78 lines
2.5 KiB
Ruby
78 lines
2.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe Users::RejectService, feature_category: :user_management do
|
|
let_it_be(:current_user) { create(:admin) }
|
|
|
|
let(:user) { create(:user, :blocked_pending_approval) }
|
|
|
|
subject(:execute) { described_class.new(current_user).execute(user) }
|
|
|
|
describe '#execute' do
|
|
context 'failures' do
|
|
context 'when the executor user is not allowed to reject users' do
|
|
let(:current_user) { create(:user) }
|
|
|
|
it 'returns error result' do
|
|
expect(subject[:status]).to eq(:error)
|
|
expect(subject[:message]).to match(/You are not allowed to reject a user/)
|
|
end
|
|
end
|
|
|
|
context 'when the executor user is an admin in admin mode', :enable_admin_mode do
|
|
context 'when user is not in pending approval state' do
|
|
let(:user) { create(:user, state: 'active') }
|
|
|
|
it 'returns error result' do
|
|
expect(subject[:status]).to eq(:error)
|
|
expect(subject[:message])
|
|
.to match(/User does not have a pending request/)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'success' do
|
|
context 'when the executor user is an admin in admin mode', :enable_admin_mode do
|
|
it 'initiates user removal', :sidekiq_inline do
|
|
subject
|
|
|
|
expect(subject[:status]).to eq(:success)
|
|
expect(
|
|
Users::GhostUserMigration.where(user: user,
|
|
initiator_user: current_user)
|
|
).to be_exists
|
|
end
|
|
|
|
it 'emails the user on rejection' do
|
|
expect_next_instance_of(NotificationService) do |notification|
|
|
allow(notification).to receive(:user_admin_rejection).with(user.name, user.notification_email_or_default)
|
|
end
|
|
|
|
subject
|
|
end
|
|
|
|
it 'logs rejection in application logs' do
|
|
allow(Gitlab::AppLogger).to receive(:info)
|
|
|
|
subject
|
|
|
|
expect(Gitlab::AppLogger).to have_received(:info).with(message: "User instance access request rejected", user: user.username.to_s, email: user.email.to_s, rejected_by: current_user.username.to_s, ip_address: current_user.current_sign_in_ip.to_s)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'audit events' do
|
|
context 'when not licensed' do
|
|
before do
|
|
stub_licensed_features(admin_audit_log: false)
|
|
end
|
|
|
|
it 'does not log any audit event' do
|
|
expect { subject }.not_to change(AuditEvent, :count)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|