07:02 +05:30
end
it "should not return a group not attached to user1" do
get api("/groups/#{group2.id}", user1)
2016-06-02 11:05:42 +05:30
expect(response.status).to eq(404)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as admin" do
it "should return any existing group" do
get api("/groups/#{group2.id}", admin)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(200)
2015-12-23 02:04:40 +05:30
expect(json_response['name']).to eq(group2.name)
2014-09-02 18:07:02 +05:30
end
it "should not return a non existing group" do
get api("/groups/1328", admin)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(404)
end
end
context 'when using group path in URL' do
it 'should return any existing group' do
get api("/groups/#{group1.path}", admin)
expect(response.status).to eq(200)
2015-12-23 02:04:40 +05:30
expect(json_response['name']).to eq(group1.name)
2015-04-26 12:48:37 +05:30
end
it 'should not return a non existing group' do
get api('/groups/unknown', admin)
expect(response.status).to eq(404)
end
it 'should not return a group not attached to user1' do
get api("/groups/#{group2.path}", user1)
2016-06-02 11:05:42 +05:30
expect(response.status).to eq(404)
end
end
end
describe 'PUT /groups/:id' do
let(:new_group_name) { 'New Group'}
context 'when authenticated as the group owner' do
it 'updates the group' do
put api("/groups/#{group1.id}", user1), name: new_group_name
expect(response.status).to eq(200)
expect(json_response['name']).to eq(new_group_name)
end
it 'returns 404 for a non existing group' do
put api('/groups/1328', user1)
expect(response.status).to eq(404)
end
end
context 'when authenticated as the admin' do
it 'updates the group' do
put api("/groups/#{group1.id}", admin), name: new_group_name
expect(response.status).to eq(200)
expect(json_response['name']).to eq(new_group_name)
end
end
context 'when authenticated as an user that can see the group' do
it 'does not updates the group' do
put api("/groups/#{group1.id}", user2), name: new_group_name
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(403)
2014-09-02 18:07:02 +05:30
end
end
2016-06-02 11:05:42 +05:30
context 'when authenticated as an user that cannot see the group' do
it 'returns 404 when trying to update the group' do
put api("/groups/#{group2.id}", user1), name: new_group_name
expect(response.status).to eq(404)
end
end
2014-09-02 18:07:02 +05:30
end
2015-12-23 02:04:40 +05:30
describe "GET /groups/:id/projects" do
context "when authenticated as user" do
it "should return the group's projects" do
get api("/groups/#{group1.id}/projects", user1)
expect(response.status).to eq(200)
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project1.name)
end
it "should not return a non existing group" do
get api("/groups/1328/projects", user1)
expect(response.status).to eq(404)
end
it "should not return a group not attached to user1" do
get api("/groups/#{group2.id}/projects", user1)
2016-06-02 11:05:42 +05:30
expect(response.status).to eq(404)
2015-12-23 02:04:40 +05:30
end
end
context "when authenticated as admin" do
it "should return any existing group" do
get api("/groups/#{group2.id}/projects", admin)
expect(response.status).to eq(200)
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project2.name)
end
it "should not return a non existing group" do
get api("/groups/1328/projects", admin)
expect(response.status).to eq(404)
end
end
context 'when using group path in URL' do
it 'should return any existing group' do
get api("/groups/#{group1.path}/projects", admin)
expect(response.status).to eq(200)
expect(json_response.first['name']).to eq(project1.name)
end
it 'should not return a non existing group' do
get api('/groups/unknown/projects', admin)
expect(response.status).to eq(404)
end
it 'should not return a group not attached to user1' do
get api("/groups/#{group2.path}/projects", user1)
2016-06-02 11:05:42 +05:30
expect(response.status).to eq(404)
2015-12-23 02:04:40 +05:30
end
end
end
2014-09-02 18:07:02 +05:30
describe "POST /groups" do
2015-09-11 14:41:01 +05:30
context "when authenticated as user without group permissions" do
2014-09-02 18:07:02 +05:30
it "should not create group" do
post api("/groups", user1), attributes_for(:group)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(403)
2014-09-02 18:07:02 +05:30
end
end
2015-09-11 14:41:01 +05:30
context "when authenticated as user with group permissions" do
2014-09-02 18:07:02 +05:30
it "should create group" do
2015-09-11 14:41:01 +05:30
post api("/groups", user3), attributes_for(:group)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(201)
2014-09-02 18:07:02 +05:30
end
it "should not create group, duplicate" do
2015-09-11 14:41:01 +05:30
post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(400)
expect(response.message).to eq("Bad Request")
2014-09-02 18:07:02 +05:30
end
it "should return 400 bad request error if name not given" do
2015-09-11 14:41:01 +05:30
post api("/groups", user3), { path: group2.path }
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(400)
2014-09-02 18:07:02 +05:30
end
it "should return 400 bad request error if path not given" do
2015-09-11 14:41:01 +05:30
post api("/groups", user3), { name: 'test' }
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(400)
2014-09-02 18:07:02 +05:30
end
end
end
describe "DELETE /groups/:id" do
context "when authenticated as user" do
it "should remove group" do
delete api("/groups/#{group1.id}", user1)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(200)
2014-09-02 18:07:02 +05:30
end
it "should not remove a group if not an owner" do
2015-09-11 14:41:01 +05:30
user4 = create(:user)
group1.add_master(user4)
2014-09-02 18:07:02 +05:30
delete api("/groups/#{group1.id}", user3)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(403)
2014-09-02 18:07:02 +05:30
end
it "should not remove a non existing group" do
delete api("/groups/1328", user1)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(404)
2014-09-02 18:07:02 +05:30
end
it "should not remove a group not attached to user1" do
delete api("/groups/#{group2.id}", user1)
2016-06-02 11:05:42 +05:30
expect(response.status).to eq(404)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as admin" do
it "should remove any existing group" do
delete api("/groups/#{group2.id}", admin)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(200)
2014-09-02 18:07:02 +05:30
end
it "should not remove a non existing group" do
delete api("/groups/1328", admin)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(404)
2014-09-02 18:07:02 +05:30
end
end
end
describe "POST /groups/:id/projects/:project_id" do
let(:project) { create(:project) }
before(:each) do
2015-09-11 14:41:01 +05:30
allow_any_instance_of(Projects::TransferService).
to receive(:execute).and_return(true)
2015-04-26 12:48:37 +05:30
allow(Project).to receive(:find).and_return(project)
2014-09-02 18:07:02 +05:30
end
context "when authenticated as user" do
it "should not transfer project to group" do
post api("/groups/#{group1.id}/projects/#{project.id}", user2)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(403)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as admin" do
it "should transfer project to group" do
post api("/groups/#{group1.id}/projects/#{project.id}", admin)
2015-04-26 12:48:37 +05:30
expect(response.status).to eq(201)
2014-09-02 18:07:02 +05:30
end
end
end
end