2020-07-28 23:09:34 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
RSpec.describe API::MergeRequestApprovals, feature_category: :source_code_management do
|
2020-07-28 23:09:34 +05:30
|
|
|
let_it_be(:user) { create(:user) }
|
2023-03-04 22:38:38 +05:30
|
|
|
let_it_be(:user2) { create(:user) }
|
|
|
|
let_it_be(:bot) { create(:user, :project_bot) }
|
2020-07-28 23:09:34 +05:30
|
|
|
let_it_be(:project) { create(:project, :public, :repository, creator: user, namespace: user.namespace) }
|
|
|
|
let_it_be(:approver) { create :user }
|
|
|
|
let_it_be(:group) { create :group }
|
|
|
|
|
|
|
|
let(:merge_request) { create(:merge_request, :simple, author: user, source_project: project) }
|
|
|
|
|
|
|
|
describe 'GET :id/merge_requests/:merge_request_iid/approvals' do
|
|
|
|
it 'retrieves the approval status' do
|
|
|
|
project.add_developer(approver)
|
|
|
|
project.add_developer(create(:user))
|
|
|
|
|
|
|
|
create(:approval, user: approver, merge_request: merge_request)
|
|
|
|
|
|
|
|
get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/approvals", user)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
2021-02-11 23:33:58 +05:30
|
|
|
|
|
|
|
context 'when merge request author has only guest access' do
|
|
|
|
it_behaves_like 'rejects user from accessing merge request info' do
|
|
|
|
let(:url) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/approvals" }
|
|
|
|
end
|
|
|
|
end
|
2020-07-28 23:09:34 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST :id/merge_requests/:merge_request_iid/approve' do
|
|
|
|
context 'as a valid approver' do
|
|
|
|
let_it_be(:approver) { create(:user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
project.add_developer(approver)
|
|
|
|
project.add_developer(create(:user))
|
|
|
|
end
|
|
|
|
|
|
|
|
def approve(extra_params = {})
|
|
|
|
post api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/approve", approver), params: extra_params
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the sha param is not set' do
|
|
|
|
it 'approves the merge request' do
|
|
|
|
approve
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:created)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the sha param is correct' do
|
|
|
|
it 'approves the merge request' do
|
|
|
|
approve(sha: merge_request.diff_head_sha)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:created)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the sha param is incorrect' do
|
|
|
|
it 'does not approve the merge request' do
|
|
|
|
approve(sha: merge_request.diff_head_sha.reverse)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:conflict)
|
|
|
|
expect(merge_request.approvals).to be_empty
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST :id/merge_requests/:merge_request_iid/unapprove' do
|
|
|
|
context 'as a user who has approved the merge request' do
|
|
|
|
it 'unapproves the merge request' do
|
|
|
|
unapprover = create(:user)
|
|
|
|
|
|
|
|
project.add_developer(approver)
|
|
|
|
project.add_developer(unapprover)
|
|
|
|
project.add_developer(create(:user))
|
|
|
|
|
|
|
|
create(:approval, user: approver, merge_request: merge_request)
|
|
|
|
create(:approval, user: unapprover, merge_request: merge_request)
|
|
|
|
|
|
|
|
post api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/unapprove", unapprover)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:created)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
describe 'PUT :id/merge_requests/:merge_request_iid/reset_approvals' do
|
|
|
|
before do
|
|
|
|
merge_request.approvals.create!(user: user2)
|
|
|
|
create(:project_member, :maintainer, user: bot, source: project)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for a bot user' do
|
|
|
|
it 'clears approvals of the merge_request' do
|
|
|
|
put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", bot)
|
|
|
|
|
|
|
|
merge_request.reload
|
|
|
|
expect(response).to have_gitlab_http_status(:accepted)
|
|
|
|
expect(merge_request.approvals).to be_empty
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when bot user approved the merge request' do
|
|
|
|
before do
|
|
|
|
merge_request.approvals.create!(user: bot)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'clears approvals of the merge_request' do
|
|
|
|
put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", bot)
|
|
|
|
|
|
|
|
merge_request.reload
|
|
|
|
expect(response).to have_gitlab_http_status(:accepted)
|
|
|
|
expect(merge_request.approvals).to be_empty
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for users with non-bot roles' do
|
|
|
|
let(:human_user) { create(:user) }
|
|
|
|
|
|
|
|
[:add_owner, :add_maintainer, :add_developer, :add_guest].each do |role_method|
|
|
|
|
it 'returns 401' do
|
|
|
|
project.send(role_method, human_user)
|
|
|
|
|
|
|
|
put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", human_user)
|
|
|
|
|
|
|
|
merge_request.reload
|
|
|
|
expect(response).to have_gitlab_http_status(:unauthorized)
|
|
|
|
expect(merge_request.approvals.pluck(:user_id)).to contain_exactly(user2.id)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for bot-users from external namespaces' do
|
|
|
|
let_it_be(:external_bot) { create(:user, :project_bot) }
|
|
|
|
|
|
|
|
context 'for external group bot-user' do
|
|
|
|
before do
|
|
|
|
create(:group_member, :maintainer, user: external_bot, source: create(:group))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 401' do
|
|
|
|
put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", external_bot)
|
|
|
|
|
|
|
|
merge_request.reload
|
|
|
|
expect(response).to have_gitlab_http_status(:unauthorized)
|
|
|
|
expect(merge_request.approvals.pluck(:user_id)).to contain_exactly(user2.id)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for external project bot-user' do
|
|
|
|
before do
|
|
|
|
create(:project_member, :maintainer, user: external_bot, source: create(:project))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 401' do
|
|
|
|
put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", external_bot)
|
|
|
|
|
|
|
|
merge_request.reload
|
|
|
|
expect(response).to have_gitlab_http_status(:unauthorized)
|
|
|
|
expect(merge_request.approvals.pluck(:user_id)).to contain_exactly(user2.id)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2020-07-28 23:09:34 +05:30
|
|
|
end
|